I have atomic ads and try as I may I can not get rid of it.
Please help.
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
I have atomic ads and try as I may I can not get rid of it.
Please help.
Sorry to hear that you're having trouble. Run the following scan and I'll have a look at the resulting scans and see what's going on.
Scan with OTL
Please download OTL by OldTimer and save the file to your desktop.
BASESERVICES /md5start rpcss.dll /md5stop
Please include the content of both logfiles in your next reply.
OTL logfile created on: 8/13/2014 8:49:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrZ\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.50 Gb Total Physical Memory | 4.47 Gb Available Physical Memory | 59.58% Memory free
15.00 Gb Paging File | 11.56 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.22 Gb Total Space | 60.11 Gb Free Space | 26.93% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 870.81 Gb Free Space | 93.48% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 29.86 Gb Free Space | 3.21% Space Free | Partition Type: NTFS
Drive F: | 27.84 Gb Total Space | 27.30 Gb Free Space | 98.05% Space Free | Partition Type: FAT32
Drive J: | 100.97 Mb Total Space | 70.54 Mb Free Space | 69.86% Space Free | Partition Type: NTFS
Drive P: | 1862.92 Gb Total Space | 569.71 Gb Free Space | 30.58% Space Free | Partition Type: NTFS
Drive Z: | 100.00 Gb Total Space | 60.11 Gb Free Space | 60.11% Space Free | Partition Type: MFilesFS
Computer Name: WIN7SSD | User Name: MrZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2014/08/13 20:47:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrZ\Desktop\OTL.exe
PRC - [2014/08/06 02:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/08/03 15:41:45 | 003,428,672 | ---- | M] (LogMeIn, Inc.) -- C:\Users\MrZ\AppData\Local\LogMeIn Client\LogMeIn Client.exe
PRC - [2014/08/03 15:41:45 | 000,375,128 | ---- | M] (LogMeIn, Inc.) -- C:\Users\MrZ\AppData\Local\LogMeIn Client\LMIGuardian.exe
PRC - [2014/08/02 12:32:19 | 000,251,040 | ---- | M] (Microsoft Corporation) -- C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/28 04:28:37 | 000,067,904 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\PlayOn.exe
PRC - [2014/03/28 04:27:56 | 005,454,640 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
PRC - [2014/01/26 16:31:49 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/14 04:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/14 04:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/02/16 22:50:26 | 002,529,120 | ---- | M] (M-Files Corporation) -- C:\Program Files\M-Files\9.0.3372.41\Bin\x86\MFServerAux.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/22 00:11:26 | 003,961,464 | ---- | M] (Eye-Fi, Inc.) -- C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2014/08/03 15:41:45 | 004,565,336 | ---- | M] () -- C:\Users\MrZ\AppData\Local\LogMeIn Client\RACtrl.dll
MOD - [2014/08/03 15:41:45 | 000,009,584 | ---- | M] () -- C:\Users\MrZ\AppData\Local\LogMeIn Client\ractrlkeyhook.dll
MOD - [2014/06/10 13:19:06 | 008,892,072 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2014/02/26 22:25:50 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/26 22:25:46 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 22:25:44 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/26 22:25:42 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 22:25:39 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\92e9bacef49552a4485fbb7523782133\CustomMarshalers.ni.dll
MOD - [2014/02/26 22:25:38 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/12 06:19:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/12 06:18:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 06:18:54 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 06:18:38 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 06:18:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/23 15:55:44 | 001,030,312 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
MOD - [2013/11/14 04:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 04:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 04:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 04:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 04:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2011/12/21 23:59:12 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
MOD - [2011/12/21 23:56:16 | 000,209,408 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/07/17 19:21:28 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/06/18 17:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/16 22:50:48 | 007,759,712 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe -- (MFClient 9.0.3372.41)
SRV:64bit: - [2013/02/16 22:50:44 | 003,459,424 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe -- (MFDataExport 9.0.3372.41)
SRV:64bit: - [2013/02/16 22:50:40 | 002,759,008 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe -- (MFIndexingManager 9.0.3372.41)
SRV:64bit: - [2013/02/16 22:50:38 | 031,902,560 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe -- (MFServer 9.0.3372.41)
SRV:64bit: - [2013/02/16 22:50:26 | 002,529,120 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe -- (MFServerAux 9.0.3372.41)
SRV:64bit: - [2013/02/16 22:50:08 | 002,914,656 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe -- (MFSetup 9.0.3372.41)
SRV:64bit: - [2013/01/12 12:26:30 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/21 10:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\SysNative\HFGService.dll -- (HFGService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2014/08/06 02:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/07/19 09:09:28 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2014/07/19 09:09:25 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/28 04:27:56 | 005,454,640 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2014/01/26 16:31:49 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe -- (ScsiAccess)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 12:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/08/13 20:48:41 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/19 09:09:26 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/05/16 14:03:30 | 000,141,600 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/19 15:23:14 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/11/26 13:26:34 | 000,025,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_devim.sys -- (Uim_DEVIM)
DRV:64bit: - [2013/11/26 13:26:32 | 000,700,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_im.sys -- (Uim_IM)
DRV:64bit: - [2013/11/26 13:26:32 | 000,102,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\UimBus.sys -- (UimBus)
DRV:64bit: - [2013/11/26 13:26:30 | 000,034,056 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/05 20:28:18 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2013/02/16 22:11:42 | 000,105,280 | ---- | M] (M-Files Corporation) [File_System | On_Demand | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFFSD.sys -- (MFFSDCE226221-400E-4813-A98D-44DD7E269D32)
DRV:64bit: - [2013/02/16 22:10:58 | 000,022,336 | ---- | M] (M-Files Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFVDD.sys -- (MFVDD97C82C14-5040-40A9-AFC1-442DBE92CBE8)
DRV:64bit: - [2012/12/18 15:05:06 | 000,105,112 | ---- | M] (Miray) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mvd.sys -- (MirayVirtualDisk)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/29 12:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 12:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/09/24 18:12:02 | 000,015,808 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2012/09/24 18:12:02 | 000,015,808 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2012/08/23 07:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 06:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 04:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 04:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/12/21 10:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV:64bit: - [2009/12/21 10:43:00 | 000,078,848 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthav.sys -- (csr_a2dp)
DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/17 10:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2013/05/31 05:02:09 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3128
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 0D 5F 79 01 8D CF 01 [binary data]
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@playon.tv/PlayOnToolbar: C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll File not found
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\MrZ\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33: C:\Users\MrZ\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3c9761ad-a43d-4447-b924-f5d83cb48063}: C:\Program Files (x86)\Zend\Zend Studio 9.0.1\toolbars\firefox [2012/10/14 11:36:42 | 000,000,000 | ---D | M]
[2013/12/01 11:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/25 17:50:01 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2014/08/02 16:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2014/06/19 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/09/27 09:59:30 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/10/17 12:23:22 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Chrome RDP = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch\4.3.10_0\
CHR - Extension: Chrome RDP = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch\4.3.11_0\
CHR - Extension: Chrome RDP = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch\4.3.8_0\
CHR - Extension: Chrome RDP = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch\4.4.2_0\
CHR - Extension: Google Search = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: iCloud Bookmarks = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\30.0.1599.86_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\32.0.1700.63_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\32.0.1700.98_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\32.0.1700.99_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\33.0.1750.125_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\33.0.1750.126_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\33.0.1750.126_0\~
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\~
CHR - Extension: PlayOn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ienaefcpghbmccojmklhdffdobkbencj\1.0_0\
CHR - Extension: PlayOn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ienaefcpghbmccojmklhdffdobkbencj\1.0_1\
CHR - Extension: PlayOn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ienaefcpghbmccojmklhdffdobkbencj\1.0_2\
CHR - Extension: ActiveX for Chrome = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgllffgicojgllpmdbemgglaponefajn\1.5.0.7_0\
CHR - Extension: CSS3Clock = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoeghbchhecmmnlkgpoljfpdggoffbi\1.1.5_0\
CHR - Extension: LogMeIn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1029_0\
CHR - Extension: LogMeIn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1078_0\
CHR - Extension: LogMeIn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1080_0\
CHR - Extension: LogMeIn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1082_0\
CHR - Extension: Google Wallet = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: AccessNow by Ericom (RDP client) = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\npaobnlmoaflieppdiljaekgeemaplhe\2.1.0.1_0\
CHR - Extension: GreatArcadeHits = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\
CHR - Extension: LogMeIn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\
CHR - Extension: Gmail = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Atomic Savings = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmicfehfblhebdfbhfgmmfcaikafckac\1.0_0\
CHR - Extension: Atomic Savings = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmicfehfblhebdfbhfgmmfcaikafckac\1.0_1\
CHR - Extension: Atomic Savings = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmicfehfblhebdfbhfgmmfcaikafckac\1.0_2\
O1 HOSTS File: ([2014/05/31 12:49:11 | 000,000,045 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 54.235.90.58 pmicfehfblhebdfbhfgmmfcaikafckac
O2:64bit: - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - No CLSID value found.
O2:64bit: - BHO: (no name) - {56bc31de-97ab-4563-8599-ad5d4e9800f9} - No CLSID value found.
O2:64bit: - BHO: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files (x86)\Zend\Zend Studio 9.0.1\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O3 - HKLM\..\Toolbar: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O3 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [M-Files Status 9.0.3372.41] C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe (M-Files Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\.DEFAULT..\Run: [RemotePotatoIRHelper] C:\Program Files (x86)\FatAttitude\Remote Potato\RPKeySender.exe File not found
O4 - HKU\S-1-5-18..\Run: [RemotePotatoIRHelper] C:\Program Files (x86)\FatAttitude\Remote Potato\RPKeySender.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [Eye-Fi] C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe (Eye-Fi, Inc.)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [SkyDrive] C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_125_ActiveX.exe -update activex File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:64bit: - Extra Button: PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O9:64bit: - Extra 'Tools' menuitem : PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O9 - Extra Button: PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O9 - Extra 'Tools' menuitem : PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logme...scueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://control.itsu...nts/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://docstar.webe...br/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1058 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47A47527-624A-430E-829B-1177324A0A7A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/16 15:33:00 | 000,000,032 | -H-- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/08/13 20:47:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MrZ\Desktop\OTL.exe
[2014/08/12 19:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/12 19:33:14 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/12 19:33:06 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/12 19:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/12 19:33:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/12 19:33:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/10 18:17:25 | 000,000,000 | ---D | C] -- C:\Users\MrZ\AppData\Roaming\30765
[2014/08/09 18:53:39 | 000,000,000 | ---D | C] -- C:\Users\MrZ\AppData\Roaming\TeamViewer
[2014/08/09 18:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/08/02 16:01:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/08/02 16:00:31 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\MrZ\Desktop\JRT.exe
[2014/08/02 15:54:16 | 001,942,776 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\MrZ\Desktop\rkill.exe
[2014/07/21 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\MrZ\AppData\Local\Adobe
[2014/07/20 16:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
========== Files - Modified Within 30 Days ==========
[2014/08/13 20:50:58 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/08/13 20:48:41 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/13 20:48:22 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/13 20:48:22 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/13 20:47:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrZ\Desktop\OTL.exe
[2014/08/13 20:46:48 | 000,823,190 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/13 20:46:48 | 000,695,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/13 20:46:48 | 000,131,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/13 20:41:27 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/13 20:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/13 20:41:01 | 1744,183,295 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/13 05:11:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/12 20:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\At1.job
[2014/08/12 19:33:02 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/12 19:33:01 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/12 19:33:01 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/12 19:33:01 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/12 19:26:32 | 005,074,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/10 12:26:00 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - MrZ).job
[2014/08/09 18:53:37 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/08/02 18:11:03 | 000,838,450 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/08/02 16:00:40 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\MrZ\Desktop\JRT.exe
[2014/08/02 15:58:22 | 001,361,309 | ---- | M] () -- C:\Users\MrZ\Desktop\adwcleaner_3.302.exe
[2014/08/02 15:54:24 | 001,942,776 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\MrZ\Desktop\rkill.exe
[2014/07/19 09:09:26 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2014/07/19 09:09:26 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2014/07/19 09:09:26 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
========== Files Created - No Company Name ==========
[2014/08/09 18:53:37 | 000,001,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/08/09 18:53:37 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/08/02 15:58:18 | 001,361,309 | ---- | C] () -- C:\Users\MrZ\Desktop\adwcleaner_3.302.exe
[2014/05/03 08:14:56 | 000,000,856 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/19 16:28:28 | 000,004,608 | ---- | C] () -- C:\Users\MrZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/17 23:20:21 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2014/01/17 23:19:49 | 000,000,074 | ---- | C] () -- C:\Windows\Crypkey.ini
[2014/01/17 23:19:47 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2014/01/17 23:19:47 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2014/01/17 23:19:47 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/12/06 20:47:03 | 000,000,282 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/10/10 14:35:10 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2012/11/19 22:37:12 | 000,000,600 | ---- | C] () -- C:\Users\MrZ\PUTTY.RND
[2012/10/14 11:41:43 | 000,000,005 | -H-- | C] () -- C:\Users\MrZ\.zs
[2012/09/27 20:14:29 | 000,012,354 | ---- | C] () -- C:\Users\MrZ\barcodei4.php
[2012/09/27 20:06:51 | 000,012,354 | ---- | C] () -- C:\Users\MrZ\barcodei3.php
[2012/09/23 21:08:37 | 000,007,618 | ---- | C] () -- C:\Users\MrZ\AppData\Local\Resmon.ResmonCfg
[2012/09/16 12:49:56 | 000,002,558 | ---- | C] () -- C:\Users\MrZ\index2.php
[2012/09/15 16:39:15 | 000,002,493 | ---- | C] () -- C:\Users\MrZ\iisstart.php
[2012/08/30 20:26:35 | 000,000,100 | ---- | C] () -- C:\Windows\1FB169BC-703B-4282-BD96-2CCF743D3814.ini
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/01/11 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\eclipse
[2014/01/11 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ISIS Drivers
[2014/01/11 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\eclipse
[2014/01/11 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ISIS Drivers
[2014/08/10 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\30765
[2013/11/25 20:18:33 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\5779
[2012/09/23 20:58:07 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Canneverbe Limited
[2013/11/30 11:41:11 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Dropbox
[2014/02/14 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\DVDFab9
[2014/06/06 23:38:47 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\eclipse
[2014/02/09 00:56:35 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Eye-Fi
[2012/09/10 18:52:26 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Imagenomic
[2014/01/11 18:54:18 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\ISIS Drivers
[2012/09/03 21:16:26 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\JAM Software
[2013/11/03 17:50:27 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Netscape
[2012/09/09 20:45:12 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Notepad++
[2013/06/19 20:18:16 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Oracle
[2013/11/03 17:49:52 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Photodex
[2013/11/28 15:07:27 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\redsn0w
[2013/07/31 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Serif
[2014/08/10 11:05:07 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\TeamViewer
[2014/01/19 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\TechSmith
[2012/11/19 21:34:57 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\TightVNC
[2014/02/09 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Titanium
[2014/03/26 08:44:39 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\uTorrent
[2012/08/24 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\White Peak Software
[2014/06/19 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\XBMC
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 20:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 20:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 19:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 20:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 20:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 20:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/11 19:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 20:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 20:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/11 19:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 20:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 20:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 20:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 20:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 20:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 20:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 20:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 20:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 20:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 20:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 20:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 20:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 20:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 20:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 20:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< • >
[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 22:08:49 | 000,032,546 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/10 18:58:43 | 000,000,368 | ---- | C] () -- C:\Windows\Tasks\At1.job
[2012/10/05 19:10:33 | 000,000,888 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/10/05 19:10:33 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/03/09 13:26:19 | 000,000,426 | ---- | C] () -- C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - MrZ).job
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A9967A61
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F4C624DE
< End of report >
OTL Extras logfile created on: 8/13/2014 8:49:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrZ\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.50 Gb Total Physical Memory | 4.47 Gb Available Physical Memory | 59.58% Memory free
15.00 Gb Paging File | 11.56 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.22 Gb Total Space | 60.11 Gb Free Space | 26.93% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 870.81 Gb Free Space | 93.48% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 29.86 Gb Free Space | 3.21% Space Free | Partition Type: NTFS
Drive F: | 27.84 Gb Total Space | 27.30 Gb Free Space | 98.05% Space Free | Partition Type: FAT32
Drive J: | 100.97 Mb Total Space | 70.54 Mb Free Space | 69.86% Space Free | Partition Type: NTFS
Drive P: | 1862.92 Gb Total Space | 569.71 Gb Free Space | 30.58% Space Free | Partition Type: NTFS
Drive Z: | 100.00 Gb Total Space | 60.11 Gb Free Space | 60.11% Space Free | Partition Type: MFilesFS
Computer Name: WIN7SSD | User Name: MrZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- Reg Error: Value error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Value error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0222F7A3-5683-4EB4-B21C-166CF5585407}" = rport=138 | protocol=17 | dir=out | app=system |
"{03EC3CE2-51B9-45B2-A4DF-A62EDBD28138}" = lport=9083 | protocol=6 | dir=in | name=remote potato - 9083 inbound |
"{084F0E30-BA53-4052-BC60-BFDA68B7E565}" = rport=445 | protocol=6 | dir=out | app=system |
"{0E0E94BB-AF0E-43E0-AFF2-8668B7D21584}" = lport=9082 | protocol=6 | dir=in | name=remote potato - 9082 inbound |
"{2BCBDCBE-F242-4044-84BA-126456AFD7D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B1E7657-5255-42E7-A3D9-DDCF5961E6E6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |
"{44A650D4-7675-4B83-97E7-904DC20DD487}" = lport=137 | protocol=17 | dir=in | app=system |
"{48A52161-0F56-4178-AD0F-E94CC22B4590}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{544CC461-6F63-438F-ABA3-1B56E0C7A8E8}" = lport=9081 | protocol=6 | dir=in | name=remote potato - 9081 inbound |
"{54FF6518-DD58-441A-AA9D-4D4DA9D72D43}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{56B980F9-942A-4402-A16D-334698AD070D}" = lport=9080 | protocol=6 | dir=in | name=remote potato - 9080 inbound |
"{58C539EC-D457-4E2B-8CC8-C9A530119105}" = lport=138 | protocol=17 | dir=in | app=system |
"{59017C71-38C2-4D85-94A6-CE466C63B339}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\proc.exe |
"{5F30FF4F-092C-4E01-AF52-E460941E7A80}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\pwdg.exe |
"{67FEA594-42F0-4C21-AAD6-FB133B8B1BB5}" = rport=137 | protocol=17 | dir=out | app=system |
"{720DD41E-BAE6-45C5-8ABC-3DCD398453A0}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio |
"{7248419C-A5CD-4B9F-9354-8BBAE881CDCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E00A694-2FCD-4D4C-95AD-9E2D2D975491}" = lport=9083 | protocol=6 | dir=out | name=remote potato - 9083 outbound |
"{8868E248-1703-4FFC-939C-E4A4FD7F7105}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\proc.exe |
"{AEBF9973-7B65-4148-BC77-6C64B97CDACB}" = lport=445 | protocol=6 | dir=in | app=system |
"{CFF35435-A652-4720-8BDB-C1B8C867CB2E}" = lport=9081 | protocol=6 | dir=out | name=remote potato - 9081 outbound |
"{DE0C3468-6D77-414E-B377-A57A7F2ACF5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E1601385-1421-47F0-87E0-F327B86AE778}" = lport=9082 | protocol=6 | dir=out | name=remote potato - 9082 outbound |
"{EC6D74EA-2C80-4529-95D7-F4138D187C2D}" = rport=139 | protocol=6 | dir=out | app=system |
"{EEA56AE0-17F9-47F3-828F-4D68468687D3}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\pwdg.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13FFD98D-2D58-4626-97A0-593FD6F07F38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{244327EF-6AD9-4E98-8611-1234D0B786EB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{28B056F5-0222-4B16-9301-B37FB9B6F675}" = protocol=58 | dir=out | [email protected],-28546 |
"{28B598B6-CCDF-4937-841F-4E50324102D2}" = dir=in | app=c:\program files (x86)\mediamall\settingsmanager.exe |
"{29736CF3-A273-4B62-9AE8-E0A39BAA8C04}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{37C95DE0-9E08-41F9-9AE7-4C094800DAC7}" = dir=in | app=c:\users\mrz\appdata\local\microsoft\skydrive\skydrive.exe |
"{3C15D36E-ED4E-4091-9034-316041AD53E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{3D47C613-3B88-49EC-BFB1-87650F43EC79}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{48403891-0DC7-40FA-82AD-99CE2AD7AC3C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{491C4BD4-BAB2-4A9E-90B4-72D991AECB1B}" = dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5A529716-1317-41E8-90E6-B5CC7B38870C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{643145AA-538D-4564-B34B-ECEC6E001BD4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{75DC6360-108D-464F-AA29-766E55426748}" = protocol=1 | dir=out | [email protected],-28544 |
"{768E87CA-3A87-4293-9077-A13798ECE7BC}" = protocol=17 | dir=in | app=c:\users\mrz\appdata\roaming\utorrent\utorrent.exe |
"{7B6B2FF4-6723-4C96-97F8-89BD28815386}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F9096F7-EB12-45BA-A3B5-5FBB8CDCDE9D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80B2A321-845F-4D33-8EB3-D6C1E3C54857}" = protocol=1 | dir=in | [email protected],-28543 |
"{81B84C98-7713-472D-ACF2-F5DD5509442C}" = dir=in | app=c:\program files (x86)\mediamall\playmark.exe |
"{859B7060-38C1-4578-ACF0-6FF79952FDA4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{86BD1267-9188-42CE-9ABF-61291307630D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{8EC675EE-431A-4C90-937B-3CDDE55EACB8}" = protocol=58 | dir=out | [email protected],-503 |
"{8F0C681A-B825-4002-8F90-46F5E8B1F3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{911A3E7E-53F0-4B3B-BE7C-8FE401C2E47B}" = protocol=58 | dir=in | app=system |
"{9D910501-3CFD-48B9-9E58-C2CCD36865B2}" = protocol=58 | dir=in | [email protected],-28545 |
"{A12A3C39-19E1-40B2-A789-709B90E04796}" = protocol=6 | dir=in | app=c:\users\mrz\appdata\roaming\utorrent\utorrent.exe |
"{AA7DAFB0-EFFF-4ACC-B84B-D4F0D7C25D85}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D52174E6-6911-4DE4-9926-00A2D09A7C68}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{E766AB89-6632-4995-B225-15DFDED8C901}" = dir=in | app=c:\program files (x86)\mediamall\playlater.exe |
"{EEB94B36-F51C-4CA5-AE7E-6A8ADA812C30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{F372DDEC-993C-4988-B9CB-F18C1C823BB3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"TCP Query User{8A4E8C65-54AA-48CF-A296-3593EDC7A574}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{BEEC2C70-E5F6-4197-A3BA-C541BD661B34}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1" = PDF-XChange 2012
"{54E6C675-3AD4-42E4-957F-31666ABF1603}" = Adobe Photoshop Lightroom 5.2 64-bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{619A89DE-5F01-11E2-85E8-000C2982512D}" = Paragon Hard Disk Manager™ 14 Premium Edition
"{6C4958DF-4B1A-4290-947B-5F6AFDC74398}" = AirParrot
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-00D1-0409-1000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{97E3E5AA-72FA-45D3-98FF-4C5E321D8555}" = M-Files 9.0.3372.41
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}" = Oracle VM VirtualBox 4.3.12
"{B71CCF77-38A2-4805-9759-A6F7D2C52F3A}" = Adobe Photoshop Lightroom 4.2 64-bit
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E851486F-1FE2-44F0-85ED-F969088A68EE}" = PHP Manager 1.2 for IIS 7
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HitmanPro37" = HitmanPro 3.7
"ImagenomicPortraitureLightroomPlugin" = Imagenomic Portraiture 2.2 Lightroom Plug-in (build 2207)
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{262425E7-A5A0-5630-8FB2-FE6E6A650872}" = Boot Media Builder for Paragon Hard Disk Manager™ 12 Server
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}" = Flash Drive Tester v1.14
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{489687BC-3B2A-401F-920B-0B1E97DDB287}" = Eclipse OCR Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{5ABDB125-7725-40B6-A1E3-B7D8BFFAA303}" = PlayLater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6EA6D4E3-134D-4A11-AF2A-7986F61BB2F6}" = ImageRescue3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7764F7B0-7225-4145-82B6-2AB4540D33A6}" = Eye-Fi Center 3.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B6D00DA-AE9D-44B3-A91B-4695AA803B3F}" = Serif Premium Image Collection 6
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9489257A-CED5-45E7-8D16-7B20A2E48744}" = PlayOn
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A73D4BEE-2BBE-4285-BF6C-4B8C7C001630}" = Zend Studio 9.0.1
"{A7727F03-5311-4A12-9A63-2ACD20BA0497}" = Camtasia Studio 8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C6FEBDB4-DC98-4D10-A659-B3EB49DC2FFF}" = Eclipse ISIS Scanning Support
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v5
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}" = Citrix Online Launcher
"{F1C324A1-5562-4956-BF70-253825D53F87}" = Eclipse Imaging Support
"{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}" = LogMeIn
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"CleanUp!" = CleanUp!
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DVDFab 9.0.7.2 Final9.0.7.2" = DVDFab 9.0.7.2 Final
"Google Chrome" = Google Chrome
"HDClone.Professional.4.2.2.1033-{C5DE40C1-8962-4998-9A4C-E2B1130723F3}" = HDClone 4.2 Professional Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"NirSoft ProduKey" = NirSoft ProduKey
"Notepad++" = Notepad++
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"Photodex Presenter" = Photodex Presenter
"ProShow Gold" = ProShow Gold
"ProShow Plugins for Lightroom" = ProShow Plugins for Lightroom
"RealFlight7Pro" = RealFlight 7 R/C Simulator
"SMTP Diagnostics_is1" = SMTP Diagnostics 1.8.0.74
"Stellar Phoenix Outlook PST Repair_is1" = Stellar Phoenix Outlook PST Repair
"TeamViewer 9" = TeamViewer 9
"TreeSize Free_is1" = TreeSize Free V2.7
"VirtualCloneDrive" = VirtualCloneDrive
"XXConsole" = XXConsole: Super Console Generator ver 0.96
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc3ac04dc8eedef7" = Web Launcher
"OneDriveSetup.exe" = Microsoft OneDrive
"uTorrent" = µTorrent
"XBMC" = XBMC
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/11/2014 3:00:02 AM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/12/2014 10:28:07 PM | Computer Name = Win7ssd | Source = WinMgmt | ID = 10
Description =
Error - 8/12/2014 10:32:40 PM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/12/2014 10:32:41 PM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/12/2014 10:32:41 PM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/12/2014 10:33:00 PM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/13/2014 1:03:58 AM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/13/2014 3:00:00 AM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/13/2014 6:47:35 AM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/13/2014 11:42:51 PM | Computer Name = Win7ssd | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 8/13/2014 8:27:11 AM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 8:30:48 AM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 8:33:51 AM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 8:36:06 AM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 8:38:41 AM | Computer Name = Win7ssd | Source = DCOM | ID = 10010
Description =
Error - 8/13/2014 11:42:39 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 11:46:04 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 11:47:56 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 11:52:26 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 11:52:59 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
< End of report >
Edited by bhzendner, 13 August 2014 - 10:01 PM.
Thought I might have done it wrong so here it is again.
OTL logfile created on: 8/13/2014 8:59:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrZ\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.50 Gb Total Physical Memory | 4.54 Gb Available Physical Memory | 60.55% Memory free
15.00 Gb Paging File | 11.50 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.22 Gb Total Space | 60.11 Gb Free Space | 26.93% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 870.81 Gb Free Space | 93.48% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 29.86 Gb Free Space | 3.21% Space Free | Partition Type: NTFS
Drive F: | 27.84 Gb Total Space | 27.30 Gb Free Space | 98.05% Space Free | Partition Type: FAT32
Drive J: | 100.97 Mb Total Space | 70.54 Mb Free Space | 69.86% Space Free | Partition Type: NTFS
Drive P: | 1862.92 Gb Total Space | 569.71 Gb Free Space | 30.58% Space Free | Partition Type: NTFS
Drive Z: | 100.00 Gb Total Space | 60.11 Gb Free Space | 60.11% Space Free | Partition Type: MFilesFS
Computer Name: WIN7SSD | User Name: MrZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2014/08/13 20:47:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrZ\Desktop\OTL.exe
PRC - [2014/08/06 02:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/08/03 15:41:45 | 003,428,672 | ---- | M] (LogMeIn, Inc.) -- C:\Users\MrZ\AppData\Local\LogMeIn Client\LogMeIn Client.exe
PRC - [2014/08/03 15:41:45 | 000,375,128 | ---- | M] (LogMeIn, Inc.) -- C:\Users\MrZ\AppData\Local\LogMeIn Client\LMIGuardian.exe
PRC - [2014/08/02 12:32:19 | 000,251,040 | ---- | M] (Microsoft Corporation) -- C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/28 04:28:37 | 000,067,904 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\PlayOn.exe
PRC - [2014/03/28 04:27:56 | 005,454,640 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
PRC - [2014/01/26 16:31:49 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/14 04:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/14 04:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/02/16 22:50:26 | 002,529,120 | ---- | M] (M-Files Corporation) -- C:\Program Files\M-Files\9.0.3372.41\Bin\x86\MFServerAux.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/22 00:11:26 | 003,961,464 | ---- | M] (Eye-Fi, Inc.) -- C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2014/08/03 15:41:45 | 004,565,336 | ---- | M] () -- C:\Users\MrZ\AppData\Local\LogMeIn Client\RACtrl.dll
MOD - [2014/08/03 15:41:45 | 000,009,584 | ---- | M] () -- C:\Users\MrZ\AppData\Local\LogMeIn Client\ractrlkeyhook.dll
MOD - [2014/06/10 13:19:06 | 008,892,072 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2014/02/26 22:25:50 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/26 22:25:46 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 22:25:44 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/26 22:25:42 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 22:25:39 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\92e9bacef49552a4485fbb7523782133\CustomMarshalers.ni.dll
MOD - [2014/02/26 22:25:38 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/12 06:19:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/12 06:18:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 06:18:54 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 06:18:38 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 06:18:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/23 15:55:44 | 001,030,312 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
MOD - [2013/11/14 04:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 04:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 04:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 04:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 04:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2011/12/21 23:59:12 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
MOD - [2011/12/21 23:56:16 | 000,209,408 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/07/17 19:21:28 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/06/18 17:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/16 22:50:48 | 007,759,712 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe -- (MFClient 9.0.3372.41)
SRV:64bit: - [2013/02/16 22:50:44 | 003,459,424 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe -- (MFDataExport 9.0.3372.41)
SRV:64bit: - [2013/02/16 22:50:40 | 002,759,008 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe -- (MFIndexingManager 9.0.3372.41)
SRV:64bit: - [2013/02/16 22:50:38 | 031,902,560 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe -- (MFServer 9.0.3372.41)
SRV:64bit: - [2013/02/16 22:50:26 | 002,529,120 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe -- (MFServerAux 9.0.3372.41)
SRV:64bit: - [2013/02/16 22:50:08 | 002,914,656 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe -- (MFSetup 9.0.3372.41)
SRV:64bit: - [2013/01/12 12:26:30 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/21 10:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\SysNative\HFGService.dll -- (HFGService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2014/08/06 02:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/07/19 09:09:28 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2014/07/19 09:09:25 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/28 04:27:56 | 005,454,640 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2014/01/26 16:31:49 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe -- (ScsiAccess)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 12:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/08/13 20:48:41 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/19 09:09:26 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/05/16 14:03:30 | 000,141,600 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/19 15:23:14 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/11/26 13:26:34 | 000,025,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_devim.sys -- (Uim_DEVIM)
DRV:64bit: - [2013/11/26 13:26:32 | 000,700,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_im.sys -- (Uim_IM)
DRV:64bit: - [2013/11/26 13:26:32 | 000,102,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\UimBus.sys -- (UimBus)
DRV:64bit: - [2013/11/26 13:26:30 | 000,034,056 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/05 20:28:18 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2013/02/16 22:11:42 | 000,105,280 | ---- | M] (M-Files Corporation) [File_System | On_Demand | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFFSD.sys -- (MFFSDCE226221-400E-4813-A98D-44DD7E269D32)
DRV:64bit: - [2013/02/16 22:10:58 | 000,022,336 | ---- | M] (M-Files Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFVDD.sys -- (MFVDD97C82C14-5040-40A9-AFC1-442DBE92CBE8)
DRV:64bit: - [2012/12/18 15:05:06 | 000,105,112 | ---- | M] (Miray) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mvd.sys -- (MirayVirtualDisk)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/29 12:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 12:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/09/24 18:12:02 | 000,015,808 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2012/09/24 18:12:02 | 000,015,808 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2012/08/23 07:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 06:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 04:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 04:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/12/21 10:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV:64bit: - [2009/12/21 10:43:00 | 000,078,848 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthav.sys -- (csr_a2dp)
DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/17 10:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2013/05/31 05:02:09 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3128
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 0D 5F 79 01 8D CF 01 [binary data]
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@playon.tv/PlayOnToolbar: C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll File not found
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\MrZ\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33: C:\Users\MrZ\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3c9761ad-a43d-4447-b924-f5d83cb48063}: C:\Program Files (x86)\Zend\Zend Studio 9.0.1\toolbars\firefox [2012/10/14 11:36:42 | 000,000,000 | ---D | M]
[2013/12/01 11:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\extensions
[2012/08/25 17:50:01 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2014/08/02 16:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2014/06/19 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/09/27 09:59:30 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/10/17 12:23:22 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Chrome RDP = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch\4.3.10_0\
CHR - Extension: Chrome RDP = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch\4.3.11_0\
CHR - Extension: Chrome RDP = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch\4.3.8_0\
CHR - Extension: Chrome RDP = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch\4.4.2_0\
CHR - Extension: Google Search = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: iCloud Bookmarks = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\30.0.1599.86_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\32.0.1700.63_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\32.0.1700.98_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\32.0.1700.99_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\33.0.1750.125_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\33.0.1750.126_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\33.0.1750.126_0\~
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\~
CHR - Extension: PlayOn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ienaefcpghbmccojmklhdffdobkbencj\1.0_0\
CHR - Extension: PlayOn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ienaefcpghbmccojmklhdffdobkbencj\1.0_1\
CHR - Extension: PlayOn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ienaefcpghbmccojmklhdffdobkbencj\1.0_2\
CHR - Extension: ActiveX for Chrome = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgllffgicojgllpmdbemgglaponefajn\1.5.0.7_0\
CHR - Extension: CSS3Clock = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoeghbchhecmmnlkgpoljfpdggoffbi\1.1.5_0\
CHR - Extension: LogMeIn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1029_0\
CHR - Extension: LogMeIn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1078_0\
CHR - Extension: LogMeIn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1080_0\
CHR - Extension: LogMeIn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1082_0\
CHR - Extension: Google Wallet = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: AccessNow by Ericom (RDP client) = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\npaobnlmoaflieppdiljaekgeemaplhe\2.1.0.1_0\
CHR - Extension: GreatArcadeHits = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\
CHR - Extension: LogMeIn = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\
CHR - Extension: Gmail = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Atomic Savings = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmicfehfblhebdfbhfgmmfcaikafckac\1.0_0\
CHR - Extension: Atomic Savings = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmicfehfblhebdfbhfgmmfcaikafckac\1.0_1\
CHR - Extension: Atomic Savings = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmicfehfblhebdfbhfgmmfcaikafckac\1.0_2\
O1 HOSTS File: ([2014/05/31 12:49:11 | 000,000,045 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 54.235.90.58 pmicfehfblhebdfbhfgmmfcaikafckac
O2:64bit: - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - No CLSID value found.
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {56bc31de-97ab-4563-8599-ad5d4e9800f9} - No CLSID value found.
O2:64bit: - BHO: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files (x86)\Zend\Zend Studio 9.0.1\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O3 - HKLM\..\Toolbar: (PlayOn) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O3 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [M-Files Status 9.0.3372.41] C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe (M-Files Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\.DEFAULT..\Run: [RemotePotatoIRHelper] C:\Program Files (x86)\FatAttitude\Remote Potato\RPKeySender.exe File not found
O4 - HKU\S-1-5-18..\Run: [RemotePotatoIRHelper] C:\Program Files (x86)\FatAttitude\Remote Potato\RPKeySender.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [Eye-Fi] C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe (Eye-Fi, Inc.)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [SkyDrive] C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_125_ActiveX.exe -update activex File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O9:64bit: - Extra 'Tools' menuitem : PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O9 - Extra 'Tools' menuitem : PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logme...scueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://control.itsu...nts/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://docstar.webe...br/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1058 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47A47527-624A-430E-829B-1177324A0A7A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/16 15:33:00 | 000,000,032 | -H-- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/08/13 20:47:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MrZ\Desktop\OTL.exe
[2014/08/12 19:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/12 19:33:14 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/12 19:33:06 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/12 19:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/12 19:33:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/12 19:33:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/10 18:17:25 | 000,000,000 | ---D | C] -- C:\Users\MrZ\AppData\Roaming\30765
[2014/08/09 18:53:39 | 000,000,000 | ---D | C] -- C:\Users\MrZ\AppData\Roaming\TeamViewer
[2014/08/09 18:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/08/02 16:01:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/08/02 16:00:31 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\MrZ\Desktop\JRT.exe
[2014/08/02 15:54:16 | 001,942,776 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\MrZ\Desktop\rkill.exe
[2014/07/21 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\MrZ\AppData\Local\Adobe
[2014/07/20 16:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
========== Files - Modified Within 30 Days ==========
[2014/08/13 21:00:58 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/08/13 20:48:41 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/13 20:48:22 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/13 20:48:22 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/13 20:47:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrZ\Desktop\OTL.exe
[2014/08/13 20:46:48 | 000,823,190 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/13 20:46:48 | 000,695,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/13 20:46:48 | 000,131,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/13 20:41:27 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/13 20:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/13 20:41:01 | 1744,183,295 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/13 05:11:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/12 20:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\At1.job
[2014/08/12 19:33:02 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/12 19:33:01 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/12 19:33:01 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/12 19:33:01 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/12 19:26:32 | 005,074,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/10 12:26:00 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - MrZ).job
[2014/08/09 18:53:37 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/08/02 18:11:03 | 000,838,450 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/08/02 16:00:40 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\MrZ\Desktop\JRT.exe
[2014/08/02 15:58:22 | 001,361,309 | ---- | M] () -- C:\Users\MrZ\Desktop\adwcleaner_3.302.exe
[2014/08/02 15:54:24 | 001,942,776 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\MrZ\Desktop\rkill.exe
[2014/07/19 09:09:26 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2014/07/19 09:09:26 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2014/07/19 09:09:26 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
========== Files Created - No Company Name ==========
[2014/08/09 18:53:37 | 000,001,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/08/09 18:53:37 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/08/02 15:58:18 | 001,361,309 | ---- | C] () -- C:\Users\MrZ\Desktop\adwcleaner_3.302.exe
[2014/05/03 08:14:56 | 000,000,856 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/19 16:28:28 | 000,004,608 | ---- | C] () -- C:\Users\MrZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/17 23:20:21 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2014/01/17 23:19:49 | 000,000,074 | ---- | C] () -- C:\Windows\Crypkey.ini
[2014/01/17 23:19:47 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2014/01/17 23:19:47 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2014/01/17 23:19:47 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/12/06 20:47:03 | 000,000,282 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/10/10 14:35:10 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2012/11/19 22:37:12 | 000,000,600 | ---- | C] () -- C:\Users\MrZ\PUTTY.RND
[2012/10/14 11:41:43 | 000,000,005 | -H-- | C] () -- C:\Users\MrZ\.zs
[2012/09/27 20:14:29 | 000,012,354 | ---- | C] () -- C:\Users\MrZ\barcodei4.php
[2012/09/27 20:06:51 | 000,012,354 | ---- | C] () -- C:\Users\MrZ\barcodei3.php
[2012/09/23 21:08:37 | 000,007,618 | ---- | C] () -- C:\Users\MrZ\AppData\Local\Resmon.ResmonCfg
[2012/09/16 12:49:56 | 000,002,558 | ---- | C] () -- C:\Users\MrZ\index2.php
[2012/09/15 16:39:15 | 000,002,493 | ---- | C] () -- C:\Users\MrZ\iisstart.php
[2012/08/30 20:26:35 | 000,000,100 | ---- | C] () -- C:\Windows\1FB169BC-703B-4282-BD96-2CCF743D3814.ini
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/01/11 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\eclipse
[2014/01/11 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ISIS Drivers
[2014/01/11 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\eclipse
[2014/01/11 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ISIS Drivers
[2014/08/10 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\30765
[2013/11/25 20:18:33 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\5779
[2012/09/23 20:58:07 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Canneverbe Limited
[2013/11/30 11:41:11 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Dropbox
[2014/02/14 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\DVDFab9
[2014/06/06 23:38:47 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\eclipse
[2014/02/09 00:56:35 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Eye-Fi
[2012/09/10 18:52:26 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Imagenomic
[2014/01/11 18:54:18 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\ISIS Drivers
[2012/09/03 21:16:26 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\JAM Software
[2013/11/03 17:50:27 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Netscape
[2012/09/09 20:45:12 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Notepad++
[2013/06/19 20:18:16 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Oracle
[2013/11/03 17:49:52 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Photodex
[2013/11/28 15:07:27 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\redsn0w
[2013/07/31 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Serif
[2014/08/10 11:05:07 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\TeamViewer
[2014/01/19 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\TechSmith
[2012/11/19 21:34:57 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\TightVNC
[2014/02/09 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\Titanium
[2014/03/26 08:44:39 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\uTorrent
[2012/08/24 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\White Peak Software
[2014/06/19 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\MrZ\AppData\Roaming\XBMC
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 20:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 20:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 19:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 20:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 20:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 20:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/11 19:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 20:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 20:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/11 19:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 20:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 20:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 20:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 20:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 20:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 20:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 20:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 20:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 20:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 20:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 20:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 20:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 20:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 20:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 20:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< MD5 for: RPCSS.DLL >
[2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A9967A61
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F4C624DE
< End of report >
OTL Extras logfile created on: 8/13/2014 8:59:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrZ\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.50 Gb Total Physical Memory | 4.54 Gb Available Physical Memory | 60.55% Memory free
15.00 Gb Paging File | 11.50 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.22 Gb Total Space | 60.11 Gb Free Space | 26.93% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 870.81 Gb Free Space | 93.48% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 29.86 Gb Free Space | 3.21% Space Free | Partition Type: NTFS
Drive F: | 27.84 Gb Total Space | 27.30 Gb Free Space | 98.05% Space Free | Partition Type: FAT32
Drive J: | 100.97 Mb Total Space | 70.54 Mb Free Space | 69.86% Space Free | Partition Type: NTFS
Drive P: | 1862.92 Gb Total Space | 569.71 Gb Free Space | 30.58% Space Free | Partition Type: NTFS
Drive Z: | 100.00 Gb Total Space | 60.11 Gb Free Space | 60.11% Space Free | Partition Type: MFilesFS
Computer Name: WIN7SSD | User Name: MrZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- Reg Error: Value error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Value error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0222F7A3-5683-4EB4-B21C-166CF5585407}" = rport=138 | protocol=17 | dir=out | app=system |
"{03EC3CE2-51B9-45B2-A4DF-A62EDBD28138}" = lport=9083 | protocol=6 | dir=in | name=remote potato - 9083 inbound |
"{084F0E30-BA53-4052-BC60-BFDA68B7E565}" = rport=445 | protocol=6 | dir=out | app=system |
"{0E0E94BB-AF0E-43E0-AFF2-8668B7D21584}" = lport=9082 | protocol=6 | dir=in | name=remote potato - 9082 inbound |
"{2BCBDCBE-F242-4044-84BA-126456AFD7D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B1E7657-5255-42E7-A3D9-DDCF5961E6E6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |
"{44A650D4-7675-4B83-97E7-904DC20DD487}" = lport=137 | protocol=17 | dir=in | app=system |
"{48A52161-0F56-4178-AD0F-E94CC22B4590}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{544CC461-6F63-438F-ABA3-1B56E0C7A8E8}" = lport=9081 | protocol=6 | dir=in | name=remote potato - 9081 inbound |
"{54FF6518-DD58-441A-AA9D-4D4DA9D72D43}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{56B980F9-942A-4402-A16D-334698AD070D}" = lport=9080 | protocol=6 | dir=in | name=remote potato - 9080 inbound |
"{58C539EC-D457-4E2B-8CC8-C9A530119105}" = lport=138 | protocol=17 | dir=in | app=system |
"{59017C71-38C2-4D85-94A6-CE466C63B339}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\proc.exe |
"{5F30FF4F-092C-4E01-AF52-E460941E7A80}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\pwdg.exe |
"{67FEA594-42F0-4C21-AAD6-FB133B8B1BB5}" = rport=137 | protocol=17 | dir=out | app=system |
"{720DD41E-BAE6-45C5-8ABC-3DCD398453A0}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio |
"{7248419C-A5CD-4B9F-9354-8BBAE881CDCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E00A694-2FCD-4D4C-95AD-9E2D2D975491}" = lport=9083 | protocol=6 | dir=out | name=remote potato - 9083 outbound |
"{8868E248-1703-4FFC-939C-E4A4FD7F7105}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\proc.exe |
"{AEBF9973-7B65-4148-BC77-6C64B97CDACB}" = lport=445 | protocol=6 | dir=in | app=system |
"{CFF35435-A652-4720-8BDB-C1B8C867CB2E}" = lport=9081 | protocol=6 | dir=out | name=remote potato - 9081 outbound |
"{DE0C3468-6D77-414E-B377-A57A7F2ACF5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E1601385-1421-47F0-87E0-F327B86AE778}" = lport=9082 | protocol=6 | dir=out | name=remote potato - 9082 outbound |
"{EC6D74EA-2C80-4529-95D7-F4138D187C2D}" = rport=139 | protocol=6 | dir=out | app=system |
"{EEA56AE0-17F9-47F3-828F-4D68468687D3}" = lport=3128 | protocol=6 | dir=in | app=c:\program files (x86)\bench\proxy\pwdg.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13FFD98D-2D58-4626-97A0-593FD6F07F38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{244327EF-6AD9-4E98-8611-1234D0B786EB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{28B056F5-0222-4B16-9301-B37FB9B6F675}" = protocol=58 | dir=out | [email protected],-28546 |
"{28B598B6-CCDF-4937-841F-4E50324102D2}" = dir=in | app=c:\program files (x86)\mediamall\settingsmanager.exe |
"{29736CF3-A273-4B62-9AE8-E0A39BAA8C04}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{37C95DE0-9E08-41F9-9AE7-4C094800DAC7}" = dir=in | app=c:\users\mrz\appdata\local\microsoft\skydrive\skydrive.exe |
"{3C15D36E-ED4E-4091-9034-316041AD53E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{3D47C613-3B88-49EC-BFB1-87650F43EC79}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{48403891-0DC7-40FA-82AD-99CE2AD7AC3C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{491C4BD4-BAB2-4A9E-90B4-72D991AECB1B}" = dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{5A529716-1317-41E8-90E6-B5CC7B38870C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{643145AA-538D-4564-B34B-ECEC6E001BD4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{75DC6360-108D-464F-AA29-766E55426748}" = protocol=1 | dir=out | [email protected],-28544 |
"{768E87CA-3A87-4293-9077-A13798ECE7BC}" = protocol=17 | dir=in | app=c:\users\mrz\appdata\roaming\utorrent\utorrent.exe |
"{7B6B2FF4-6723-4C96-97F8-89BD28815386}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F9096F7-EB12-45BA-A3B5-5FBB8CDCDE9D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80B2A321-845F-4D33-8EB3-D6C1E3C54857}" = protocol=1 | dir=in | [email protected],-28543 |
"{81B84C98-7713-472D-ACF2-F5DD5509442C}" = dir=in | app=c:\program files (x86)\mediamall\playmark.exe |
"{859B7060-38C1-4578-ACF0-6FF79952FDA4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{86BD1267-9188-42CE-9ABF-61291307630D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{8EC675EE-431A-4C90-937B-3CDDE55EACB8}" = protocol=58 | dir=out | [email protected],-503 |
"{8F0C681A-B825-4002-8F90-46F5E8B1F3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{911A3E7E-53F0-4B3B-BE7C-8FE401C2E47B}" = protocol=58 | dir=in | app=system |
"{9D910501-3CFD-48B9-9E58-C2CCD36865B2}" = protocol=58 | dir=in | [email protected],-28545 |
"{A12A3C39-19E1-40B2-A789-709B90E04796}" = protocol=6 | dir=in | app=c:\users\mrz\appdata\roaming\utorrent\utorrent.exe |
"{AA7DAFB0-EFFF-4ACC-B84B-D4F0D7C25D85}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D52174E6-6911-4DE4-9926-00A2D09A7C68}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{E766AB89-6632-4995-B225-15DFDED8C901}" = dir=in | app=c:\program files (x86)\mediamall\playlater.exe |
"{EEB94B36-F51C-4CA5-AE7E-6A8ADA812C30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{F372DDEC-993C-4988-B9CB-F18C1C823BB3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"TCP Query User{8A4E8C65-54AA-48CF-A296-3593EDC7A574}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{BEEC2C70-E5F6-4197-A3BA-C541BD661B34}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1" = PDF-XChange 2012
"{54E6C675-3AD4-42E4-957F-31666ABF1603}" = Adobe Photoshop Lightroom 5.2 64-bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{619A89DE-5F01-11E2-85E8-000C2982512D}" = Paragon Hard Disk Manager™ 14 Premium Edition
"{6C4958DF-4B1A-4290-947B-5F6AFDC74398}" = AirParrot
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-00D1-0409-1000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{97E3E5AA-72FA-45D3-98FF-4C5E321D8555}" = M-Files 9.0.3372.41
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}" = Oracle VM VirtualBox 4.3.12
"{B71CCF77-38A2-4805-9759-A6F7D2C52F3A}" = Adobe Photoshop Lightroom 4.2 64-bit
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E851486F-1FE2-44F0-85ED-F969088A68EE}" = PHP Manager 1.2 for IIS 7
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HitmanPro37" = HitmanPro 3.7
"ImagenomicPortraitureLightroomPlugin" = Imagenomic Portraiture 2.2 Lightroom Plug-in (build 2207)
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{262425E7-A5A0-5630-8FB2-FE6E6A650872}" = Boot Media Builder for Paragon Hard Disk Manager™ 12 Server
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}" = Flash Drive Tester v1.14
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{489687BC-3B2A-401F-920B-0B1E97DDB287}" = Eclipse OCR Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{5ABDB125-7725-40B6-A1E3-B7D8BFFAA303}" = PlayLater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6EA6D4E3-134D-4A11-AF2A-7986F61BB2F6}" = ImageRescue3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7764F7B0-7225-4145-82B6-2AB4540D33A6}" = Eye-Fi Center 3.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B6D00DA-AE9D-44B3-A91B-4695AA803B3F}" = Serif Premium Image Collection 6
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9489257A-CED5-45E7-8D16-7B20A2E48744}" = PlayOn
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A73D4BEE-2BBE-4285-BF6C-4B8C7C001630}" = Zend Studio 9.0.1
"{A7727F03-5311-4A12-9A63-2ACD20BA0497}" = Camtasia Studio 8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C6FEBDB4-DC98-4D10-A659-B3EB49DC2FFF}" = Eclipse ISIS Scanning Support
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v5
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}" = Citrix Online Launcher
"{F1C324A1-5562-4956-BF70-253825D53F87}" = Eclipse Imaging Support
"{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}" = LogMeIn
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"CleanUp!" = CleanUp!
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DVDFab 9.0.7.2 Final9.0.7.2" = DVDFab 9.0.7.2 Final
"Google Chrome" = Google Chrome
"HDClone.Professional.4.2.2.1033-{C5DE40C1-8962-4998-9A4C-E2B1130723F3}" = HDClone 4.2 Professional Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"NirSoft ProduKey" = NirSoft ProduKey
"Notepad++" = Notepad++
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"Photodex Presenter" = Photodex Presenter
"ProShow Gold" = ProShow Gold
"ProShow Plugins for Lightroom" = ProShow Plugins for Lightroom
"RealFlight7Pro" = RealFlight 7 R/C Simulator
"SMTP Diagnostics_is1" = SMTP Diagnostics 1.8.0.74
"Stellar Phoenix Outlook PST Repair_is1" = Stellar Phoenix Outlook PST Repair
"TeamViewer 9" = TeamViewer 9
"TreeSize Free_is1" = TreeSize Free V2.7
"VirtualCloneDrive" = VirtualCloneDrive
"XXConsole" = XXConsole: Super Console Generator ver 0.96
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2674156391-257221273-1192923396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc3ac04dc8eedef7" = Web Launcher
"OneDriveSetup.exe" = Microsoft OneDrive
"uTorrent" = µTorrent
"XBMC" = XBMC
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/11/2014 3:00:02 AM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/12/2014 10:28:07 PM | Computer Name = Win7ssd | Source = WinMgmt | ID = 10
Description =
Error - 8/12/2014 10:32:40 PM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/12/2014 10:32:41 PM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/12/2014 10:32:41 PM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/12/2014 10:33:00 PM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/13/2014 1:03:58 AM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/13/2014 3:00:00 AM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/13/2014 6:47:35 AM | Computer Name = Win7ssd | Source = System Restore | ID = 8193
Description =
Error - 8/13/2014 11:42:51 PM | Computer Name = Win7ssd | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 8/13/2014 8:38:41 AM | Computer Name = Win7ssd | Source = DCOM | ID = 10010
Description =
Error - 8/13/2014 11:42:39 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 11:46:04 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 11:47:56 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 11:52:26 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 11:52:59 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 11:58:02 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/13/2014 11:58:47 PM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/14/2014 12:03:19 AM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 8/14/2014 12:05:09 AM | Computer Name = Win7ssd | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
< End of report >
You did the scans just fine
So, a couple of things. uTorrent and Hitman Pro. I am going to place my P2P warning below and please read it. It pertains to your uTorrent software and the likely source of your issues.
Hitman Pro is utter dross! Not only does it do very little on the positive side, it has been causing crashes and unbootable systems. Please uninstall both nTorrent and Hitman before you run the other tools.
Be warned:
P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected: unsecured ports, downloaded cracks... There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.
And, while you are in the Control Panel > Add/Remove Programs...uninstall HitMan Pro too please.
Fix with OTL
Please re-run OTL with this removal script included.
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
:Commands [CREATERESTOREPOINT] :OTL PRC - File not found -- IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found [2012/09/27 09:59:30 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected] [2013/12/01 11:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\extensions [2014/08/02 16:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\Profiles\extensions [2014/06/19 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrZ\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/np-cwmp.dll CHR - Extension: Atomic Savings = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmicfehfblhebdfbhfgmmfcaikafckac\1.0_0\ CHR - Extension: Atomic Savings = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmicfehfblhebdfbhfgmmfcaikafckac\1.0_1\ CHR - Extension: Atomic Savings = C:\Users\MrZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmicfehfblhebdfbhfgmmfcaikafckac\1.0_2\ O2:64bit: - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - No CLSID value found. O2:64bit: - BHO: (no name) - {56bc31de-97ab-4563-8599-ad5d4e9800f9} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O4 - HKU\.DEFAULT..\Run: [RemotePotatoIRHelper] C:\Program Files (x86)\FatAttitude\Remote Potato\RPKeySender.exe File not found O4 - HKU\S-1-5-18..\Run: [RemotePotatoIRHelper] C:\Program Files (x86)\FatAttitude\Remote Potato\RPKeySender.exe File not found O4 - HKU\S-1-5-21-2674156391-257221273-1192923396-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :Commands [resethosts] [emptytemp] [reboot]
Please include the content of this logfile in your next reply and let me know if we've eliminated the Atomic Ads. If not, I have other ideas. If we have, there is additional clean up to do, so please come back
The computer froze, I am running it again to see it will go thru the second time.
The freezing is disconcerting. Honestly, right now I don't see anything in the OTL scan that would account for locking up the machine. Yes, there are some "minor" spyware/adware issues that require tidying up, but nothing significant. It is possible that there is something more insidious lurking, but honestly I'm leaning more toward a Hardware issue.
Before I turn you over to our Hardware folks, let's see if we can't clean what is there. If you don't mind trying the Fix again, that would be great.
Ok ran it again. This time machine is still working but the app does not appear to be progressing, it says "Not responding" at the top and the bottom "Processing PRC - File not found --..." Maybe I entered something wrong?
Ok, let's try a different attack plan
Boot to Safe Mode. If you don't know how to do that, here are instructions.
Boot into Safe Mode:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) If you are asked what mode to bootup in press Esc to boot in the default settings
4) Instead of Windows loading as normal, a menu should appear
5) Select the option to run Windows in Safe Mode.
Scan with aswMBR
Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!
Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software!
Scan with Gmer
This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.
Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
When the pre-scan is completed, please do the following:
Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!
If you encounter any problems, try running GMER in Safe Mode.
If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-17 20:05:06
-----------------------------
20:05:06.877 OS Version: Windows x64 6.1.7601 Service Pack 1
20:05:06.877 Number of processors: 6 586 0xA00
20:05:06.878 ComputerName: WIN7SSD UserName: MrZ
20:05:13.094 Initialize success
20:05:13.126 VM: initialized successfully
20:05:13.133 VM: Amd CPU supported
20:05:17.248 VM: supported disk I/O ataport.SYS
20:09:05.584 AVAST engine defs: 14081701
20:09:10.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:09:10.025 Disk 0 Vendor: Corsair_Force_3_SSD 5.02 Size: 228936MB BusType: 3
20:09:10.031 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-8
20:09:10.035 Disk 1 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953869MB BusType: 3
20:09:10.041 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
20:09:10.047 Disk 2 Vendor: WDC_WD2002FAEX-007BA0 05.01D05 Size: 1907729MB BusType: 3
20:09:10.058 Disk 0 MBR read successfully
20:09:10.060 Disk 0 MBR scan
20:09:10.065 Disk 0 Windows 7 default MBR code
20:09:10.068 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
20:09:10.072 Disk 0 default boot code
20:09:10.079 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228577 MB offset 718848
20:09:10.092 Disk 0 scanning C:\Windows\system32\drivers
20:09:13.708 Service scanning
20:09:25.581 Modules scanning
20:09:25.593 Disk 0 trace - called modules:
20:09:25.605 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:09:25.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c81060]
20:09:25.623 3 CLASSPNP.SYS[fffff8800194143f] -> nt!IofCallDriver -> [0xfffffa800664d670]
20:09:25.632 5 ACPI.sys[fffff88000f8f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006a5f060]
20:09:25.979 AVAST engine scan C:\Windows
20:09:27.058 AVAST engine scan C:\Windows\system32
20:13:39.315 AVAST engine scan C:\Windows\system32\drivers
20:13:45.314 AVAST engine scan C:\Users\MrZ
20:19:21.806 AVAST engine scan C:\ProgramData
20:21:54.571 Scan finished successfully
21:09:10.076 Disk 0 MBR has been saved successfully to "C:\Users\MrZ\Desktop\MBR.dat"
21:09:10.079 The log file has been saved successfully to "C:\Users\MrZ\Desktop\aswMBR.txt"
Have you had a chance to run GMER?
I am having trouble sending it, it is to large? Suggestions?
Try dividing it into pieces and putting each piece in a separate post. I'll be able to read it regardless.
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-18 05:32:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Corsair_Force_3_SSD rev.5.02 223.57GB
Running: s5fzlukh.exe; Driver: C:\Users\MrZ\AppData\Local\Temp\kwrdqpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031ef000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031ef02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776f1360 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776f1560 8 bytes JMP 000000016fff0110
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0148
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077486ef0 8 bytes JMP 000000016fff06f8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000077488184 7 bytes JMP 000000016fff0880
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SetParent 0000000077488530 8 bytes JMP 000000016fff0730
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!PostMessageA 000000007748a404 5 bytes JMP 000000016fff0308
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!EnableWindow 000000007748aaa0 9 bytes JMP 000000016fff08f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!MoveWindow 000000007748aad0 8 bytes JMP 000000016fff0768
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007748c720 5 bytes JMP 000000016fff06c0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007748cd50 8 bytes JMP 000000016fff0848
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007748d2b0 5 bytes JMP 000000016fff0378
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendMessageA 000000007748d338 5 bytes JMP 000000016fff03e8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007748dc40 9 bytes JMP 000000016fff0570
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007748f510 7 bytes JMP 000000016fff08b8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007748f874 9 bytes JMP 000000016fff0298
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007748fac0 9 bytes JMP 000000016fff0490
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077490b74 10 bytes JMP 000000016fff03b0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077494d4c 5 bytes JMP 000000016fff02d0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!GetKeyState 0000000077495010 5 bytes JMP 000000016fff0688
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000077495438 7 bytes JMP 000000016fff0500
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendMessageW 0000000077496b50 5 bytes JMP 000000016fff0420
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!PostMessageW 00000000774976e4 7 bytes JMP 000000016fff0340
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007749dd90 5 bytes JMP 000000016fff05e0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!GetClipboardData 000000007749e874 5 bytes JMP 000000016fff0810
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007749f780 8 bytes JMP 000000016fff07a0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000774a28e4 12 bytes JMP 000000016fff0538
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!mouse_event 00000000774a3894 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000774a8a10 8 bytes JMP 000000016fff0650
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 00000000774a8be0 12 bytes JMP 000000016fff0458
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00000000774a8c20 12 bytes JMP 000000016fff0260
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendInput 00000000774a8cd0 8 bytes JMP 000000016fff0618
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!BlockInput 00000000774aad60 8 bytes JMP 000000016fff07d8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000774d14e0 5 bytes JMP 000000016fff0928
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!keybd_event 00000000774f45a4 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 00000000774fcc08 5 bytes JMP 000000016fff05a8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\USER32.dll!SendMessageCallbackA 00000000774fdf18 7 bytes JMP 000000016fff04c8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776f1360 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776f1560 8 bytes JMP 000000016fff0110
.text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0148
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefdab3e80 5 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077486ef0 8 bytes JMP 000000016fff06f8
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000077488184 7 bytes JMP 000000016fff0880
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SetParent 0000000077488530 8 bytes JMP 000000016fff0730
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!PostMessageA 000000007748a404 5 bytes JMP 000000016fff0308
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!EnableWindow 000000007748aaa0 9 bytes JMP 000000016fff08f0
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!MoveWindow 000000007748aad0 8 bytes JMP 000000016fff0768
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007748c720 5 bytes JMP 000000016fff06c0
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007748cd50 8 bytes JMP 000000016fff0848
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007748d2b0 5 bytes JMP 000000016fff0378
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendMessageA 000000007748d338 5 bytes JMP 000000016fff03e8
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007748dc40 9 bytes JMP 000000016fff0570
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007748f510 7 bytes JMP 000000016fff08b8
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007748f874 9 bytes JMP 000000016fff0298
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007748fac0 9 bytes JMP 000000016fff0490
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077490b74 10 bytes JMP 000000016fff03b0
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077494d4c 5 bytes JMP 000000016fff02d0
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!GetKeyState 0000000077495010 5 bytes JMP 000000016fff0688
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000077495438 7 bytes JMP 000000016fff0500
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendMessageW 0000000077496b50 5 bytes JMP 000000016fff0420
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!PostMessageW 00000000774976e4 7 bytes JMP 000000016fff0340
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007749dd90 5 bytes JMP 000000016fff05e0
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!GetClipboardData 000000007749e874 5 bytes JMP 000000016fff0810
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007749f780 8 bytes JMP 000000016fff07a0
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000774a28e4 12 bytes JMP 000000016fff0538
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!mouse_event 00000000774a3894 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000774a8a10 8 bytes JMP 000000016fff0650
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 00000000774a8be0 12 bytes JMP 000000016fff0458
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00000000774a8c20 12 bytes JMP 000000016fff0260
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendInput 00000000774a8cd0 8 bytes JMP 000000016fff0618
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!BlockInput 00000000774aad60 8 bytes JMP 000000016fff07d8
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000774d14e0 5 bytes JMP 000000016fff0928
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!keybd_event 00000000774f45a4 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 00000000774fcc08 5 bytes JMP 000000016fff05a8
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\USER32.dll!SendMessageCallbackA 00000000774fdf18 7 bytes JMP 000000016fff04c8
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0378
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Windows\system32\lsass.exe[708] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\lsm.exe[716] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\lsm.exe[716] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\lsm.exe[716] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\lsm.exe[716] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\lsm.exe[716] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\lsm.exe[716] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\lsm.exe[716] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\lsm.exe[716] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\lsm.exe[716] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[872] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[872] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefdab3e80 5 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[872] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[872] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[872] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[872] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[872] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[872] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[872] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0378
.text C:\Windows\system32\svchost.exe[872] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefdab3e80 5 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0378
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\atiesrxx.exe[744] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\System32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Windows\System32\svchost.exe[712] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefdab3e80 5 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0378
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Windows\system32\svchost.exe[1240] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[1240] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[1240] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[1240] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[1240] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[1240] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[1240] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[1240] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[1240] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\HitmanPro\hmpsched.exe[1364] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\HitmanPro\hmpsched.exe[1364] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Program Files\HitmanPro\hmpsched.exe[1364] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Program Files\HitmanPro\hmpsched.exe[1364] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\HitmanPro\hmpsched.exe[1364] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\HitmanPro\hmpsched.exe[1364] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\HitmanPro\hmpsched.exe[1364] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\HitmanPro\hmpsched.exe[1364] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\HitmanPro\hmpsched.exe[1364] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\atieclxx.exe[1412] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefdab3e80 5 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0378
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfclient.exe[1820] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1916] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.