Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malicious spyware/virus uninstalled my programs [Closed]


  • This topic is locked This topic is locked

#1
combatshadow

combatshadow

    Member

  • Member
  • PipPip
  • 10 posts
Hi, there seems to be a malicious software on my laptop which has messed up the whole system. For the last one week, Google Chrome was acting strange as in it wasn't letting me view sites opened in other tabs and was hogging up a lot of memory. I simply ignored it, thinking it was a problem related to it being an outdated version.

Now since past few days, I realized that almost all the programs and games have uninstalled itself, leaving most of the shortcuts broken. Most of the application's folder have vanished and the game folders contain few MBs of data. Any application that I try to open gives me an error, saying that it doesn't exist or that I need to reinstall it. I believe some 50GB+ of data (mostly games like CoH, Steam, AoE etc.) got wiped in the process. Personal data, however hasn't been affected.

Anyway, so I then tried restoring the system to an earlier point (2 weeks) to see if that helped. Most applications (not games) were restored but still there was problem running them in most cases and the laptop felt very buggy/laggy. I then again restored to an older restore point (January) to see if it'd solve it but to no avail. I then restored it back to its original point (basically undo whatever I had done) and I am back to sqaure one. As of now, I've restored back to the January restore point as some basic programs continue to work but the sytem is too buggy.

Please suggest what could be the problem and the fix for it.

Thanks
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello combatshadow and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Let's see what we can do for you.

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
combatshadow

combatshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 3/6/2013 7:32:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kailash Gupta\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 39.38% Memory free
7.73 Gb Paging File | 4.54 Gb Available in Paging File | 58.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 301.01 Gb Total Space | 234.82 Gb Free Space | 78.01% Space Free | Partition Type: NTFS
Drive D: | 150.00 Gb Total Space | 33.37 Gb Free Space | 22.25% Space Free | Partition Type: NTFS

Computer Name: ANKIT-DELLLAPTO | User Name: Kailash Gupta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/06 19:31:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kailash Gupta\Desktop\OTL.exe
PRC - [2013/03/05 22:07:48 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/03/01 04:38:21 | 001,274,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/17 07:32:48 | 000,443,760 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/11/16 01:29:44 | 000,527,728 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/11/15 08:33:24 | 000,389,488 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012/05/14 09:30:16 | 012,808,192 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\App.exe
PRC - [2011/12/14 17:29:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/04/01 14:15:40 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/04/01 14:15:17 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/01/14 01:07:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 08:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/06/08 21:19:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 21:19:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 03:07:16 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 03:04:12 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/06/09 19:41:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 19:29:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/01 04:38:19 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppgooglenaclpluginchrome.dll
MOD - [2013/03/01 04:38:18 | 012,637,136 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
MOD - [2013/03/01 04:38:16 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
MOD - [2013/03/01 04:37:25 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\libglesv2.dll
MOD - [2013/03/01 04:37:24 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\libegl.dll
MOD - [2013/03/01 04:37:21 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/11 04:23:38 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/08/11 04:23:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/08/11 04:23:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/08/11 04:23:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\06269663e6482bc4ceeb48c2a7d1ad34\IAStorUtil.ni.dll
MOD - [2012/08/11 04:23:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/08/11 04:23:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/08/11 04:22:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/08/11 04:22:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/08/11 04:22:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/08/11 04:22:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/14 09:30:16 | 012,808,192 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\App.exe
MOD - [2012/05/14 09:22:24 | 000,192,512 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfXCommWrapper.dll
MOD - [2012/05/14 09:22:12 | 000,450,560 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfXComm.dll
MOD - [2012/05/14 09:22:02 | 000,061,440 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfCustomization.dll
MOD - [2012/05/14 09:21:52 | 000,102,400 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfWaveLib.dll
MOD - [2012/05/14 09:21:52 | 000,053,248 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfLogService.dll
MOD - [2012/05/14 09:21:50 | 000,040,960 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfRasWrapper.dll
MOD - [2012/05/14 09:21:48 | 000,081,920 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfDeviceHW.dll
MOD - [2012/05/14 09:21:38 | 000,192,512 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfHelper.dll
MOD - [2012/05/14 09:21:38 | 000,013,312 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfSoundPlayLib.dll
MOD - [2012/05/14 09:21:36 | 000,014,336 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfSerialPort.dll
MOD - [2012/05/14 09:21:32 | 000,019,456 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zfThreading.dll
MOD - [2012/04/05 19:31:20 | 000,971,776 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\libxml2.dll
MOD - [2012/04/05 19:31:20 | 000,290,904 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\libxslt.dll
MOD - [2012/04/05 19:31:20 | 000,073,728 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\zlib1.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/04/28 10:05:48 | 000,405,504 | ---- | M] () [Auto | Running] -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV:64bit: - [2011/10/13 01:39:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/18 10:40:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/03 11:43:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/11/02 23:18:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 19:41:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 16:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/01/15 09:29:06 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/17 07:32:48 | 000,443,760 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/11/16 01:29:44 | 000,527,728 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/11/15 08:33:24 | 000,389,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/11/15 07:10:58 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/21 04:31:55 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/14 17:29:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/30 16:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/04/01 14:15:40 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/04/01 14:15:17 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/14 01:07:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/20 04:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 04:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 04:18:04 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/12 23:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/06/08 21:19:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 03:07:16 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 03:04:12 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 05:37:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 19:29:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files (x86)\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/26 16:34:14 | 000,058,360 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\networx.sys -- (networx)
DRV:64bit: - [2012/11/15 07:08:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/11/15 07:03:20 | 000,042,248 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/29 23:16:14 | 000,028,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/05 19:35:36 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2012/04/03 14:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 12:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/10/13 02:26:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/10/13 02:26:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/13 01:00:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/25 05:10:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/03/11 12:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 12:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/12 02:53:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/06/18 10:40:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/08 21:03:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/05/06 18:51:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/12 14:25:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/31 01:28:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/18 03:14:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/18 03:03:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/03/18 02:59:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/03 11:43:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 11:43:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 11:43:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/02 23:18:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 05:40:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 13:30:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/16 01:01:00 | 000,321,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0540Vid.sys -- (V0540Dev)
DRV:64bit: - [2009/06/15 23:36:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/11 02:07:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 02:05:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006/11/01 23:21:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/08/11 00:48:29 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...E-671C91E0D56C}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {42C8AE5C-DEF1-4EB5-AA9D-63FEC14B264B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{42C8AE5C-DEF1-4EB5-AA9D-63FEC14B264B}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{C6A848AA-DD4C-46C5-BA48-A57BD7BA550D}: "URL" = http://in.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kailash Gupta\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kailash Gupta\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kailash Gupta\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kailash Gupta\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Kailash Gupta\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/05 09:25:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Kailash Gupta\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/05 09:25:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Kailash Gupta\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/05 09:25:43 | 000,000,000 | ---D | M]

[2013/03/05 09:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kailash Gupta\AppData\Roaming\mozilla\Extensions
[2013/03/05 09:25:43 | 000,000,000 | ---D | M] (Special Savings) -- C:\Users\Kailash Gupta\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/03/05 09:25:43 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Kailash Gupta\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/03 11:30:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kailash Gupta\AppData\Roaming\mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kailash Gupta\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kailash Gupta\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Theme Creator = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc\2.5_0\
CHR - Extension: TooManyTabs for Chrome = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.6_0\
CHR - Extension: Google Drive = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Last.fm free music player = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.692_0\
CHR - Extension: Chrome Tips Beta (by Google) = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmbgfhokojnnaliemjgbahnfeggocpe\1.0.6_0\
CHR - Extension: Turn Off the Lights = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\
CHR - Extension: YouTube = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Search by Image (by Google) = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.2_0\
CHR - Extension: Session Buddy = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.1.4_0\
CHR - Extension: PanicButton = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: Print Selection = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk\0.5.3_0\
CHR - Extension: AdBlock = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Smiley Bar for Facebook = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.5_0\
CHR - Extension: Pixlr Editor = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: Poppit = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.2_0\
CHR - Extension: Better History = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.9.38_0\
CHR - Extension: Checker Plus for Gmail\u2122 = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\11.1_0\
CHR - Extension: Gmail = C:\Users\Kailash Gupta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/19 00:54:30 | 000,001,796 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ade92211-31dc-4775-85c0-75659b099dd3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0540Ext.ax] C:\Windows\SysNative\V0540Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0540Ext.ax] C:\Windows\SysWOW64\V0540Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 32
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm File not found
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm File not found
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{404FA70E-26D1-44EE-B726-3509D3E78029}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}: DhcpNameServer = 192.168.33.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}: NameServer = 59.185.0.23,59.185.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D521C780-A06A-40A6-890D-B7175F24FBAC}: NameServer = 10.228.65.113 116.202.225.33
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{17d609ee-57b9-11e2-8787-1c659d5b5d02}\Shell - "" = AutoRun
O33 - MountPoints2\{17d609ee-57b9-11e2-8787-1c659d5b5d02}\Shell\AutoRun\command - "" = H:\Setup.exe /Auto
O33 - MountPoints2\{37c46f5a-f6c9-11df-a6bc-f04da292294c}\Shell - "" = AutoRun
O33 - MountPoints2\{37c46f5a-f6c9-11df-a6bc-f04da292294c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5a633a2f-f18c-11df-95f6-1c659d5b5d02}\Shell - "" = AutoRun
O33 - MountPoints2\{5a633a2f-f18c-11df-95f6-1c659d5b5d02}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5a633a35-f18c-11df-95f6-1c659d5b5d02}\Shell - "" = AutoRun
O33 - MountPoints2\{5a633a35-f18c-11df-95f6-1c659d5b5d02}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{952dea18-3ec0-11e0-bbf8-1c659d5b5d02}\Shell - "" = AutoRun
O33 - MountPoints2\{952dea18-3ec0-11e0-bbf8-1c659d5b5d02}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{dcc6b112-04ed-11e0-b9f7-f04da292294c}\Shell - "" = AutoRun
O33 - MountPoints2\{dcc6b112-04ed-11e0-b9f7-f04da292294c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/06 19:28:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kailash Gupta\Desktop\OTL.exe
[2013/03/06 18:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBlaze
[2013/03/06 18:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\MBlaze UI
[2013/03/06 18:33:54 | 000,000,000 | ---D | C] -- C:\Users\Kailash Gupta\AppData\Roaming\Registry Mechanic
[2013/03/06 18:22:28 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2013/03/06 18:22:28 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2013/03/06 18:22:28 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2013/03/06 18:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2013/03/06 18:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013/03/06 18:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2013/03/06 17:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flickr Uploadr
[2013/03/06 17:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2013/03/06 17:35:28 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2013/03/06 17:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2013/03/06 17:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Cutter
[2013/03/06 17:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Cutter
[2013/03/06 17:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/06 17:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/06 17:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/03/06 17:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/06 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/03/06 17:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/03/06 17:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/03/06 17:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/03/06 17:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/03/06 13:24:21 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/06 13:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013/03/06 10:36:56 | 000,000,000 | ---D | C] -- C:\Users\Kailash Gupta\AppData\Roaming\ZTEMTUI
[2013/03/06 09:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/02 08:25:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/03/02 08:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/06 19:31:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kailash Gupta\Desktop\OTL.exe
[2013/03/06 19:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/06 19:12:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 19:07:51 | 000,877,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/06 19:07:51 | 000,730,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/06 19:07:51 | 000,146,240 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/06 19:02:15 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 19:02:15 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 18:58:57 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\MBlaze.lnk
[2013/03/06 18:57:12 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3583396835-2195746600-3154891699-1000UA.job
[2013/03/06 18:54:47 | 000,000,442 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/03/06 18:54:25 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/06 18:53:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/06 18:53:45 | 3113,230,336 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/06 18:22:29 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2013/03/06 18:01:59 | 004,985,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/06 17:06:16 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/06 11:08:40 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2013/03/06 10:59:27 | 000,002,285 | ---- | M] () -- C:\Users\Kailash Gupta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/06 10:57:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3583396835-2195746600-3154891699-1000Core.job
[2013/03/05 11:28:46 | 000,000,014 | ---- | M] () -- C:\Windows\popcinfo.dat
[2013/02/20 23:38:15 | 000,144,939 | ---- | M] () -- C:\Users\Kailash Gupta\google wallet.jpg
[2013/02/09 10:08:11 | 000,025,704 | -HS- | M] () -- C:\Users\Kailash Gupta\Folder.jpg
[2013/02/09 10:08:11 | 000,006,137 | -HS- | M] () -- C:\Users\Kailash Gupta\AlbumArtSmall.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/06 18:58:57 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\MBlaze.lnk
[2013/03/06 18:22:29 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2013/03/06 18:22:28 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2013/03/06 17:06:16 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/06 09:49:37 | 000,002,285 | ---- | C] () -- C:\Users\Kailash Gupta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/20 23:38:15 | 000,144,939 | ---- | C] () -- C:\Users\Kailash Gupta\google wallet.jpg
[2013/01/22 18:32:59 | 004,464,156 | ---- | C] () -- C:\Users\Kailash Gupta\2pq.mp3
[2012/12/10 23:00:26 | 000,000,280 | ---- | C] () -- C:\Windows\_delis32.ini
[2012/11/20 17:39:10 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2012/07/21 02:26:32 | 000,000,131 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/06/29 12:32:29 | 000,000,000 | ---- | C] () -- C:\Users\Kailash Gupta\AppData\Roaming\FileOut.cns
[2012/06/29 12:32:29 | 000,000,000 | ---- | C] () -- C:\Users\Kailash Gupta\AppData\Roaming\FileIn.cns
[2012/06/21 13:55:25 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/05/06 12:16:46 | 000,000,064 | -H-- | C] () -- C:\Users\Kailash Gupta\.picasa.ini
[2012/05/04 09:06:30 | 000,069,425 | ---- | C] () -- C:\Users\Kailash Gupta\pnr.jpg
[2012/03/21 02:33:11 | 000,003,584 | ---- | C] () -- C:\Users\Kailash Gupta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/21 21:48:33 | 000,164,862 | ---- | C] () -- C:\Windows\hpoins27.dat
[2012/02/21 21:48:33 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2012/02/01 11:30:02 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/01/22 23:54:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/01/12 12:37:02 | 000,192,040 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/20 00:14:09 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2011/10/12 16:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/02 04:03:01 | 000,125,480 | ---- | C] () -- C:\Users\Kailash Gupta\CIMG0031.JPG
[2011/10/02 02:00:19 | 000,135,341 | ---- | C] () -- C:\Users\Kailash Gupta\asdfd.jpg
[2011/09/09 18:51:28 | 000,008,945 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArt_{42B614CC-BA78-436D-9369-31D63F1FE39B}_Large.jpg
[2011/09/09 18:51:28 | 000,002,545 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArt_{42B614CC-BA78-436D-9369-31D63F1FE39B}_Small.jpg
[2011/08/31 10:57:19 | 000,599,870 | ---- | C] () -- C:\Users\Kailash Gupta\boarding pass.xps
[2011/08/31 00:56:32 | 000,026,169 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArt_{42AD88BC-AED3-477C-A32D-B5A2BD71EE2F}_Large.jpg
[2011/08/31 00:56:32 | 000,008,322 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArt_{42AD88BC-AED3-477C-A32D-B5A2BD71EE2F}_Small.jpg
[2011/07/31 13:39:15 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/07/31 13:39:15 | 000,090,784 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/07/13 01:28:32 | 000,025,053 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArt_{C51F3C8F-7C82-4C03-964B-4827AF588701}_Large.jpg
[2011/07/13 01:28:32 | 000,006,766 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArt_{C51F3C8F-7C82-4C03-964B-4827AF588701}_Small.jpg
[2011/06/30 12:15:21 | 000,000,000 | ---- | C] () -- C:\Users\Kailash Gupta\AppData\Local\{7F29D035-F2B9-47CE-8B3D-06D01DA6B34A}
[2011/06/30 09:36:26 | 000,000,000 | ---- | C] () -- C:\Users\Kailash Gupta\AppData\Local\{CE73FB27-4BF6-496F-BB6A-B7C8BEA4788B}
[2011/06/29 13:57:09 | 000,000,000 | ---- | C] () -- C:\Users\Kailash Gupta\AppData\Local\{5D933B77-2994-42C4-A8EE-E1EE0A787A42}
[2011/06/26 17:23:39 | 000,011,502 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArt_{B6B94D09-6056-4550-A5EE-98318322B482}_Large.jpg
[2011/06/26 17:23:39 | 000,002,818 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArt_{B6B94D09-6056-4550-A5EE-98318322B482}_Small.jpg
[2011/06/26 17:21:10 | 000,025,704 | -HS- | C] () -- C:\Users\Kailash Gupta\Folder.jpg
[2011/06/26 17:21:10 | 000,007,974 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArt_{1B2DCC8E-2AFE-46B6-A57A-AB6371117827}_Large.jpg
[2011/06/26 17:21:10 | 000,006,137 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArtSmall.jpg
[2011/06/26 17:21:10 | 000,002,334 | -HS- | C] () -- C:\Users\Kailash Gupta\AlbumArt_{1B2DCC8E-2AFE-46B6-A57A-AB6371117827}_Small.jpg
[2011/06/24 17:53:27 | 000,000,003 | ---- | C] () -- C:\Windows\icc.bin
[2011/06/10 18:19:05 | 000,000,000 | ---- | C] () -- C:\Users\Kailash Gupta\AppData\Local\{6608A903-5696-4485-8808-E60BA9AB3C19}
[2011/04/29 22:56:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011/04/29 22:52:22 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/01 14:15:32 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/01 14:15:17 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/01 14:15:16 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/17 23:21:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/16 14:07:23 | 000,000,101 | ---- | C] () -- C:\Users\Kailash Gupta\AppData\Local\fusioncache.dat
[2010/11/20 13:32:18 | 000,007,603 | ---- | C] () -- C:\Users\Kailash Gupta\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 10:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 11:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 07:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 07:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/11 10:21:27 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\2K Sports
[2012/07/21 02:36:54 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\AC1
[2013/03/05 09:25:42 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Ashisoft
[2013/03/05 09:25:42 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Audacity
[2012/01/06 15:28:33 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\AVG
[2013/03/05 09:25:42 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Azureus
[2012/06/15 10:58:45 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Babylon
[2012/04/22 17:38:48 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2013/03/05 09:14:13 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Command and Conquer 4
[2012/06/21 22:19:36 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\dBpoweramp
[2011/04/01 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\DMCache
[2013/03/05 09:14:14 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Dropbox
[2013/03/05 09:14:15 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Flickr
[2012/10/02 00:19:47 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Foxit Software
[2013/01/05 17:22:42 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\go
[2011/10/19 00:27:09 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Jaksta Streaming Media Recorder
[2013/03/05 09:25:42 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Kalypso Media
[2013/03/05 09:25:42 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\KastorAllVideoDownloader
[2013/03/05 09:14:15 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Key Metric Software
[2013/03/05 09:14:15 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Leadertech
[2013/03/05 09:25:43 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\muvee Technologies
[2011/09/30 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Neoretix
[2011/12/24 23:44:25 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Nokia
[2013/03/05 09:25:43 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\OpenCandy
[2012/04/28 20:03:28 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\PC Remote
[2011/12/24 23:44:27 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\PC Suite
[2013/03/05 09:14:29 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\PCDr
[2012/12/18 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\PerformerSoft
[2011/01/16 16:19:57 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\PlayFirst
[2012/07/21 02:26:28 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Reasonable Software House Ltd
[2013/03/06 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Registry Mechanic
[2012/04/28 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Rovio
[2013/03/06 11:10:56 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Samsung
[2013/03/06 10:52:16 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Similarity
[2012/12/18 16:24:14 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\SpecialSavings
[2013/03/05 09:14:32 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Sports Interactive
[2012/12/18 16:23:44 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\StatusWinks
[2012/08/10 02:17:14 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\TuneUp Software
[2013/03/06 10:51:30 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\TuneUpMedia
[2012/06/15 11:52:05 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\Ubisoft
[2013/03/05 09:14:32 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\URSoft
[2013/03/06 12:56:55 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\uTorrent
[2011/06/03 20:57:59 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\ViGlance
[2013/03/05 09:25:43 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\VS Revo Group
[2010/11/03 09:44:37 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\WildTangent
[2013/03/05 09:25:43 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\XXXDownloader
[2013/03/06 18:59:51 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\ZTEEVDO
[2013/03/06 10:36:56 | 000,000,000 | ---D | M] -- C:\Users\Kailash Gupta\AppData\Roaming\ZTEMTUI

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 10:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 11:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 11:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 11:44:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 07:09:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 07:09:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 07:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 07:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#4
combatshadow

combatshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL Extras logfile created on: 3/6/2013 7:32:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kailash Gupta\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 39.38% Memory free
7.73 Gb Paging File | 4.54 Gb Available in Paging File | 58.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 301.01 Gb Total Space | 234.82 Gb Free Space | 78.01% Space Free | Partition Type: NTFS
Drive D: | 150.00 Gb Total Space | 33.37 Gb Free Space | 22.25% Space Free | Partition Type: NTFS

Computer Name: ANKIT-DELLLAPTO | User Name: Kailash Gupta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1284D394-BEF8-4B29-B276-49D14E3FF18F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{12BB67DC-8FDC-478D-9A16-14E7DFFB4669}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{13DD0CDE-3F5C-43D3-8DB1-D9337BE76C8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1672F13D-B4D5-4DC2-9559-772FA33B284A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{19FC3BED-2DE4-45A0-9891-95120AB1FFE1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{229BCF06-D769-4477-9DB8-CDD72A425C72}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{26DAC262-D592-448B-A647-F538DD82CDBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2865E504-055B-4822-B91A-D47950E786D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A8D5F38-4B02-4354-909A-96078567EAD8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3ACC860C-025E-42ED-8420-186CBD92675C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{463D5A30-088C-4B0D-859A-C6FBB2043B35}" = rport=139 | protocol=6 | dir=out | app=system |
"{4B56C5F0-EDB1-4ABE-8151-77A794FA978E}" = lport=139 | protocol=6 | dir=in | app=system |
"{50908342-00C5-41D5-9AFB-80B7BAE8A0DD}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5E7D3FC9-507D-4462-A36C-F9AD04553CAF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{73288368-56F4-4E62-A8B2-4DC2926BFB08}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{73F30BBE-F186-4FFE-8C0B-BE2312A162EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{774835F7-8637-4590-B936-80B8339CFF0D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7B9BC954-D15F-4BE7-B8EF-08F7787FB18F}" = lport=138 | protocol=17 | dir=in | app=system |
"{7CCE2216-1625-4494-9289-E1E9B48D84A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D5C5593-664E-4D2F-A5D2-9D1E18CAAF42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F37A9B5-C140-4047-B98E-8BBAC7EF7A35}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{84D79F7E-FEC1-4F1C-AD49-DAEF9FAE4497}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87C4FD51-A93A-4118-A181-AA17140B24BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B214F47-5042-4354-9699-6E2F1AAA0792}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F5E2F27-2252-41C6-8E89-F0B7C26BDF62}" = rport=137 | protocol=17 | dir=out | app=system |
"{9631ADAE-F4A5-4D39-ACB0-8B94EEA061D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AB2DC88-F929-4C72-ACAA-BAD3089BAEF7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CDB1D3B-C410-4BAB-B2F2-6F8B13C19C19}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A54085D5-29C8-4FB7-AA7F-D2D04630C20A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AE28471A-673D-4F54-8ADB-B64634264DFB}" = lport=445 | protocol=6 | dir=in | app=system |
"{CBFDB225-30B9-4E82-8983-0819227748AD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DF31AD38-501C-4CFA-9029-27E8F43160EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{E1452ABA-7ADD-41AD-8EEB-6808B500F0C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E8CF4CF2-4A53-4B89-98BC-7837A74FD256}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBFAFE4F-E15F-4C82-97B1-656521C4F45B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EEC617C4-D4D6-46D5-A894-FDA478FB9F76}" = lport=137 | protocol=17 | dir=in | app=system |
"{EF440246-7CC1-49BF-81C6-600D833370B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F29AAB40-B842-4DD2-942E-E1267F1FD77B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F831C865-6244-4144-A831-7B82FD8B5761}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB2D1A33-5507-4BB5-A8CD-8C1CE8FECAFB}" = rport=445 | protocol=6 | dir=out | app=system |
"{FC3812D8-59FE-4A9E-A46C-C29BE5EF2A16}" = lport=8732 | protocol=6 | dir=in | name=filesuploadservice |
"{FD5B1E48-6747-4524-9921-84201E5C2423}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0108CC56-E1B5-480A-94BD-65035161DE38}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{01E17C85-EF6C-4733-93F8-C0F8ED771835}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0784F654-B1D4-408C-BFE4-32D95A8A420F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0AA8F32A-1584-448C-A2B2-983ECF228649}" = dir=in | app=c:\users\kailash gupta\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{0B03FC86-64CF-43C9-A322-9B9508DD397B}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{0C501F18-40BF-42A5-82DB-18920C4DAC69}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{1011ED53-2381-4BA3-8DC1-FB227210B6AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1141F460-B029-41B5-9BA4-03E3B92AB8A5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{130E93E1-FB5C-41BF-8671-7E65D4710EAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{137290A8-34C5-4B99-AA5A-CB246F04C690}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{143D8686-EEE6-4D85-B6FA-FEDE38F58707}" = protocol=6 | dir=in | app=c:\users\kailash gupta\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{16C38A4B-17CF-4CBA-A749-3F4E92574EDB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{17F9164A-B47E-4B64-8C96-5C606D3CCEF2}" = protocol=1 | dir=in | [email protected],-28543 |
"{19EA2791-0F29-4D90-95D0-F2C71FFEF2D2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A3830EC-8D54-491F-B912-069055D7B45A}" = protocol=6 | dir=out | app=system |
"{1D315604-76D1-4A2B-98F5-3D745639F457}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{246FB3B6-313F-4FE1-B677-575AF5865C58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{265C9517-D06D-4BA8-A422-2F9483A79413}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2C77E12A-5759-4861-8913-B86259C9733C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E7BBB21-2613-4670-94BA-9892A5DF5609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3435AF6C-B13C-41C1-83F3-96375AF24175}" = protocol=58 | dir=in | [email protected],-148 |
"{3E91A227-2B57-47C5-A167-0B252E8A8D39}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{3F0E2E0D-0F54-4513-89F7-B4A9C9C4A181}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{4233CA04-B85F-4A73-AEAD-B576BF034E8B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4CD07E67-CCFD-49DC-8EB5-6BDC97FC4B3C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{539A47EB-80B5-416E-AA0C-CB5309093D2E}" = protocol=6 | dir=out | app=system |
"{5C18B7F1-6C94-4528-83A0-492FDDC15C2E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5E408BA2-A0B5-4518-B676-D1B247AB0D19}" = protocol=17 | dir=in | app=c:\users\kailash gupta\appdata\roaming\dropbox\bin\dropbox.exe |
"{60B8009F-69B0-453E-81F7-8F3C09C4BBF5}" = protocol=6 | dir=in | app=c:\users\kailash gupta\appdata\roaming\dropbox\bin\dropbox.exe |
"{64EA6B00-2FDE-494A-9CC4-B1FD6F105D29}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{686F0EBC-15C6-48CC-A842-620EBF711AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6DFB9601-6E63-4894-8679-A07B46634F6B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{70B3C40E-CD7B-427A-9C14-06E11D5EEE1D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7789CD6E-21E8-4770-99B2-D3D59866AE6C}" = protocol=6 | dir=out | app=system |
"{7C1639E1-9EF8-41D4-A9B0-7CF479A434FE}" = protocol=58 | dir=in | [email protected],-28545 |
"{7E5E383E-CC4D-45FB-A517-F83791F51FD0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{83F01B76-2D71-4802-83F0-BC43756EA01E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{90B8D8D7-3E24-4757-B2FD-F08A8E71EC05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{920921B6-B1EC-404C-8F27-17BB0CCBF477}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{97C8A970-659A-487C-A8BF-6E40FC0B24F2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9E149160-5179-4E30-824B-970D483A2976}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2256CCD-3D71-42DD-8FE7-32E80D3F3EAD}" = protocol=6 | dir=in | app=c:\users\kailash gupta\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A4E61F4D-3DBB-417B-988C-4B2BC2DCAD9D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AB9FD82E-CD84-48B2-8E5B-65DC1A11A908}" = protocol=6 | dir=in | app=c:\users\kailash gupta\appdata\local\microsoft\skydrive\skydrive.exe |
"{AFBA341F-54DE-4A16-A0C3-CE9066D37E9D}" = protocol=17 | dir=in | app=c:\users\kailash gupta\appdata\local\microsoft\skydrive\skydrive.exe |
"{AFD1C9B0-3DC6-4352-8F96-AD38F824F2A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B240369D-D663-4B01-A82B-846A4AE46802}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE975A22-7AD0-41C0-8D34-8ACDEA7F8F2C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C1912604-FC06-431B-AD58-FE6969697F0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C376A6D4-2445-40C2-B476-6271F4BD31C9}" = protocol=58 | dir=out | [email protected],-28546 |
"{D0718984-5EB7-41EA-B331-E0E00B3C7763}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D148B9B6-2F1F-4ECE-B4CA-CCF23A765A9D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D7EBEBD3-67E1-4833-B6DB-E93975C579D5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DA8F82B2-35E0-48F8-95F1-97E3AE7CC4F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD6D8C62-A78B-4878-BFA6-EF884F6ED49A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E2586AFF-2FBA-44EE-B447-BDC760FDC536}" = protocol=1 | dir=out | [email protected],-28544 |
"{E46087C1-B044-4857-B1B8-16E8AA669C0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8618D4C-254F-49ED-94E4-B842403DD3F2}" = protocol=17 | dir=in | app=c:\users\kailash gupta\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E9C4DEFB-6043-46F2-BCC1-E941A6E165AA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{EED715C4-1B0D-413D-9216-3F7DCE6B1E40}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{F04DE2B4-3F1F-4566-AD2C-3B3738001F93}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2EE7B74-698D-487B-8863-D3096A6DAF34}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F5F57374-F12F-4089-BF35-2AEF4D6EFF25}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F9C50E82-C132-4685-98AC-B2A8D2F6C313}" = protocol=17 | dir=in | app=c:\users\kailash gupta\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FB1DFA62-8FFB-41F5-8F2E-F68FF00BBF2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FBD24E53-F79A-4386-9097-56532F7E5F11}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{FC0FAA9C-295B-48D2-82D7-F7B4EFA4ACF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD9707E2-7C31-4407-80D1-5B076D046164}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1537111B-97C0-4A44-9757-C3A1F1CB4859}C:\users\kailash gupta\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kailash gupta\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{158C79EF-D49C-4EF5-B38E-057E46CA0F87}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{2569D742-5B03-4FE2-A54D-8AE6630157EC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{3B559E57-5AE8-4DF4-8D59-89C88893B4D2}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{4665AF76-7A27-4E70-BCA0-75FFFCB21A97}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{52EACBCA-A1DB-45D4-8E70-617239E3FD39}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{8A74AB17-AEE9-4E01-9ED6-280164F88EB0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{982A7C1B-6E1A-49C5-84B8-F5E56816CB34}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{F4584E1B-9CDF-4A0C-A80D-B5E3B9C412ED}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"UDP Query User{27EE4505-1B3F-4651-B130-F6430FC6BEF5}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{3F283F17-0A3B-42CD-ABBB-FBD80CE6C0DD}C:\users\kailash gupta\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kailash gupta\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{684B6BA8-487D-4E5F-BDF7-A6D526BF6BB5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{7B60ECE3-2BAF-47C3-A3DE-176FEB3CE0DD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{7CA41C28-1C45-4773-A666-662A5026459D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{7E449B6B-EB05-4061-A589-1699C067FB04}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{7FC733E9-7C44-46E3-AB11-DE97B9FC33CE}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe |
"UDP Query User{D22EB9CD-4715-4B31-A6D8-82016D0D5A32}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{EF7D85C9-9A31-4ED0-A354-A4C334A90E26}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416018F0}" = Java™ 6 Update 18 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D90C794-8E0C-B534-5911-A275777709F7}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{765879BD-1A62-F2C4-A5FE-67EF9B6310F1}" = ccc-utility64
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{94CBEA74-DE51-FE55-8A0E-CFB5FC970517}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"CCleaner" = CCleaner
"Creative VF0540" = Creative Live! Cam Video IM/Video Chat (VF0540) (1.01.03.00)
"DW WLAN Card Utility" = DW WLAN Card Utility
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NetWorx_is1" = NetWorx 5.2.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZTEWireless-101_is1" = MBlaze UI
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70DC8913-5212-4936-AC8C-B366F55045CF}" = Maryfi - English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"DFX" = DFX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HotspotShield" = Hotspot Shield 2.78
"MP3 Cutter_is1" = MP3 Cutter 1.1.1
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Registry Mechanic_is1" = Registry Mechanic 10.0
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Game Organizer" = GameXN GO
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2013 9:54:03 AM | Computer Name = Ankit-DellLapto | Source = ESENT | ID = 517
Description = wuaueng.dll (696) SUS20ClientDataStore: Database recovery failed with
error -551 because it encountered references to a database, 'C:\Windows\SoftwareDistribution\DataStore\DataStore.edb',
which does not match the current set of logs. The database engine will not permit
recovery to complete for this instance until the mismatching database is re-instated.
If the database is truly no longer available or no longer required, procedures
for recovering from this error are available in the Microsoft Knowledge Base or
by following the "more information" link at the bottom of this message.

Error - 3/6/2013 9:54:03 AM | Computer Name = Ankit-DellLapto | Source = ESENT | ID = 454
Description = wuaueng.dll (696) SUS20ClientDataStore: Database recovery/restore
failed with unexpected error -551.

Error - 3/6/2013 9:54:03 AM | Computer Name = Ankit-DellLapto | Source = ESENT | ID = 517
Description = wuaueng.dll (696) SUS20ClientDataStore: Database recovery failed with
error -551 because it encountered references to a database, 'C:\Windows\SoftwareDistribution\DataStore\DataStore.edb',
which does not match the current set of logs. The database engine will not permit
recovery to complete for this instance until the mismatching database is re-instated.
If the database is truly no longer available or no longer required, procedures
for recovering from this error are available in the Microsoft Knowledge Base or
by following the "more information" link at the bottom of this message.

Error - 3/6/2013 9:54:03 AM | Computer Name = Ankit-DellLapto | Source = ESENT | ID = 454
Description = wuaueng.dll (696) SUS20ClientDataStore: Database recovery/restore
failed with unexpected error -551.

Error - 3/6/2013 9:54:03 AM | Computer Name = Ankit-DellLapto | Source = ESENT | ID = 517
Description = wuaueng.dll (696) SUS20ClientDataStore: Database recovery failed with
error -551 because it encountered references to a database, 'C:\Windows\SoftwareDistribution\DataStore\DataStore.edb',
which does not match the current set of logs. The database engine will not permit
recovery to complete for this instance until the mismatching database is re-instated.
If the database is truly no longer available or no longer required, procedures
for recovering from this error are available in the Microsoft Knowledge Base or
by following the "more information" link at the bottom of this message.

Error - 3/6/2013 9:54:03 AM | Computer Name = Ankit-DellLapto | Source = ESENT | ID = 454
Description = wuaueng.dll (696) SUS20ClientDataStore: Database recovery/restore
failed with unexpected error -551.

Error - 3/6/2013 9:55:40 AM | Computer Name = Ankit-DellLapto | Source = ESENT | ID = 517
Description = wuaueng.dll (696) SUS20ClientDataStore: Database recovery failed with
error -551 because it encountered references to a database, 'C:\Windows\SoftwareDistribution\DataStore\DataStore.edb',
which does not match the current set of logs. The database engine will not permit
recovery to complete for this instance until the mismatching database is re-instated.
If the database is truly no longer available or no longer required, procedures
for recovering from this error are available in the Microsoft Knowledge Base or
by following the "more information" link at the bottom of this message.

Error - 3/6/2013 9:55:40 AM | Computer Name = Ankit-DellLapto | Source = ESENT | ID = 454
Description = wuaueng.dll (696) SUS20ClientDataStore: Database recovery/restore
failed with unexpected error -551.

Error - 3/6/2013 9:55:40 AM | Computer Name = Ankit-DellLapto | Source = ESENT | ID = 517
Description = wuaueng.dll (696) SUS20ClientDataStore: Database recovery failed with
error -551 because it encountered references to a database, 'C:\Windows\SoftwareDistribution\DataStore\DataStore.edb',
which does not match the current set of logs. The database engine will not permit
recovery to complete for this instance until the mismatching database is re-instated.
If the database is truly no longer available or no longer required, procedures
for recovering from this error are available in the Microsoft Knowledge Base or
by following the "more information" link at the bottom of this message.

Error - 3/6/2013 9:55:40 AM | Computer Name = Ankit-DellLapto | Source = ESENT | ID = 454
Description = wuaueng.dll (696) SUS20ClientDataStore: Database recovery/restore
failed with unexpected error -551.

[ Broadcom Wireless LAN Events ]
Error - 2/4/2013 3:15:53 AM | Computer Name = Ankit-DellLapto | Source = WLAN-Tray | ID = 0
Description = 12:45:50, Mon, Feb 04, 13 Error - Unable to gain access to user store


Error - 2/10/2013 11:05:55 PM | Computer Name = Ankit-DellLapto | Source = WLAN-Tray | ID = 0
Description = 08:35:52, Mon, Feb 11, 13 Error - Unable to gain access to user store


[ Cool Remote Server Events ]
Error - 6/10/2012 10:27:06 AM | Computer Name = Ankit-DellLapto | Source = WebServer.exe | ID = 200
Description = User: SYSTEM Session: 0 Process: 7320 Http socket port (80) is unavailable.
Change the socket port to (81)

Error - 6/10/2012 10:27:06 AM | Computer Name = Ankit-DellLapto | Source = WebServer.exe | ID = 200
Description = User: SYSTEM Session: 1 Process: 2452 Http socket port (80) is unavailable.
Change the socket port to (81)

Error - 6/10/2012 10:27:22 AM | Computer Name = Ankit-DellLapto | Source = WebServer.exe | ID = 200
Description = User: SYSTEM Session: 0 Process: 4412 Silverlight socket policy port
is unavailable. (943)

Error - 6/10/2012 10:27:22 AM | Computer Name = Ankit-DellLapto | Source = WebServer.exe | ID = 200
Description = User: SYSTEM Session: 0 Process: 4412 Http socket port (80) is unavailable.
Change the socket port to (82)

Error - 6/10/2012 10:27:22 AM | Computer Name = Ankit-DellLapto | Source = WebServer.exe | ID = 200
Description = User: SYSTEM Session: 0 Process: 4412 udp socket port (8081) is unavailable.
Change the port to (8082)

[ Dell Events ]
Error - 2/3/2013 1:19:45 AM | Computer Name = Ankit-DellLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/10/2013 11:06:37 PM | Computer Name = Ankit-DellLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/10/2013 11:06:37 PM | Computer Name = Ankit-DellLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/16/2013 5:45:48 AM | Computer Name = Ankit-DellLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/16/2013 5:45:48 AM | Computer Name = Ankit-DellLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/19/2013 12:56:02 AM | Computer Name = Ankit-DellLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/19/2013 12:56:02 AM | Computer Name = Ankit-DellLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/20/2013 2:03:56 PM | Computer Name = Ankit-DellLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/20/2013 2:03:56 PM | Computer Name = Ankit-DellLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/25/2013 9:51:24 AM | Computer Name = Ankit-DellLapto | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 10/3/2012 1:37:46 AM | Computer Name = Ankit-DellLapto | Source = MCUpdate | ID = 0
Description = 11:07:24 AM - Error connecting to the internet. 11:07:24 AM - Unable
to contact server..

Error - 10/5/2012 4:19:13 AM | Computer Name = Ankit-DellLapto | Source = MCUpdate | ID = 0
Description = 1:49:06 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 10/9/2012 5:43:28 PM | Computer Name = Ankit-DellLapto | Source = MCUpdate | ID = 0
Description = 3:13:28 AM - Error connecting to the internet. 3:13:28 AM - Unable
to contact server..

Error - 10/9/2012 5:43:50 PM | Computer Name = Ankit-DellLapto | Source = MCUpdate | ID = 0
Description = 3:13:34 AM - Error connecting to the internet. 3:13:34 AM - Unable
to contact server..

[ System Events ]
Error - 3/6/2013 9:30:05 AM | Computer Name = Ankit-DellLapto | Source = ipnathlp | ID = 31004
Description =

Error - 3/6/2013 9:33:18 AM | Computer Name = Ankit-DellLapto | Source = ipnathlp | ID = 31004
Description =

Error - 3/6/2013 9:34:22 AM | Computer Name = Ankit-DellLapto | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3771.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0xc8000227 Error
description: Profiling not stopped.

Error - 3/6/2013 9:34:28 AM | Computer Name = Ankit-DellLapto | Source = ipnathlp | ID = 31004
Description =

Error - 3/6/2013 9:35:35 AM | Computer Name = Ankit-DellLapto | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3771.0 Update Source: %%851 Update Stage:
%%853 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072efe Error description: The
connection with the server was terminated abnormally

Error - 3/6/2013 9:35:35 AM | Computer Name = Ankit-DellLapto | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3771.0 Update Source: %%851 Update Stage:
%%853 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072efe Error description: The
connection with the server was terminated abnormally

Error - 3/6/2013 9:49:49 AM | Computer Name = Ankit-DellLapto | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3771.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0xc8000227 Error
description: Profiling not stopped.

Error - 3/6/2013 9:54:03 AM | Computer Name = Ankit-DellLapto | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3771.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0xc8000227 Error
description: Profiling not stopped.

Error - 3/6/2013 10:07:55 AM | Computer Name = Ankit-DellLapto | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3771.0 Update Source: %%851 Update Stage:
%%853 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072efe Error description: The
connection with the server was terminated abnormally

Error - 3/6/2013 10:07:55 AM | Computer Name = Ankit-DellLapto | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3771.0 Update Source: %%851 Update Stage:
%%853 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072efe Error description: The
connection with the server was terminated abnormally


< End of report >
  • 0

#5
combatshadow

combatshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-06 23:54:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: t9h114qx.exe; Driver: C:\Users\KAILAS~1\AppData\Local\Temp\fxeyiuog.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[3064] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073331a22 2 bytes [33, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3064] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073331ad0 2 bytes [33, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3064] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073331b08 2 bytes [33, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3064] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073331bba 2 bytes [33, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3064] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073331bda 2 bytes [33, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073331a22 2 bytes [33, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073331ad0 2 bytes [33, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073331b08 2 bytes [33, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073331bba 2 bytes [33, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073331bda 2 bytes [33, 73]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[1440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[1440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [6100] entry point in ".rdata" section 0000000074c471e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xb97628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xb97668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xb975a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xb97528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xb97728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xb97768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xb976e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xb976a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xb97468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xb974a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xb97428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xb975e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xb97568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xb974e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xdb1e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xdb1e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xdb1da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xdb1d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xdb1f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xdb1f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xdb1ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xdb1ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xdb1c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xdb1ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xdb1c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xdb1de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xdb1d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xdb1ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0x5d7628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0x5d7668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0x5d75a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0x5d7528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0x5d7728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0x5d7768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0x5d76e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0x5d76a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0x5d7468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0x5d74a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0x5d7428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0x5d75e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0x5d7568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0x5d74e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xc46a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xc46a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xc469a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xc46928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xc46b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xc46b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xc46ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xc46aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xc46868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xc468a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xc46828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xc469e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xc46968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xc468e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0x95b228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0x95b268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0x95b1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0x95b128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0x95b328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0x95b368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0x95b2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0x95b2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0x95b068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0x95b0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0x95b028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0x95b1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0x95b168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0x95b0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xe96e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xe96e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xe96da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xe96d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xe96f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xe96f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xe96ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xe96ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xe96c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xe96ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xe96c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xe96de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xe96d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xe96ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xe37a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xe37a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xe379a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xe37928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xe37b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xe37b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xe37ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xe37aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xe37868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xe378a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xe37828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xe379e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xe37968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xe378e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0x294a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0x294a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0x2949a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0x294928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0x294b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0x294b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0x294ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0x294aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0x294868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0x2948a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0x294828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0x2949e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0x294968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6860] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0x2948e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xf04228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xf04268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xf041a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xf04128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xf04328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xf04368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xf042e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xf042a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xf04068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xf040a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xf04028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xf041e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xf04168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xf040e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xdb0228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xdb0268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xdb01a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xdb0128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xdb0328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xdb0368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xdb02e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xdb02a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xdb0068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xdb00a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xdb0028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xdb01e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xdb0168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xdb00e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xe79a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xe79a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xe799a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xe79928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xe79b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xe79b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xe79ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xe79aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xe79868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xe798a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xe79828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xe799e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xe79968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xe798e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xaa7a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xaa7a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xaa79a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xaa7928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xaa7b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xaa7b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xaa7ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xaa7aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xaa7868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xaa78a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xaa7828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xaa79e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xaa7968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xaa78e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0x27f228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0x27f268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0x27f1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0x27f128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0x27f328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0x27f368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0x27f2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0x27f2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0x27f068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0x27f0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0x27f028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0x27f1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0x27f168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0x27f0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xcb0a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xcb0a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xcb09a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xcb0928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xcb0b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xcb0b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xcb0ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xcb0aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xcb0868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xcb08a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xcb0828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xcb09e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xcb0968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xcb08e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xb97228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xb97268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xb971a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xb97128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xb97328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xb97368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xb972e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xb972a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xb97068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xb970a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xb97028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xb971e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xb97168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xb970e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0x108aa28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0x108aa68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0x108a9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0x108a928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0x108ab28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0x108ab68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0x108aae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0x108aaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0x108a868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0x108a8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0x108a828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0x108a9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0x108a968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0x108a8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xcfea28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xcfea68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xcfe9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xcfe928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xcfeb28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xcfeb68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xcfeae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xcfeaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xcfe868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xcfe8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xcfe828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xcfe9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xcfe968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xcfe8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0x53b628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0x53b668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0x53b5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0x53b528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0x53b728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0x53b768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0x53b6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0x53b6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0x53b468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0x53b4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0x53b428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0x53b5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0x53b568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0x53b4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bdf991 7 bytes {MOV EDX, 0xf2a228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bdfbd5 7 bytes {MOV EDX, 0xf2a268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bdfc05 7 bytes {MOV EDX, 0xf2a1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bdfc1d 7 bytes {MOV EDX, 0xf2a128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bdfc35 7 bytes {MOV EDX, 0xf2a328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bdfc65 7 bytes {MOV EDX, 0xf2a368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bdfce5 7 bytes {MOV EDX, 0xf2a2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bdfcfd 7 bytes {MOV EDX, 0xf2a2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bdfd49 7 bytes {MOV EDX, 0xf2a068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bdfe41 7 bytes {MOV EDX, 0xf2a0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077be0099 7 bytes {MOV EDX, 0xf2a028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077be10a5 7 bytes {MOV EDX, 0xf2a1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077be111d 7 bytes {MOV EDX, 0xf2a168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077be1321 7 bytes {MOV EDX, 0xf2a0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!memset] [5f20c48348382474]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll![email protected][email protected]] [90909090909006eb]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcscpy_s] [245489182444894c]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcscat_s] [565308244c894810]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_purecall] [140ec814857]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll![email protected]@Z] [1bbf18b48fa8b]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!malloc] [158920245c890000]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!free] [840fd28500002dfc]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll![email protected][email protected]] [f01fa8300000226]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcsncpy_s] [58b480000022e85]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!__CxxFrameHandler3] [fc08548000033cc]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_XcptFilter] [74db850000038985]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_initterm] [17024848b4c1a]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_amsg_exit] [cde8ce8b48d78b00]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_unlock] [244489d88bfffffd]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!__dllonexit] [4c3874db8500eb20]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_lock] [8b0000017024848b]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_onexit] [4fe8ce8b48d7]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!realloc] [eb20244489d88b00]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_errno] [db85087501ff8300]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll![email protected]@[email protected]] [ff85000003ad840f]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!memcpy_s] [ff83000001db840f]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll![email protected]@Z] [c7000001d2840f03]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_CxxThrowException] [ffffff00002d7705]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!OpenServiceW] [9090909090909090]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!OpenSCManagerW] [9090909090909090]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!CloseServiceHandle] [6c894808245c8948]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegSetValueExW] [5541544157561024]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegCloseKey] [db3320ec83485641]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegEnumKeyExW] [d33be98b4ce08b4d]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegOpenKeyExW] [1bf000000c0840f]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegDeleteValueW] [36850fd73b000000]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegQueryInfoKeyW] [25048b4865000001]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegCreateKeyExW] [8b48eb8b00000030]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!QueryServiceStatus] [48f0c03300eb0870]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentThreadId] [8b00eb000004ef85]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetTickCount] [fc33b00002fa305]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!QueryPerformanceCounter] [358d48000004fc85]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!Sleep] [ed358d4c000020e4]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentProcessId] [2f873d89000020]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetVersionExA] [2373f63b49c38b00]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!lstrcmpiW] [274cb3b480e8b48]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [3b4908c68348d1ff]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!TerminateProcess] [9a850fc33be572f6]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentProcess] [209e158d48000004]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!UnhandledExceptionFilter] [208f0d8d480000]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [5c70000024ae800]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlVirtualUnwind] [200002f40]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlLookupFunctionEntry] [48c38b480a75eb3b]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlCaptureContext] [394800002f220587]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!OutputDebugStringA] [95850f000035131d]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetLastError] [2f1b3d01000004]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!FindResourceW] [58b00000083e900]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!FreeLibrary] [8e0fc33b00002f10]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!LoadResource] [2b017b8d00000449]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!LoadLibraryExW] [eb00002efd0589c7]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetModuleHandleW] [3db10f48f0c03300]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!LoadLibraryW] [2ee8058b0000]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!SizeofResource] [3fa850f02f883]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetModuleFileNameW] [358b482d74eb3b48]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!MultiByteToWideChar] [f8c6834800002eec]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!lstrlenW] [e7830ff53b4800eb]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RaiseException] [15ffcd8b48000003]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!DisableThreadLibraryCalls] [cd1d894800001eb4]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetProcAddress] [2ece1d894800002e]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!CoTaskMemFree] [9090c35b5e5f0000]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!StringFromGUID2] [9090909090909090]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!CoTaskMemRealloc] [9090909090909090]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!CoCreateInstance] [7501fa8328ec8348]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!CoTaskMemAlloc] [2d680d89480d]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[USER32.dll!UnregisterClassA] [83f18b48da8bf88b]
IAT C:\Windows\system32\svchost.exe[696] @ C:\Windows\system32\ndiscapCfg.dll[USER32.dll!CharNextW] [15fe8057501fa]

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4ce529ad
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x95 0x2F 0x28 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4ce529ad (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x95 0x2F 0x28 0x8B ...

---- EOF - GMER 2.1 ----
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi combatshadow,

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{17d609ee-57b9-11e2-8787-1c659d5b5d02}\Shell - "" = AutoRun
    O33 - MountPoints2\{17d609ee-57b9-11e2-8787-1c659d5b5d02}\Shell\AutoRun\command - "" = H:\Setup.exe /Auto
    O33 - MountPoints2\{37c46f5a-f6c9-11df-a6bc-f04da292294c}\Shell - "" = AutoRun
    O33 - MountPoints2\{37c46f5a-f6c9-11df-a6bc-f04da292294c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{5a633a2f-f18c-11df-95f6-1c659d5b5d02}\Shell - "" = AutoRun
    O33 - MountPoints2\{5a633a2f-f18c-11df-95f6-1c659d5b5d02}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{5a633a35-f18c-11df-95f6-1c659d5b5d02}\Shell - "" = AutoRun
    O33 - MountPoints2\{5a633a35-f18c-11df-95f6-1c659d5b5d02}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{952dea18-3ec0-11e0-bbf8-1c659d5b5d02}\Shell - "" = AutoRun
    O33 - MountPoints2\{952dea18-3ec0-11e0-bbf8-1c659d5b5d02}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{dcc6b112-04ed-11e0-b9f7-f04da292294c}\Shell - "" = AutoRun
    O33 - MountPoints2\{dcc6b112-04ed-11e0-b9f7-f04da292294c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe
    [2013/03/06 10:36:56 | 000,000,000 | ---D | C] -- C:\Users\Kailash Gupta\AppData\Roaming\ZTEMTUI

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#7
combatshadow

combatshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17d609ee-57b9-11e2-8787-1c659d5b5d02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17d609ee-57b9-11e2-8787-1c659d5b5d02}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17d609ee-57b9-11e2-8787-1c659d5b5d02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17d609ee-57b9-11e2-8787-1c659d5b5d02}\ not found.
File H:\Setup.exe /Auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37c46f5a-f6c9-11df-a6bc-f04da292294c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37c46f5a-f6c9-11df-a6bc-f04da292294c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37c46f5a-f6c9-11df-a6bc-f04da292294c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37c46f5a-f6c9-11df-a6bc-f04da292294c}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a633a2f-f18c-11df-95f6-1c659d5b5d02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a633a2f-f18c-11df-95f6-1c659d5b5d02}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a633a2f-f18c-11df-95f6-1c659d5b5d02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a633a2f-f18c-11df-95f6-1c659d5b5d02}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a633a35-f18c-11df-95f6-1c659d5b5d02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a633a35-f18c-11df-95f6-1c659d5b5d02}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a633a35-f18c-11df-95f6-1c659d5b5d02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a633a35-f18c-11df-95f6-1c659d5b5d02}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{952dea18-3ec0-11e0-bbf8-1c659d5b5d02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{952dea18-3ec0-11e0-bbf8-1c659d5b5d02}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{952dea18-3ec0-11e0-bbf8-1c659d5b5d02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{952dea18-3ec0-11e0-bbf8-1c659d5b5d02}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcc6b112-04ed-11e0-b9f7-f04da292294c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcc6b112-04ed-11e0-b9f7-f04da292294c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcc6b112-04ed-11e0-b9f7-f04da292294c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcc6b112-04ed-11e0-b9f7-f04da292294c}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\setup.exe not found.
C:\Users\Kailash Gupta\AppData\Roaming\ZTEMTUI folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 03072013_122722
  • 0

#8
combatshadow

combatshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have scanned the laptop using Kaspersky as told but not a single threat has been detected. The laptop continues to be very buggy. In the mean time, a friend of mine has uninstalled few of the important applications which were broken and re installed them. Other than that, everything else remains the same.
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. We will try everything we can. Just stick with me.

Download and run Puran Disc Defragmenter

If it ask you to install any type of toolbars or addons just press Skip offer.

Click on Boot Time Defrag button and choose Restart-Defrag-Restart + Disk Check

Posted Image

Let me know how is your system now.
  • 0

#10
combatshadow

combatshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The laptop does feel snappy now but there are occasional lags as in icons take a while to load while refreshing, programs take few seconds more than usual etc. Please suggest if anything can be done about this.

As I mentioned earlier, there are many programs & games which either had broken links or were corrupt or partially uninstalled itself. I have manually removed some of those myself but there are many that I can't as either the uninstaller is missing or it is corrupt. Is there a program that can scan the C drive to detect corrupt/missing program files and remove the same?

Btw, I did a virus scan using AVG earlier and the following Trojan Horses were detected from D drive.
Trojan horse Exploit_c.VOX
Trojan horse Exploit_c.VOH
Trojan horse Exploit_c.VQC
Trojan horse Exploit_c.VOS
Trojan horse Exploit_c.VOZ
Trojan horse Exploit_c.VPK
Trojan horse Exploit_c.VQD
Trojan horse Exploit_c.VNZ
Trojan horse Exploit_c.VOR
Trojan horse Exploit_c.VPI
Trojan horse Exploit_c.VOM
Trojan horse Exploit_c.VPG
Trojan horse Exploit_c.VOL
Trojan horse Exploit_c.VPP
Trojan horse Exploit_c.VPL
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi combatshadow,

Step 1

OK. Can you run Kaspersky Virus Removal Tool again but this time select all your hard drives to scan. Post results as you did before.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 3

Please don't forget to include these items in your reply:

  • VRT log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#12
combatshadow

combatshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 13-03-11.01 - Kailash Gupta 03/12/2013 0:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.1261 [GMT 5.5:30]
Running from: c:\users\Kailash Gupta\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kailash Gupta\2pq.mp3
c:\users\Kailash Gupta\AppData\Local\TempDIR
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-02-11 to 2013-03-11 )))))))))))))))))))))))))))))))
.
.
2013-03-11 19:00 . 2013-03-11 19:00 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DC48C4D-4B25-496F-AE19-7DA57CE3FC3F}\offreg.dll
2013-03-11 18:59 . 2013-03-11 18:59 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-03-11 13:15 . 2013-03-11 13:15 -------- d-----w- c:\windows\LastGood.Tmp
2013-03-07 16:06 . 2013-03-07 11:05 460888 ----a-w- c:\windows\system32\drivers\61881615.sys
2013-03-07 14:48 . 2013-03-07 14:48 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-07 14:17 . 2013-02-18 22:27 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DC48C4D-4B25-496F-AE19-7DA57CE3FC3F}\mpengine.dll
2013-03-07 06:55 . 2013-03-07 06:55 -------- d-----w- C:\_OTL
2013-03-06 13:28 . 2013-03-06 13:28 -------- d-----w- c:\program files\MBlaze UI
2013-03-06 13:03 . 2013-03-06 13:05 -------- d-----w- c:\users\Kailash Gupta\AppData\Roaming\Registry Mechanic
2013-03-06 12:15 . 2013-03-06 12:15 -------- d-----w- c:\program files (x86)\Flickr Uploadr
2013-03-06 12:05 . 2013-03-06 12:05 -------- d-----w- c:\program files (x86)\PowerISO
2013-03-06 12:05 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2013-03-06 11:36 . 2013-03-06 11:36 -------- d-----w- c:\program files (x86)\MP3Cutter
2013-03-06 11:35 . 2013-03-06 11:36 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-06 11:35 . 2013-03-06 11:36 -------- d-----w- c:\program files\iTunes
2013-03-06 11:35 . 2013-03-06 11:36 -------- d-----w- c:\program files (x86)\iTunes
2013-03-06 11:35 . 2013-03-06 11:35 -------- d-----w- c:\program files\iPod
2013-03-06 11:34 . 2013-03-06 11:34 -------- d-----w- c:\program files\Common Files\Apple
2013-03-06 11:34 . 2013-03-06 11:34 -------- d-----w- c:\program files\Bonjour
2013-03-06 11:34 . 2013-03-06 11:34 -------- d-----w- c:\program files (x86)\Bonjour
2013-03-06 11:34 . 2013-03-06 11:35 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-03-06 07:54 . 2010-04-29 10:09 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-05 04:00 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-02 02:55 . 2013-03-05 03:53 -------- d-----w- c:\programdata\AVG2013
2013-03-02 02:55 . 2013-03-02 02:55 -------- d-----w- C:\$AVG
2013-03-02 02:54 . 2013-03-03 02:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2013
2013-03-01 04:40 . 2013-03-01 04:41 4126720 ----a-w- c:\program files (x86)\GUT6623.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-08 19:05 . 2012-05-05 05:30 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-08 19:05 . 2011-06-24 11:48 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-11-08 17:29 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-17 18:25 222712 ----a-w- c:\users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-17 18:25 222712 ----a-w- c:\users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-17 18:25 222712 ----a-w- c:\users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kailash Gupta\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kailash Gupta\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kailash Gupta\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kailash Gupta\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-17 255992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\SysWOW64\V0540Ext.ax"="c:\windows\SysWOW64\V0540Ext.ax" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 MpKsl15cf4686;MpKsl15cf4686;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DC48C4D-4B25-496F-AE19-7DA57CE3FC3F}\MpKsl15cf4686.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 V0540Dev;Creative Camera VF0540 Driver;c:\windows\system32\DRIVERS\V0540Vid.sys [2009-06-15 321376]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-16 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2012-04-05 120704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 61881615;61881615;c:\windows\system32\DRIVERS\61881615.sys [2013-03-07 460888]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-11-15 42248]
S1 networx;networx;c:\windows\system32\drivers\networx.sys [2012-11-26 58360]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 204288]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-15 527728]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-15 389488]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [2012-04-28 405504]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys [2012-08-29 28008]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-03-17 56344]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2011-02-11 35344]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 40712]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 04:19 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 19:05]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 13:26]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 13:26]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3583396835-2195746600-3154891699-1000Core.job
- c:\users\Kailash Gupta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-16 15:03]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3583396835-2195746600-3154891699-1000UA.job
- c:\users\Kailash Gupta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-16 15:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-17 18:25 261624 ----a-w- c:\users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-17 18:25 261624 ----a-w- c:\users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-17 18:25 261624 ----a-w- c:\users\Kailash Gupta\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kailash Gupta\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kailash Gupta\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kailash Gupta\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kailash Gupta\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0540Ext.ax"="c:\windows\system32\V0540Ext.ax" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-17 1890088]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2013-01-06 4762000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/kastorsoft/{FADF913B-9A7A-4647-A9BE-671C91E0D56C}
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{404FA70E-26D1-44EE-B726-3509D3E78029}: NameServer = 8.8.8.8
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}: NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\149627C696E6B6: NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\4616D6C656: NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E63656C6C657C61627: NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E677966696F53656C6C6: NameServer = 59.185.0.23,59.185.0.50
TCP: Interfaces\{6D787035-4073-4330-9666-C26CAEE7E02A}\76564797F65727F677E677966696F53656C6C6572716C6: NameServer = 59.185.0.23,59.185.0.50
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{ade92211-31dc-4775-85c0-75659b099dd3} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-Run-Reasonable NoClone - c:\program files (x86)\Reasonable\Reasonable NoClone 2011 Free\NoClone.exe
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{C9A6357B-25CC-4BCF-96C1-78736985D413}"=hex:51,66,7a,6c,4c,1d,38,12,15,36,b5,
cd,fe,6b,a1,0e,e9,d7,3b,33,6c,db,90,07
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D8961A1E-25DB-33C9-A7C9-3D3E3266B5B8}"=hex:51,66,7a,6c,4c,1d,38,12,70,19,85,
dc,e9,6b,a7,76,d8,df,7e,7e,37,38,f1,ac
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:bc,e7,0c,23,ba,66,cd,01
.
[HKEY_USERS\S-1-5-21-3583396835-2195746600-3154891699-1000\Software\SecuROM\License information*]
"datasecu"=hex:89,87,ae,65,c2,77,92,94,4f,a5,81,b5,bd,51,49,e2,43,01,3c,1f,fd,
11,00,7e,b9,ed,28,49,cf,42,88,36,3c,1e,ea,ce,34,1f,78,92,a5,64,b9,b6,30,5c,\
"rkeysecu"=hex:8a,1d,dd,e2,f6,7c,17,72,c6,cd,23,96,cd,a7,09,bb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2013-03-12 00:37:10 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-11 19:07
.
Pre-Run: 261,055,492,096 bytes free
Post-Run: 260,649,848,832 bytes free
.
- - End Of File - - 289CAD91B0FDB9C3BCF5CA115BC7D9FB
  • 0

#13
combatshadow

combatshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Scanned with Kaspersky and yet nothing was found. Btw I googled "Trojan horse Exploit_c.VOX" and this is what I found on AVG:

What is Exploit_c?

Exploit_c is a malicious application that gives hackers remote access to the infected computer and allows them to perform operations like modification of files, theft of personal information, installation of other malicious software. Exploit_c invades a PC with the help of infected email attachments, links and websites, among others.

Precisely what has happened with me. After scanning with AVG earlier, these were removed but wondering if the affected files can be checked for and deleted accordingly?
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi combatshadow,

You are right about "Trojan horse Exploit_c.VOX". It has probably done his damage to your system before we removed it. I don't see any trace of this malware in your logs and I don't see any activity now. We won't be able to restore programs that has been removed but our main concern is to remove malware from your system. Then you can reinstall your programs in clean and safe system.

How is your system now after running Combofix? Any problems?
  • 0

#15
combatshadow

combatshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I'm now getting two error messages immediately after the laptop is done booting. I've attached the screenshot. Also the Dell's inbuilt system tray icons for brightness, volume bar and wifi icons don't show up while changing the same.

Well suddenly the laptop is back to being very slow and buggy with a perhaps unusual high memory usage (2.14GB to be precise with only Chrome opened). I've also noticed Chrome is excruciatingly slow at times with frequent pop up ads on sites which were otherwise pop-up free. I was told by someone that maybe the backups I had on my external HDD were infected and is the actual source of malicious programs without MSE detecting it. Do you suggest I use some other anti-virus like AVG or Avast to rescan the laptop and external HDD? I've tried scanning the external HDD using Kaspersky but it crashes midway.

Attached Thumbnails

  • a.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP