I have been having intermittent performance problems on my Win7 SP1 64 bit HP notebook. Sometimes while idle, and sometimes during work, the CPU load will increase and I can't get a clear idea of where the increase is coming from. It affects the responsiveness and speed of browsers and applications.
I have done some work to improve performance: disabled some unneeded services, reset my Firefox profile, disabled MSE real time protection so that it doesn't conflict with Norton Internet Security 2012. Nonetheless the slow responsiveness continues.
This machine is not used for email.
Any help you can provide will be greatly appreciated.
Logs attached:
=================== TSG SysInfo ====================
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8139 Mb
Graphics Card: Mobile Intel(R) HD Graphics, -250 Mb
Hard Drives: C: Total - 1199469 MB, Free - 1030336 MB; D: Total - 21183 MB, Free - 3082 MB;
Motherboard: Hewlett-Packard, 159B
Antivirus: Microsoft Security Essentials, Disabled
==> Note: MSE is disabled to avoid conflicts with Norton Internet Security 2012
===========================================
=============== HiJackThis log ==================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:51 AM, on 6/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Users\Eric\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL
O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\PROGRA~2\Nuance\NATURA~1\Program\ieShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd...detect1261.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2013/01/21 09:46:38 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Documention Flash Card Detection Service (hpdoccardsvc) - Hewlett-Packard Developement Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 17137 bytes
===========================================
======== dds.txt =============================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Eric at 10:27:07 on 2013-06-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.5582 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{41B387F7-1A7E-411C-B249-F73BA5452141} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{41B387F7-1A7E-411C-B249-F73BA5452141}\25D474034354E465E4875374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{41B387F7-1A7E-411C-B249-F73BA5452141}\54D4E4F5844534 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8FE69542-4C35-4070-AFF3-8F276922FF51} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8jbuks1x.default\
FF - prefs.js: browser.startup.homepage - hxxp://global.nytimes.com/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8jbuks1x.default\ext ensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8jbuks1x.default\ext ensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8jbuks1x.default\ext ensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-23 22:02; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn
FF - ExtSQL: 2013-04-24 14:57; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn
FF - ExtSQL: 2013-05-31 11:34; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-05-31 14:28; {ab91efd4-6975-4081-8552-1b3922ed79e2}; C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8jbuks1x.default\ext ensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - ExtSQL: !HIDDEN! 2013-03-04 16:26; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-30 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys [2013-4-15 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys [2013-4-15 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-5-29 1390680]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys [2013-4-15 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130531.001\IDSviA64.sys [2013-5-31 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys [2013-4-15 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys [2013-4-15 432800]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-26 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-20 203776]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-2-11 311184]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-12 13336]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-12 2656280]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-26 138912]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-20 12273408]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-7-27 78848]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-7-27 180224]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-12 246376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-2 412264]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/21 09:46:38;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-9-3 245264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-2-12 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-12 39464]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-5-9 35840]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-13 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-31 21:11:50 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-05-31 20:47:14 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-31 20:43:42 -------- d-----w- C:\Users\Eric\AppData\Local\Mozilla Firefox
2013-05-31 18:44:21 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{007EE4FB-127C-4482-87C4-76BFCA1385F6}\mpengine.dll
2013-05-31 15:05:00 -------- d-----r- C:\Program Files (x86)\Skype
2013-05-30 20:05:15 256000 ----a-w- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
2013-05-30 20:01:26 -------- d-----w- C:\Program Files (x86)\Ubi Soft
2013-05-30 20:00:38 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-05-30 20:00:37 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-05-30 20:00:37 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-05-30 20:00:33 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-05-30 20:00:28 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-05-30 16:43:00 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-29 12:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-29 12:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-29 12:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-29 12:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-29 12:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-29 12:19:25 -------- d-----w- C:\Program Files\iPod
2013-05-29 12:19:24 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-29 12:19:24 -------- d-----w- C:\Program Files\iTunes
2013-05-29 12:19:24 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-29 11:52:02 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A69C6B70-A339-4896-8F0E-B7FBC5C97D03}\gapaengine.dll
2013-05-15 10:59:11 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 10:59:11 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 10:59:11 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 10:58:24 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 10:58:22 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 10:58:22 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 10:58:22 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 10:58:17 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 10:58:12 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 10:58:12 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-09 20:06:10 35840 ----a-r- C:\Windows\System32\drivers\BVRPMPR5a64.SYS
2013-05-09 20:04:45 -------- d-----w- C:\Netgear
2013-05-08 07:12:56 106088 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-05-31 20:47:02 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-05-31 20:47:02 1092512 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-05-30 04:11:59 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-05-15 15:27:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:27:56 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-06 15:10:10 120200 ----a-w- C:\Windows\SysWow64\DLLDEV32i.dll
2013-03-21 20:12:41 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 10:28:09.10 ===============
============= attach.txt ======================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/11/2011 4:42:39 PM
System Uptime: 6/1/2013 7:35:05 AM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 159B
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU1 | 2501/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1171 GiB total, 1007.29 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 3.01 GiB free.
E: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP364: 5/17/2013 2:15:00 PM - HPSF Applying updates
RP365: 5/17/2013 2:16:53 PM - HPSF Applying updates
RP366: 5/18/2013 9:30:14 AM - Windows Backup
RP367: 5/29/2013 7:50:49 AM - Windows Update
RP368: 5/30/2013 12:08:11 AM - Windows Update
RP369: 5/30/2013 12:40:00 PM - Installed Myst Masterpiece Edition
RP370: 5/30/2013 1:01:22 PM - Removed Myst Masterpiece Edition
RP371: 5/30/2013 4:01:09 PM - Installed Myst III: Exile
RP372: 5/31/2013 10:59:56 AM - Removed Skype 4.2
RP373: 5/31/2013 2:17:32 PM - Installed HP ENVY Guides.
RP374: 5/31/2013 3:26:02 PM - Windows Update
RP375: 5/31/2013 4:46:41 PM - Installed Java 7 Update 21 (64-bit)
RP376: 5/31/2013 4:56:24 PM - Removed Java 7 Update 13
RP377: 5/31/2013 4:58:01 PM - Removed Java SE Development Kit 7 Update 11 (64-bit)
RP378: 5/31/2013 5:03:59 PM - Removed Adobe Shockwave Player 11.5.
RP379: 5/31/2013 5:09:07 PM - Removed Adobe Shockwave Player 11.5.
RP380: 5/31/2013 6:18:08 PM - Windows Backup
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
6400_Help
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 9
Adobe Premiere Elements 9
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bing Bar
Bing Rewards Client Installer
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom 2070 Bluetooth 3.0
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CyberLink DVD Suite
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Dragon NaturallySpeaking 12
Dramatica Pro
Elements 9 Organizer
Elements STI Installer
ESU for Microsoft Windows 7
Fax
Fences Pro
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.2.1.1
honestech VHS to DVD 5.0 Deluxe
HP 3D DriveGuard
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Documentation
HP ENVY Document Card Utilities
HP ENVY Guides
HP Imaging Device Functions 13.0
HP MovieStore
HP OfficeJet J6400
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Smart Web Printing 4.51
HP Software Framework
HP Solution Center 13.0
HP Support Assistant
HP Update
HP Wireless Assistant
HPDiagnosticAlert
HPProductAssistant
IDT Audio
Inkscape 0.48.4
Intel Digital Logo
Intel PROSet Wireless
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
iTunes
J6400
Java 7 Update 21 (64-bit)
Java SE Development Kit 7 Update 11 (64-bit)
Java(TM) 6 Update 38 (64-bit)
Junk Mail filter update
LogonStudio
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Myst III: Exile
Network64
Norton Internet Security
OCR Software by I.R.I.S. 13.0
Pandora
Power2Go
ProductContext
PX Profile Update
Quicken 2011
QuickTime
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype 6.3
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
Sony Sound Forge Audio Studio 9.0
Stardock MyColors
Status
swMSM
Synaptics Pointing Device Driver
Thunder
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 wcoiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmdiper
TurboTax 2009 wnciper
TurboTax 2009 wrapper
TurboTax 2009 wvaiper
TurboTax 2010
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmdiper
TurboTax 2010 wnciper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnciper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnciper
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB2.0 VIDBOX NW03
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
Web Designer Premium 9 Update
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Writer's Café 2.34
Xara Web Designer 9 Premium
Xara Web Designer 9 Premium (Content Pack)
Xtranormal State
Xtranormal State - Showpak-Beiges
Xtranormal State - Showpak-FM-Preview
Xtranormal State - Showpak-FMHIST
Xtranormal State - Showpak-PlaygozPresidents
Xtranormal State - Showpak-STA1
Xtranormal State - Showpak-SUT
Xtranormal State - Showpak-THN
Xtranormal State - SoundPack-Starter Kit
Xtranormal State - Voicepack-British-Graham22k
Xtranormal State - Voicepack-British-Lucy22k
Xtranormal State - Voicepack-USEnglish-Heather22k
Xtranormal State - Voicepack-USEnglish-Ryan22k
.
==== Event Viewer Messages From Past Week ========
.
6/1/2013 7:40:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.
6/1/2013 7:40:53 AM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/1/2013 7:38:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
5/31/2013 9:57:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
5/31/2013 5:58:23 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
5/31/2013 5:50:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/31/2013 5:49:46 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
5/31/2013 5:49:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 MpFilter spldr SRTSPX SymIRON SymNetS vpcvmm Wanarpv6
5/29/2013 7:16:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 101.4.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.9402.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/29/2013 7:16:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/29/2013 7:16:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/29/2013 7:16:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/29/2013 7:06:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 101.4.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.9402.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/29/2013 7:06:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/29/2013 7:06:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/29/2013 7:06:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
.
==== End Of File ===========================
============= GMER scan =================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-01 14:34:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 1192.34GB
Running: d9q8ceiu.exe; Driver: C:\Users\Eric\AppData\Local\Temp\pwliipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001000a059e
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a3ba9d1}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100090e6e
? C:\Windows\system32\mssprxy.dll [2472] entry point in ".rdata" section 0000000064bf71e6
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001000a04bc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a3ba9d1}
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100090e6e
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010008091c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100080048
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001000802ee
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001000804b2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001000809fe
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100080ae0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010008012a
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100080758
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100080676
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001000803d0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100080594
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010008083a
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010008020c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010009059e
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100080f52
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100090210
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100090048
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a3aa9d1}
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100080ca6
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001000903d8
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010009012c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001000902f4
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100080e6e
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010236091c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000102360048
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001023602ee
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001023604b2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001023609fe
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000102360ae0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010236012a
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000102360758
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000102360676
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001023603d0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000102360594
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010236083a
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010236020c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 0000000102360bc2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 00000001023b0048
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 00000001023b02f4
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 7 bytes JMP 00000001023b012c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000102360d88
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001023b04bc
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 00000001023b0210
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001023b03d8
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000102360f50
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a5aa9d1}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001002904bc
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010031091c
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100310048
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001003102ee
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001003104b2
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001003109fe
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100310ae0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010031012a
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100310758
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100310676
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001003103d0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100310594
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010031083a
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010031020c
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010032059e
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100310f52
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100320210
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100320048
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a63a9d1}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100310ca6
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001003203d8
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010032012c
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001003202f4
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100310e6e
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010014091c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100140048
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001001402ee
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001001404b2
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001001409fe
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100140ae0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010014012a
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100140758
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100140676
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001001403d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100140594
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010014083a
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010014020c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010019059e
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100140f52
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100190210
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100190048
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a4aa9d1}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100140ca6
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001001903d8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010019012c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001001902f4
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100140e6e
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001001104bc
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a42a9d1}
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010029059e
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a5aa9d1}
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010023091c
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100230048
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002302ee
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002304b2
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002309fe
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100230ae0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010023012a
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100230758
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100230676
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002303d0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100230594
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010023083a
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010023020c
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010024059e
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100230f52
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100240210
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100240048
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a55a9d1}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100230ca6
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002403d8
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010024012c
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002402f4
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100230e6e
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010024091c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100240048
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002402ee
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002404b2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002409fe
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100240ae0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010024012a
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100240758
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100240676
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002403d0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100240594
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010024083a
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010024020c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100240f52
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100250210
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100250048
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a56a9d1}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100240ca6
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002503d8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010025012c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002502f4
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100240e6e
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001002504bc
.text C:\Windows\SysWOW64\RunDll32.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Windows\SysWOW64\RunDll32.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a5aa9d1}
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010029059e
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010044091c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100440048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001004402ee
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001004404b2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001004409fe
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100440ae0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010044012a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100440758
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100440676
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001004403d0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100440594
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010044083a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010044020c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001004504bc
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100440f52
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100450210
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100450048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a76a9d1}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100440ca6
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001004503d8
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010045012c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001004502f4
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100440e6e
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010038091c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100380048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001003802ee
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001003804b2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001003809fe
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100380ae0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010038012a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100380758
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100380676
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001003803d0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100380594
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010038083a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010038020c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001003904bc
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100380f52
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100390210
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100390048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a6aa9d1}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100380ca6
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001003903d8
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010039012c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001003902f4
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100380e6e
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010024091c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100240048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002402ee
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002404b2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002409fe
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100240ae0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010024012a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100240758
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100240676
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002403d0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100240594
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010024083a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010024020c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010031059e
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100240f52
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100310210
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100310048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a62a9d1}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100240ca6
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001003103d8
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010031012c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001003102f4
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100240e6e
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100310210
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100310048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a62a9d1}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001003103d8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010031012c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001003102f4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001003104bc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 00000001001f091c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 00000001001f0048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001001f02ee
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001001f04b2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001001f09fe
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 00000001001f0ae0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 00000001001d004c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 00000001001f012a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 00000001001f0758
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 00000001001f0676
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001001f03d0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 00000001001f0594
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 00000001001f083a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 00000001001f020c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 00000001001f0f52
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100200210
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100200048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a51a9d1}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 00000001001f0ca6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002003d8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010020012c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002002f4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 00000001001f0e6e
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010020059e
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100280f52
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100290210
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100290048
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a5aa9d1}
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100280ca6
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002903d8
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010029012c
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002902f4
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100280e6e
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001002904bc
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{06ACDBD7-B507-43E6-9129-C7A610077885}\Connection@Name isatap.{340A5E85-79D2-4ADC-960E-F38908DC52F7}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{56630E69-0253-420D-A956-BA1E47FB06F2}\Connection@Name isatap.{93D6A9CE-B6E3-4EBE-BD27-959BA9D40BD0}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{BE14118F-8EF0-4841-AC4D-24FA362759D9}?\Device\{A2871953-F5D4-4570-9589-3D8B94E87397}?\Device\{56630E69-0253-420D-A956-BA1E47FB06F2}?\Device\{06ACDBD7-B507-43E6-9129-C7A610077885}?\Device\{9630CB55-6585-4003-9223-DFC8CBB9B6D8}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{BE14118F-8EF0-4841-AC4D-24FA362759D9}"?"{A2871953-F5D4-4570-9589-3D8B94E87397}"?"{56630E69-0253-420D-A956-BA1E47FB06F2}"?"{06ACDBD7-B507-43E6-9129-C7A610077885}"?"{9630CB55-6585-4003-9223-DFC8CBB9B6D8}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{BE14118F-8EF0-4841-AC4D-24FA362759D9}?\Device\TCPIP6TUNNEL_{A2871953-F5D4-4570-9589-3D8B94E87397}?\Device\TCPIP6TUNNEL_{56630E69-0253-420D-A956-BA1E47FB06F2}?\Device\TCPIP6TUNNEL_{06ACDBD7-B507-43E6-9129-C7A610077885}?\Device\TCPIP6TUNNEL_{9630CB55-6585-4003-9223-DFC8CBB9B6D8}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af7889e0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a8237db75
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{06ACDBD7-B507-43E6-9129-C7A610077885}@InterfaceName isatap.{340A5E85-79D2-4ADC-960E-F38908DC52F7}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{06ACDBD7-B507-43E6-9129-C7A610077885}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{56630E69-0253-420D-A956-BA1E47FB06F2}@InterfaceName isatap.{93D6A9CE-B6E3-4EBE-BD27-959BA9D40BD0}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{56630E69-0253-420D-A956-BA1E47FB06F2}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af7889e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a8237db75 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
I have done some work to improve performance: disabled some unneeded services, reset my Firefox profile, disabled MSE real time protection so that it doesn't conflict with Norton Internet Security 2012. Nonetheless the slow responsiveness continues.
This machine is not used for email.
Any help you can provide will be greatly appreciated.
Logs attached:
=================== TSG SysInfo ====================
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8139 Mb
Graphics Card: Mobile Intel(R) HD Graphics, -250 Mb
Hard Drives: C: Total - 1199469 MB, Free - 1030336 MB; D: Total - 21183 MB, Free - 3082 MB;
Motherboard: Hewlett-Packard, 159B
Antivirus: Microsoft Security Essentials, Disabled
==> Note: MSE is disabled to avoid conflicts with Norton Internet Security 2012
===========================================
=============== HiJackThis log ==================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:51 AM, on 6/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Users\Eric\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL
O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\PROGRA~2\Nuance\NATURA~1\Program\ieShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd...detect1261.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2013/01/21 09:46:38 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Documention Flash Card Detection Service (hpdoccardsvc) - Hewlett-Packard Developement Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 17137 bytes
===========================================
======== dds.txt =============================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Eric at 10:27:07 on 2013-06-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.5582 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{41B387F7-1A7E-411C-B249-F73BA5452141} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{41B387F7-1A7E-411C-B249-F73BA5452141}\25D474034354E465E4875374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{41B387F7-1A7E-411C-B249-F73BA5452141}\54D4E4F5844534 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8FE69542-4C35-4070-AFF3-8F276922FF51} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8jbuks1x.default\
FF - prefs.js: browser.startup.homepage - hxxp://global.nytimes.com/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8jbuks1x.default\ext ensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8jbuks1x.default\ext ensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8jbuks1x.default\ext ensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-23 22:02; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn
FF - ExtSQL: 2013-04-24 14:57; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn
FF - ExtSQL: 2013-05-31 11:34; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-05-31 14:28; {ab91efd4-6975-4081-8552-1b3922ed79e2}; C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\8jbuks1x.default\ext ensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - ExtSQL: !HIDDEN! 2013-03-04 16:26; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-30 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys [2013-4-15 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys [2013-4-15 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-5-29 1390680]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys [2013-4-15 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130531.001\IDSviA64.sys [2013-5-31 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys [2013-4-15 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys [2013-4-15 432800]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-26 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-20 203776]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-2-11 311184]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-12 13336]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-12 2656280]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-26 138912]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-20 12273408]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-7-27 78848]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-7-27 180224]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-12 246376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-2 412264]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/21 09:46:38;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-9-3 245264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-2-12 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-12 39464]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-5-9 35840]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-13 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-31 21:11:50 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-05-31 20:47:14 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-31 20:43:42 -------- d-----w- C:\Users\Eric\AppData\Local\Mozilla Firefox
2013-05-31 18:44:21 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{007EE4FB-127C-4482-87C4-76BFCA1385F6}\mpengine.dll
2013-05-31 15:05:00 -------- d-----r- C:\Program Files (x86)\Skype
2013-05-30 20:05:15 256000 ----a-w- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
2013-05-30 20:01:26 -------- d-----w- C:\Program Files (x86)\Ubi Soft
2013-05-30 20:00:38 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-05-30 20:00:37 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-05-30 20:00:37 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-05-30 20:00:33 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-05-30 20:00:28 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-05-30 16:43:00 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-29 12:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-29 12:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-29 12:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-29 12:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-29 12:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-05-29 12:19:25 -------- d-----w- C:\Program Files\iPod
2013-05-29 12:19:24 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-29 12:19:24 -------- d-----w- C:\Program Files\iTunes
2013-05-29 12:19:24 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-29 11:52:02 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A69C6B70-A339-4896-8F0E-B7FBC5C97D03}\gapaengine.dll
2013-05-15 10:59:11 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 10:59:11 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 10:59:11 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 10:58:24 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 10:58:22 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 10:58:22 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 10:58:22 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 10:58:17 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 10:58:12 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 10:58:12 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-09 20:06:10 35840 ----a-r- C:\Windows\System32\drivers\BVRPMPR5a64.SYS
2013-05-09 20:04:45 -------- d-----w- C:\Netgear
2013-05-08 07:12:56 106088 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-05-31 20:47:02 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-05-31 20:47:02 1092512 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-05-30 04:11:59 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-05-15 15:27:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:27:56 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-06 15:10:10 120200 ----a-w- C:\Windows\SysWow64\DLLDEV32i.dll
2013-03-21 20:12:41 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 10:28:09.10 ===============
============= attach.txt ======================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/11/2011 4:42:39 PM
System Uptime: 6/1/2013 7:35:05 AM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 159B
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU1 | 2501/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1171 GiB total, 1007.29 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 3.01 GiB free.
E: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP364: 5/17/2013 2:15:00 PM - HPSF Applying updates
RP365: 5/17/2013 2:16:53 PM - HPSF Applying updates
RP366: 5/18/2013 9:30:14 AM - Windows Backup
RP367: 5/29/2013 7:50:49 AM - Windows Update
RP368: 5/30/2013 12:08:11 AM - Windows Update
RP369: 5/30/2013 12:40:00 PM - Installed Myst Masterpiece Edition
RP370: 5/30/2013 1:01:22 PM - Removed Myst Masterpiece Edition
RP371: 5/30/2013 4:01:09 PM - Installed Myst III: Exile
RP372: 5/31/2013 10:59:56 AM - Removed Skype 4.2
RP373: 5/31/2013 2:17:32 PM - Installed HP ENVY Guides.
RP374: 5/31/2013 3:26:02 PM - Windows Update
RP375: 5/31/2013 4:46:41 PM - Installed Java 7 Update 21 (64-bit)
RP376: 5/31/2013 4:56:24 PM - Removed Java 7 Update 13
RP377: 5/31/2013 4:58:01 PM - Removed Java SE Development Kit 7 Update 11 (64-bit)
RP378: 5/31/2013 5:03:59 PM - Removed Adobe Shockwave Player 11.5.
RP379: 5/31/2013 5:09:07 PM - Removed Adobe Shockwave Player 11.5.
RP380: 5/31/2013 6:18:08 PM - Windows Backup
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
6400_Help
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 9
Adobe Premiere Elements 9
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bing Bar
Bing Rewards Client Installer
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom 2070 Bluetooth 3.0
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CyberLink DVD Suite
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Dragon NaturallySpeaking 12
Dramatica Pro
Elements 9 Organizer
Elements STI Installer
ESU for Microsoft Windows 7
Fax
Fences Pro
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.2.1.1
honestech VHS to DVD 5.0 Deluxe
HP 3D DriveGuard
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Documentation
HP ENVY Document Card Utilities
HP ENVY Guides
HP Imaging Device Functions 13.0
HP MovieStore
HP OfficeJet J6400
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Smart Web Printing 4.51
HP Software Framework
HP Solution Center 13.0
HP Support Assistant
HP Update
HP Wireless Assistant
HPDiagnosticAlert
HPProductAssistant
IDT Audio
Inkscape 0.48.4
Intel Digital Logo
Intel PROSet Wireless
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
iTunes
J6400
Java 7 Update 21 (64-bit)
Java SE Development Kit 7 Update 11 (64-bit)
Java(TM) 6 Update 38 (64-bit)
Junk Mail filter update
LogonStudio
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Myst III: Exile
Network64
Norton Internet Security
OCR Software by I.R.I.S. 13.0
Pandora
Power2Go
ProductContext
PX Profile Update
Quicken 2011
QuickTime
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype 6.3
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
Sony Sound Forge Audio Studio 9.0
Stardock MyColors
Status
swMSM
Synaptics Pointing Device Driver
Thunder
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 wcoiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmdiper
TurboTax 2009 wnciper
TurboTax 2009 wrapper
TurboTax 2009 wvaiper
TurboTax 2010
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmdiper
TurboTax 2010 wnciper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnciper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnciper
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB2.0 VIDBOX NW03
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
Web Designer Premium 9 Update
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Writer's Café 2.34
Xara Web Designer 9 Premium
Xara Web Designer 9 Premium (Content Pack)
Xtranormal State
Xtranormal State - Showpak-Beiges
Xtranormal State - Showpak-FM-Preview
Xtranormal State - Showpak-FMHIST
Xtranormal State - Showpak-PlaygozPresidents
Xtranormal State - Showpak-STA1
Xtranormal State - Showpak-SUT
Xtranormal State - Showpak-THN
Xtranormal State - SoundPack-Starter Kit
Xtranormal State - Voicepack-British-Graham22k
Xtranormal State - Voicepack-British-Lucy22k
Xtranormal State - Voicepack-USEnglish-Heather22k
Xtranormal State - Voicepack-USEnglish-Ryan22k
.
==== Event Viewer Messages From Past Week ========
.
6/1/2013 7:40:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.
6/1/2013 7:40:53 AM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/1/2013 7:38:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
5/31/2013 9:57:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
5/31/2013 5:58:23 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
5/31/2013 5:50:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/31/2013 5:49:46 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
5/31/2013 5:49:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 MpFilter spldr SRTSPX SymIRON SymNetS vpcvmm Wanarpv6
5/29/2013 7:16:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 101.4.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.9402.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/29/2013 7:16:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/29/2013 7:16:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/29/2013 7:16:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/29/2013 7:06:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 101.4.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.9402.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/29/2013 7:06:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/29/2013 7:06:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/29/2013 7:06:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.300.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
.
==== End Of File ===========================
============= GMER scan =================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-01 14:34:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 1192.34GB
Running: d9q8ceiu.exe; Driver: C:\Users\Eric\AppData\Local\Temp\pwliipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001000a059e
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a3ba9d1}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2280] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100090e6e
? C:\Windows\system32\mssprxy.dll [2472] entry point in ".rdata" section 0000000064bf71e6
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001000a04bc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a3ba9d1}
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2676] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100090e6e
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010008091c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100080048
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001000802ee
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001000804b2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001000809fe
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100080ae0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010008012a
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100080758
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100080676
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001000803d0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100080594
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010008083a
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010008020c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010009059e
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100080f52
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100090210
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100090048
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a3aa9d1}
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100080ca6
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001000903d8
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010009012c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001000902f4
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2736] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100080e6e
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010236091c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000102360048
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001023602ee
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001023604b2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001023609fe
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000102360ae0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010236012a
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000102360758
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000102360676
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001023603d0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000102360594
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010236083a
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010236020c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 0000000102360bc2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 00000001023b0048
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 00000001023b02f4
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 7 bytes JMP 00000001023b012c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000102360d88
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001023b04bc
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 00000001023b0210
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001023b03d8
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000102360f50
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a5aa9d1}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001002904bc
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010031091c
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100310048
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001003102ee
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001003104b2
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001003109fe
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100310ae0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010031012a
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100310758
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100310676
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001003103d0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100310594
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010031083a
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010031020c
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010032059e
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100310f52
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100320210
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100320048
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a63a9d1}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100310ca6
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001003203d8
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010032012c
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001003202f4
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100310e6e
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010014091c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100140048
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001001402ee
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001001404b2
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001001409fe
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100140ae0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010014012a
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100140758
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100140676
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001001403d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100140594
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010014083a
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010014020c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010019059e
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100140f52
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100190210
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100190048
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a4aa9d1}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100140ca6
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001001903d8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010019012c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001001902f4
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[5100] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100140e6e
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001001104bc
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a42a9d1}
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5116] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010029059e
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a5aa9d1}
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4640] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010023091c
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100230048
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002302ee
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002304b2
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002309fe
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100230ae0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010023012a
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100230758
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100230676
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002303d0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100230594
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010023083a
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010023020c
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010024059e
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100230f52
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100240210
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100240048
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a55a9d1}
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100230ca6
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002403d8
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010024012c
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002402f4
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[508] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100230e6e
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010024091c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100240048
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002402ee
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002404b2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002409fe
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100240ae0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010024012a
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100240758
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100240676
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002403d0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100240594
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010024083a
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010024020c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100240f52
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100250210
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100250048
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a56a9d1}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100240ca6
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002503d8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010025012c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002502f4
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100240e6e
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1484] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001002504bc
.text C:\Windows\SysWOW64\RunDll32.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Windows\SysWOW64\RunDll32.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4896] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a5aa9d1}
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010029059e
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010044091c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100440048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001004402ee
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001004404b2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001004409fe
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100440ae0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010044012a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100440758
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100440676
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001004403d0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100440594
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010044083a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010044020c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001004504bc
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100440f52
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100450210
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100450048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a76a9d1}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100440ca6
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001004503d8
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010045012c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001004502f4
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100440e6e
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010038091c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100380048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001003802ee
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001003804b2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001003809fe
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100380ae0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010038012a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100380758
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100380676
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001003803d0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100380594
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010038083a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010038020c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001003904bc
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100380f52
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100390210
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100390048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a6aa9d1}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100380ca6
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001003903d8
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010039012c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001003902f4
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[4232] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100380e6e
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010024091c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100240048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002402ee
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002404b2
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002409fe
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100240ae0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010024012a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100240758
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100240676
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002403d0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100240594
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010024083a
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010024020c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010031059e
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100240f52
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100310210
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100310048
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a62a9d1}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100240ca6
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001003103d8
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010031012c
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001003102f4
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100240e6e
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100310210
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100310048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a62a9d1}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001003103d8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010031012c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001003102f4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3992] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001003104bc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 00000001001f091c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 00000001001f0048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001001f02ee
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001001f04b2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001001f09fe
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 00000001001f0ae0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 00000001001d004c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 00000001001f012a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 00000001001f0758
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 00000001001f0676
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001001f03d0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 00000001001f0594
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 00000001001f083a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 00000001001f020c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 00000001001f0f52
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100200210
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100200048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a51a9d1}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 00000001001f0ca6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002003d8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010020012c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002002f4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 00000001001f0e6e
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6160] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 000000010020059e
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc90 5 bytes JMP 000000010028091c
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007794fdf4 5 bytes JMP 0000000100280048
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007794fe88 5 bytes JMP 00000001002802ee
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffe4 5 bytes JMP 00000001002804b2
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077950018 5 bytes JMP 00000001002809fe
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077950048 5 bytes JMP 0000000100280ae0
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950064 5 bytes JMP 000000010002004c
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795077c 5 bytes JMP 000000010028012a
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795086c 5 bytes JMP 0000000100280758
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950884 5 bytes JMP 0000000100280676
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950dd4 5 bytes JMP 00000001002803d0
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077951900 5 bytes JMP 0000000100280594
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951bc4 5 bytes JMP 000000010028083a
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077951d50 5 bytes JMP 000000010028020c
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ce524f 7 bytes JMP 0000000100280f52
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ce53d0 7 bytes JMP 0000000100290210
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ce5677 1 byte JMP 0000000100290048
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ce5679 5 bytes {JMP 0xffffffff8a5aa9d1}
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ce589a 7 bytes JMP 0000000100280ca6
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ce5a1d 7 bytes JMP 00000001002903d8
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ce5c9b 7 bytes JMP 000000010029012c
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ce5d87 7 bytes JMP 00000001002902f4
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ce7240 7 bytes JMP 0000000100280e6e
.text C:\Users\Eric\Desktop\d9q8ceiu.exe[6964] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000759a1492 7 bytes JMP 00000001002904bc
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{06ACDBD7-B507-43E6-9129-C7A610077885}\Connection@Name isatap.{340A5E85-79D2-4ADC-960E-F38908DC52F7}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{56630E69-0253-420D-A956-BA1E47FB06F2}\Connection@Name isatap.{93D6A9CE-B6E3-4EBE-BD27-959BA9D40BD0}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{BE14118F-8EF0-4841-AC4D-24FA362759D9}?\Device\{A2871953-F5D4-4570-9589-3D8B94E87397}?\Device\{56630E69-0253-420D-A956-BA1E47FB06F2}?\Device\{06ACDBD7-B507-43E6-9129-C7A610077885}?\Device\{9630CB55-6585-4003-9223-DFC8CBB9B6D8}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{BE14118F-8EF0-4841-AC4D-24FA362759D9}"?"{A2871953-F5D4-4570-9589-3D8B94E87397}"?"{56630E69-0253-420D-A956-BA1E47FB06F2}"?"{06ACDBD7-B507-43E6-9129-C7A610077885}"?"{9630CB55-6585-4003-9223-DFC8CBB9B6D8}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{BE14118F-8EF0-4841-AC4D-24FA362759D9}?\Device\TCPIP6TUNNEL_{A2871953-F5D4-4570-9589-3D8B94E87397}?\Device\TCPIP6TUNNEL_{56630E69-0253-420D-A956-BA1E47FB06F2}?\Device\TCPIP6TUNNEL_{06ACDBD7-B507-43E6-9129-C7A610077885}?\Device\TCPIP6TUNNEL_{9630CB55-6585-4003-9223-DFC8CBB9B6D8}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af7889e0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a8237db75
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{06ACDBD7-B507-43E6-9129-C7A610077885}@InterfaceName isatap.{340A5E85-79D2-4ADC-960E-F38908DC52F7}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{06ACDBD7-B507-43E6-9129-C7A610077885}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{56630E69-0253-420D-A956-BA1E47FB06F2}@InterfaceName isatap.{93D6A9CE-B6E3-4EBE-BD27-959BA9D40BD0}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{56630E69-0253-420D-A956-BA1E47FB06F2}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af7889e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a8237db75 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----