Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Cannot Remove Adware PLEASE HELP!


(!)

rahuls1392's Avatar
rahuls1392 rahuls1392 is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 02:25 AM #1
Cannot Remove Adware PLEASE HELP!
Hello

I currently am having some adware issues. I keep getting popups that randomly come up no matter what website I'm on. I'm pretty sure it has to do with a program I uninstalled called FirstRowSport Desktop App. The ads I get are from RedOrbit or download4free.org and some other random sites. Please HELP because they are a real pain! Here are my logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:38 PM, on 3/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [autoauto] c.bat
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18A430X505PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rahul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [ChromeFrameHelper] "C:\Users\Rahul\AppData\Local\Google\Chrome\Application\25.0.1364.152\chrom e_frame_helper.exe" --startup
O4 - Startup: Dropbox.lnk = Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Rahul\AppData\Local\Google\Chrome\Application\25.0.1364.152\npchro me_frame.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15883 bytes







DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by Rahul at 23:00:57 on 2013-03-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3145 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\25.0.1364.152\chrome _frame_helper.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\splwow64.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.espn.com/
uProxyOverride = localhost;127.0.0.1;<local>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18A430X505PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [Google Update] "C:\Users\Rahul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [ChromeFrameHelper] "C:\Users\Rahul\AppData\Local\Google\Chrome\Application\25.0.1364.152\chrom e_frame_helper.exe" --startup
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [autoauto] c.bat
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Rahul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\D ropbox.lnk - C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617}\0557E6A61626960235771676 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617}\25168657C62E08993702960586F6E656 : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617}\3547574656E64737D25535369656E6365637 : DHCPNameServer = 10.1.10.222 10.1.10.202
TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617}\73B4F4B413 : DHCPNameServer = 192.168.1.1 162.150.8.16
TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617}\7457563747D25535369656E6365637 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{6BC704D3-C52F-4583-8471-A19B14B93D76} : DHCPNameServer = 172.26.38.1 172.26.38.2
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Rahul\AppData\Local\Google\Chrome\Application\25.0.1364.152\npchro me_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-12 283200]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-12-11 89600]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-14 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-14 2375168]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-14 2656280]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-7-30 32880]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-18 77936]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 iscFlash;iscFlash;C:\SWSetup\sp60704\iscflashx64.sys [2013-3-4 49216]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-14 335464]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-6 1255736]
S4 KCTRP;KCTRP;C:\Program Files\ColdTurkey\kctrp_srv.exe [2012-4-4 40960]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-06 06:14:22 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4810774-2651-400B-A6B4-4973E6D278D3}\mpengine.dll
2013-03-05 11:07:17 9162192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-03 00:33:05 -------- d-----w- C:\Program Files\iPod
2013-03-03 00:33:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-03 00:33:04 -------- d-----w- C:\Program Files\iTunes
2013-03-03 00:33:04 -------- d-----w- C:\Program Files (x86)\iTunes
2013-03-02 22:50:09 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-27 00:03:59 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-02-17 07:21:43 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAE53D3C-E7ED-481D-A05C-BB304366B6A5}\gapaengine.dll
2013-02-17 07:20:27 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-02-17 07:20:21 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-02-17 05:16:27 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2013-02-17 05:16:14 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2013-02-17 05:16:05 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-17 05:15:57 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2013-02-16 23:32:05 -------- d-----w- C:\Users\Rahul\AppData\Roaming\Malwarebytes
2013-02-16 23:31:57 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 18:04:26 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 18:04:26 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 00:17:16 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 00:17:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 00:17:15 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 00:17:07 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 00:17:06 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 00:17:06 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 00:17:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 00:17:06 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 00:17:06 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 00:17:05 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 00:17:03 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 00:17:03 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-12 22:53:30 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-02-12 22:53:27 -------- d-----w- C:\Users\Rahul\AppData\Roaming\DAEMON Tools Pro
2013-02-12 22:53:24 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2013-02-12 22:46:47 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2013-02-11 23:40:12 -------- d-----w- C:\Users\Rahul\AppData\Local\{88978023-17CE-4A95-82EA-F268F8CD3190}
2013-02-11 23:09:40 -------- d-----w- C:\a
.
==================== Find3M ====================
.
2013-03-02 22:49:58 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-02 22:49:57 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-26 22:00:09 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 22:00:09 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-20 19:10:12 741 ----a-w- C:\Windows\SysWow64\lod1.vbs
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-13 18:50:38 6112864 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-12-13 18:50:36 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
.
============= FINISH: 23:03:48.29 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/3/2011 11:21:23 AM
System Uptime: 3/5/2013 10:37:12 AM (37 hours ago)
.
Motherboard: Hewlett-Packard | | 1650
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU1 | 2277/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 246.768 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.547 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP195: 2/26/2013 6:38:29 PM - Windows Update
RP196: 2/26/2013 7:03:47 PM - Windows Update
RP197: 3/1/2013 9:53:59 PM - Windows Update
RP198: 3/2/2013 5:48:44 PM - Removed Java(TM) 6 Update 39
RP199: 3/2/2013 5:49:38 PM - Installed Java 7 Update 15
RP200: 3/3/2013 10:08:33 PM - Removed VLC Amigo Setup
RP201: 3/4/2013 12:06:12 PM - Removed Plex Media Server
RP202: 3/4/2013 3:18:54 PM - HPSF Applying updates
RP203: 3/4/2013 3:18:54 PM - HPSF Applying updates
RP204: 3/4/2013 9:52:47 PM - Removed Halo 2 for Windows Vista
RP205: 3/5/2013 6:06:52 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AuthenTec TrueAPI
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Bonjour
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Cold Turkey version 0.6
D3DX10
DAEMON Tools Pro
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Dropbox
Energy Star Digital Logo
Farm Frenzy
FATE - The Traitor Soul
Google Chrome
Google Chrome Frame
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Client Services
HP CoolSense
HP Customer Experience Enhancements
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
HP Deskjet 3050A J611 series Product Improvement Study
HP Documentation
HP Games
HP MediaSmart Webcam
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
HP Update
HPDiagnosticAlert
iCloud
IDT Audio
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
iTunes
Java 7 Update 15
Java Auto Updater
Java(TM) 6 Update 24 (64-bit)
Junk Mail filter update
Mah Jong Medley
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mathematics (64-bit)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
NVIDIA PhysX
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek PCIE Card Reader
RealUpgrade 1.1
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shockwave
Skype™ 5.10
Slingo Supreme
System Requirements Lab CYRI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Validity WBF DDK
Virtual Villagers 4 - The Tree of Life
VLC media player 2.0.5
VLC Setup Helper
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.0
Zuma Deluxe
.
==== End Of File ===========================






GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-03-07 01:19:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596.17GB
Running: gmer.exe; Driver: C:\Users\Rahul\AppData\Local\Temp\pwlorpog.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
.text ... * 9
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
.text ... * 9
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
.text ... * 9
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
? C:\Windows\system32\mssprxy.dll [2400] entry point in ".rdata" section 00000000745471e6
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0x9cbe28; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0x9cbe68; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0x9cbda8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0x9cbd28; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0x9cbf28; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0x9cbf68; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0x9cbee8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0x9cbea8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0x9cbc68; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0x9cbca8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0x9cbc28; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0x9cbde8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0x9cbd68; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0x9cbce8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
.text ... * 9
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0x520a28; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0x520a68; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0x5209a8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0x520928; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0x520b28; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0x520b68; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0x520ae8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0x520aa8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0x520868; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0x5208a8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0x520828; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0x5209e8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0x520968; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0x5208e8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
.text ... * 9
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0xa4e228; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0xa4e268; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0xa4e1a8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0xa4e128; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0xa4e328; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0xa4e368; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0xa4e2e8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0xa4e2a8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0xa4e068; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0xa4e0a8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0xa4e028; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0xa4e1e8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0xa4e168; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0xa4e0e8; JMP RDX}
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
.text ... * 9
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
.text ... * 9
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
.text ... * 9
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
.text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE [2376:6692] 00000000753246fa
Thread C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE [2376:6760] 000000005b5dc594
---- Processes - GMER 2.0 ----

Library C:\Program (*** suspicious ***) @ C:\Windows\Explorer.EXE [3476] 000007fefb690000
Library C:\Program (*** suspicious ***) @ C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [6728] 0000000071990000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 21514

---- Files - GMER 2.0 ----

File C:\Users\Rahul\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001712 0 bytes
File C:\Users\Rahul\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001713 0 bytes

---- EOF - GMER 2.0 ----


Thanks in advance!
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Mar-2013, 09:38 AM #2
Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
rahuls1392's Avatar
rahuls1392 rahuls1392 is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 05:25 PM #3
# AdwCleaner v2.114 - Logfile created 03/07/2013 at 16:24:53
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rahul - RAHULSPC
# Boot Mode : Normal
# Running from : C:\Users\Rahul\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Users\Rahul\AppData\Local\Babylon
Folder Found : C:\Users\Rahul\AppData\Local\Conduit
Folder Found : C:\Users\Rahul\AppData\Local\Temp\BabylonToolbar
Folder Found : C:\Users\Rahul\AppData\LocalLow\Conduit
Folder Found : C:\Users\Rahul\AppData\Roaming\Babylon
Folder Found : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\ex tensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\FC TB

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-3381474868-4023708455-3436545268-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\pr efs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109035&babsrc=HP_ss&mntrId=3[...]
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109035");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "365d51760000000000002c4138121a7a");
Found : user_pref("extensions.BabylonToolbar_i.id", "365d51760000000000002c4138121a7a");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15465");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:04:34");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.crossriderapp498.498.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp498.498.affid", "0");
Found : user_pref("extensions.crossriderapp498.498.backgroundjs", "\n/**************************************[...]
Found : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expirati on", "Fri Feb 01 2030 00:[...]
Found : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1318887292");
Found : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.expiratio n", "Fri Feb 01 2030 00:0[...]
Found : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22defa[...]
Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.expiration", "Mon Oct 24 2011 17:35:52 GM[...]
Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.value", "%7B%22geoplugin_city%22%3A%22Tom[...]
Found : user_pref("extensions.crossriderapp498.498.description", "RewardsArcade is a platform that allows us[...]
Found : user_pref("extensions.crossriderapp498.498.domain", "www.rewardsarcade.com");
Found : user_pref("extensions.crossriderapp498.498.emailsig", "");
Found : user_pref("extensions.crossriderapp498.498.exposesites", "");
Found : user_pref("extensions.crossriderapp498.498.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp498.498.group", 0);
Found : user_pref("extensions.crossriderapp498.498.homepage", "");
Found : user_pref("extensions.crossriderapp498.498.iframe", false);
Found : user_pref("extensions.crossriderapp498.498.js", "\n\n(function($) { \n\n $.geoplugin = function(o[...]
Found : user_pref("extensions.crossriderapp498.498.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp498.498.thankyou", "hxxp://www.rewardsarcade.com/r.php");
Found : user_pref("extensions.crossriderapp498.498.ver", 36);
Found : user_pref("extensions.crossriderapp498.apps", "498");
Found : user_pref("extensions.crossriderapp498.bic", "13313cfc5fcafc4ec894f37e3ccdaa91");
Found : user_pref("extensions.crossriderapp498.cid", 498);
Found : user_pref("extensions.crossriderapp498.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp498.installationdate", 1318887344);
Found : user_pref("extensions.crossriderapp498.jsver", 3);
Found : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.customNewTab", false);
Found : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.processAddrBar", false);
Found : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.user_id", "52174561");
Found : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.disablecuidinject ", "1");
Found : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.lastcheck", "Mon%20Oct%2017%202011%2017%3A[...]
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109035&babsrc=KW_ss&mntrId=365d5176000000[...]

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Rahul\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7583 octets] - [07/03/2013 16:24:53]

########## EOF - C:\AdwCleaner[R1].txt - [7643 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Mar-2013, 06:17 AM #4
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt

tell us if all the problems have been solved or if you still have any
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
rahuls1392's Avatar
rahuls1392 rahuls1392 is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Mar 2013
08-Mar-2013, 07:56 AM #5
# AdwCleaner v2.114 - Logfile created 03/08/2013 at 06:50:42
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rahul - RAHULSPC
# Boot Mode : Normal
# Running from : C:\Users\Rahul\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Rahul\AppData\Local\Babylon
Folder Deleted : C:\Users\Rahul\AppData\Local\Conduit
Folder Deleted : C:\Users\Rahul\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Rahul\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Rahul\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\ex tensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\FC TB

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\pr efs.js

C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\us er.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109035&babsrc=HP_ss&mntrId=3[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109035");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "365d51760000000000002c4138121a7a");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "365d51760000000000002c4138121a7a");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15465");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:04:34");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.crossriderapp498.498.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp498.498.affid", "0");
Deleted : user_pref("extensions.crossriderapp498.498.backgroundjs", "\n/**************************************[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expirati on", "Fri Feb 01 2030 00:[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1318887292");
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.expiratio n", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22defa[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.expiration", "Mon Oct 24 2011 17:35:52 GM[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.value", "%7B%22geoplugin_city%22%3A%22Tom[...]
Deleted : user_pref("extensions.crossriderapp498.498.description", "RewardsArcade is a platform that allows us[...]
Deleted : user_pref("extensions.crossriderapp498.498.domain", "www.rewardsarcade.com");
Deleted : user_pref("extensions.crossriderapp498.498.emailsig", "");
Deleted : user_pref("extensions.crossriderapp498.498.exposesites", "");
Deleted : user_pref("extensions.crossriderapp498.498.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp498.498.group", 0);
Deleted : user_pref("extensions.crossriderapp498.498.homepage", "");
Deleted : user_pref("extensions.crossriderapp498.498.iframe", false);
Deleted : user_pref("extensions.crossriderapp498.498.js", "\n\n(function($) { \n\n $.geoplugin = function(o[...]
Deleted : user_pref("extensions.crossriderapp498.498.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp498.498.thankyou", "hxxp://www.rewardsarcade.com/r.php");
Deleted : user_pref("extensions.crossriderapp498.498.ver", 36);
Deleted : user_pref("extensions.crossriderapp498.apps", "498");
Deleted : user_pref("extensions.crossriderapp498.bic", "13313cfc5fcafc4ec894f37e3ccdaa91");
Deleted : user_pref("extensions.crossriderapp498.cid", 498);
Deleted : user_pref("extensions.crossriderapp498.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp498.installationdate", 1318887344);
Deleted : user_pref("extensions.crossriderapp498.jsver", 3);
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.customNewTab", false);
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.processAddrBar", false);
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.user_id", "52174561");
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.disablecuidinject ", "1");
Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.lastcheck", "Mon%20Oct%2017%202011%2017%3A[...]
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109035&babsrc=KW_ss&mntrId=365d5176000000[...]

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Rahul\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7708 octets] - [07/03/2013 16:24:53]
AdwCleaner[S1].txt - [7762 octets] - [08/03/2013 06:50:42]

########## EOF - C:\AdwCleaner[S1].txt - [7822 octets] ##########






Thanks for the help!
Unfortunately, this did not solve my problem on Chrome. I am still getting popups randomly.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Mar-2013, 12:35 PM #6
The only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
Then reboot & reinstall chrome
rahuls1392's Avatar
rahuls1392 rahuls1392 is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Mar 2013
13-Mar-2013, 09:35 PM #7
Thanks! This seems to have worked. Is there any way I can make sure that there are no more reminants of the program on my computer? Just to be sure.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Mar-2013, 04:19 AM #8
that is all we can do
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑