Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Random Freezes and BSOD on my laptop

(New)
(!)

icbarefoot's Avatar
icbarefoot icbarefoot is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: Nov 2006
29-Jun-2013, 12:39 PM
Random Freezes and BSOD on my laptop
I am running Windows 7 on my computer and it is running kind of sluggish and also intermittently crashing. Also the screen will go dark like it's asleep and won't come back on until I force a manual reboot, but the lights are all on and tapping the power button or keys does nothing. I have run panda anti-virus and malwarebytes so far. The former turned up some viruses but computer still crashes and I want to be sure it is not malware. also sometimes the computer dims and takes a while to come back on like it needs to process.

but the worst part is that in addition to the freezing I have intermittently been getting the Blue screen of death with increasing frequency, I don't think the code is always the same. I don't have it because I was too slow the last two times but I will get a picture when/if it happens again and post it. provided my computer is still running. I'm not sure if it is malware or a hardware problem but I have been unable to fix with updates and drivers so far.

Another thing that happened the other day is the taskbar disappeared, only the round window start button is there now. I've rebooted and it's the same, usually it's there at first but at some point it goes away.

Thanks!

Here are my logs

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:09:27 AM, on 6/29/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\ION\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\ION\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://pandasecurity.mystart.com/?

source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=F30917C6F770 71

C5C8F97D51B1E7DABE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows

\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: 216.239.32.20 www.google.ae # bck9
O1 - Hosts: 216.239.32.20 www.google.at # bck9
O1 - Hosts: 216.239.32.20 www.google.be # bck9
O1 - Hosts: 216.239.32.20 www.google.ca # bck9
O1 - Hosts: 216.239.32.20 www.google.ch # bck9
O1 - Hosts: 216.239.32.20 www.google.cl # bck9
O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
O1 - Hosts: 216.239.32.20 www.google.com # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ph # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.sg # bck9
O1 - Hosts: 216.239.32.20 www.google.com.tr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.tw # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ua # bck9
O1 - Hosts: 216.239.32.20 www.google.de # bck9
O1 - Hosts: 216.239.32.20 www.google.dk # bck9
O1 - Hosts: 216.239.32.20 www.google.es # bck9
O1 - Hosts: 216.239.32.20 www.google.fi # bck9
O1 - Hosts: 216.239.32.20 www.google.fr # bck9
O1 - Hosts: 216.239.32.20 www.google.it # bck9
O1 - Hosts: 216.239.32.20 www.google.lt # bck9
O1 - Hosts: 216.239.32.20 www.google.lv # bck9
O1 - Hosts: 216.239.32.20 www.google.nl # bck9
O1 - Hosts: 216.239.32.20 www.google.pl # bck9
O1 - Hosts: 216.239.32.20 www.google.pt # bck9
O1 - Hosts: 216.239.32.20 www.google.ro # bck9
O1 - Hosts: 216.239.32.20 www.google.ru # bck9
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program

Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-

0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -

C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program

Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -

C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}

- C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:

\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam

\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell

Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid

Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search

\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda

Security URL Filtering\Panda_URL_Filtering.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda

Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup

\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe

Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\Run: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -

autorun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B00333A6B577007C6B47730655C29106]

"C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe" --no-

startup-window
O4 - HKCU\..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -

autostart
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ION\AppData\Local\Google\Update

\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe"

/minimized /regrun
O4 - HKCU\..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] 0
O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software

\AppDataLow\Software\panda2_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software

\panda2_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software

\AppDataLow\Software\panda4_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software

\panda4_0dn" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software

\AppDataLow\Software\panda2_0dn" /f (User 'Default user')
O4 - Startup: Dropbox.lnk = ION\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files

(x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\ION

\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\ION\AppData

\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:

\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-

C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program

Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-

C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -

C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-

9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm

\roboform.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-

8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-

E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:

\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-

101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files

(x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote

\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:

\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files

\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files

\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program

Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8}

- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:

\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller

\15.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program

Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems

Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc)

- Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics

Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner -

C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files

(x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc.

- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour

\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner -

C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R)

Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner

- C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:

\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher

\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:

\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. -

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files

(x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel

Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology

\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin

\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management

Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R)

Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla

Foundation - C:\Program Files (x86)\Mozilla Maintenance Service

\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows

\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:

\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda

Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus

\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown

owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files

(x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:

\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA

Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core

\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -

Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. -

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R)

Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files

(x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions -

C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM

\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown

owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:

\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program

Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown

owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown

owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown

owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files

(x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) -

NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files

(x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated -

C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files

\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom

Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) -

Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -

Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification

Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R)

Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:

\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown

owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -

C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner -

C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files

(x86)\Common Files\AVG Secure Search\vToolbarUpdater

\15.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) -

Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown

owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -

Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101

(WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media

Player\wmpnetwk.exe (file missing)

--
End of file - 20622 bytes


DDS----

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.7.2
Run by ION at 10:07:50 on 2013-06-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3384 [GMT -5:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\ION\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\ION\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\ION\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.ex e
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=F30917C6F77 071C5C8F97D51B1E7DABE
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = c:\windows\syswow64\userinit.exe,
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge] <no file>
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup] <no file>
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
dRunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
dRunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f
dRunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
dRunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f
StartupFolder: C:\Users\ION\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dro pbox.lnk - C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all by FlashGet3 - C:\Users\ION\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - C:\Users\ION\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\16474777966696 : DHCPNameServer = 10.128.52.129 64.134.255.2 64.134.255.10
TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\2416275666F6F647E45647 : DHCPNameServer = 72.19.128.99 208.68.50.70 208.68.50.71
TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\27574786965626F6E64656C6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\64C45485943535 : DHCPNameServer = 192.168.3.100
TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\6656277647F677E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\74A434F6E63757C64796E676 : DHCPNameServer = 69.145.232.4 69.144.49.30 69.146.17.3
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 216.239.32.20 www.google.ae # bck9
Hosts: 216.239.32.20 www.google.at # bck9
Hosts: 216.239.32.20 www.google.be # bck9
Hosts: 216.239.32.20 www.google.ca # bck9
Hosts: 216.239.32.20 www.google.ch # bck9
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ION\AppData\Roaming\Mozilla\Firefox\Profiles\hd4303be.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.startup.homepage - hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=F30917C6F77 071C5C8F97D51B1E7DABE
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=5b97eeb3&tbp=url&toolbarid=pandasecuritytb&u=F30917C6F77071C5C8F97D 51B1E7DABE&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ION\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\ION\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\ION\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dl l
FF - plugin: C:\Users\ION\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\ION\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\ION\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\ION\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=010712_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b84571680000000000008ca9827b1769
FF - user.js: extensions.BabylonToolbar_i.hardId - b84571680000000000008ca9827b1769
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15531
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:54:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-11-20 30056]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-5 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-6-5 21616]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-5 45856]
R1 bckd;bckd;C:\Windows\System32\drivers\bckd.sys [2012-2-13 108304]
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-29 91368]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-29 122088]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-29 109288]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-29 114920]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2013-5-7 36584]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-29 95464]
R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-29 69864]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-29 119016]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-29 305896]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-29 118504]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-29 114920]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-29 246504]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-29 106216]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-11-20 284008]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-5-28 205544]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-16 98208]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-14 13336]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-5-28 140768]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-5-28 168680]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-5-28 122088]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-5-28 124648]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-5-29 137448]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-5-28 37344]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-5 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-9-1 5790064]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-5 2656280]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-6-6 1015984]
R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-6-5 27760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-6-5 175168]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-5 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-5 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-5 181760]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-6-26 58808]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-6-5 29288]
R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-13 565352]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-5 158976]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-12-19 29184]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-6-5 121960]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]
S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-5-28 105704]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720]
S3 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-9-1 487280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-9-1 18288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-19 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-10-20 131912]
.
=============== Created Last 30 ================
.
2013-06-29 14:31:02 -------- d-----w- C:\Users\ION\AppData\Local\Ashisoft
2013-06-29 14:25:03 -------- d-----w- C:\Users\ION\AppData\Roaming\Ashisoft
2013-06-29 14:24:47 -------- d-----w- C:\Program Files (x86)\Duplicate Finder
2013-06-29 03:36:47 -------- d-----w- C:\adobeTemp
2013-06-28 20:08:08 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BF73E8F-CE19-46A2-8565-FFCF03A2D1D3}\offreg.dll
2013-06-28 19:22:51 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BF73E8F-CE19-46A2-8565-FFCF03A2D1D3}\mpengine.dll
2013-06-26 05:09:22 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2013-06-21 04:15:04 -------- d-----w- C:\Program Files (x86)\pandasecuritytb
2013-06-20 20:38:20 -------- d-----w- C:\Users\ION\AppData\Local\ElevatedDiagnostics
2013-06-20 08:01:45 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-20 04:33:35 -------- d-----w- C:\Users\ION\AppData\Roaming\BlackMesa
2013-06-20 04:07:10 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-17 08:00:59 -------- d-----w- C:\Windows\CheckSur
2013-06-13 02:42:29 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-13 02:42:29 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-13 02:41:42 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-13 02:41:42 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-13 02:24:41 -------- d-----w- C:\Users\ION\AppData\Local\panda4_0dn
2013-06-07 14:03:40 -------- d-----w- C:\ProgramData\blekko toolbars
2013-06-06 13:46:06 -------- d-----w- C:\Users\ION\AppData\Roaming\Pattycake_Blue_Goo
2013-06-05 17:45:40 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2013-06-05 17:43:49 -------- d-----w- C:\Program Files\My Dell
2013-06-05 16:28:59 825752 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
.
==================== Find3M ====================
.
2013-06-29 00:06:11 2688232 ----a-w- C:\Windows\Lucid Dreaming Screensaver.scr
2013-06-13 02:43:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 02:43:08 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-06 15:51:36 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-05-29 22:16:45 137448 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
2013-05-29 10:55:24 246504 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
2013-05-29 10:55:24 106216 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
2013-05-29 10:55:23 118504 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
2013-05-29 10:55:23 114920 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
2013-05-29 10:55:22 69864 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
2013-05-29 10:55:22 305896 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
2013-05-29 10:55:22 119016 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
2013-05-29 10:55:21 95464 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
2013-05-29 10:55:21 114920 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
2013-05-29 10:55:21 109288 ----a-w- C:\Windows\System32\drivers\NNSHttps.sys
2013-05-29 10:55:20 91368 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
2013-05-29 10:55:20 122088 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
2013-05-28 16:25:41 105704 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
2013-05-28 16:25:40 205544 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
2013-05-28 16:25:40 124648 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
2013-05-28 16:25:05 122088 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
2013-05-28 16:25:04 168680 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-08 12:23:49 114280 ----a-w- C:\Windows\SysWow64\acaptuser32.dll
2013-05-07 19:29:42 36584 ----a-w- C:\Windows\System32\drivers\NNSNAHSL.sys
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 10:08:43.36 ===============

ATTACH
-------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/12/2011 2:07:06 AM
System Uptime: 6/29/2013 9:42:57 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0NJT03
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 231.763 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
L: is FIXED (NTFS) - 93 GiB total, 70.099 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP306: 6/24/2013 10:39:48 PM - Windows Update
RP307: 6/24/2013 11:26:35 PM - Windows Update
RP308: 6/24/2013 11:31:20 PM - Windows Update
RP309: 6/25/2013 8:03:29 AM - Windows Update
RP310: 6/26/2013 3:01:29 AM - Windows Update
RP311: 6/27/2013 3:01:23 AM - Windows Update
RP312: 6/28/2013 3:03:10 AM - Windows Update
RP313: 6/28/2013 7:05:20 AM - Windows Backup
RP314: 6/28/2013 3:55:34 PM - Removed OpenVPN Client
RP315: 6/29/2013 3:00:20 AM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 216.239.32.20 www.google.ae # bck9
Hosts: 216.239.32.20 www.google.at # bck9
Hosts: 216.239.32.20 www.google.be # bck9
Hosts: 216.239.32.20 www.google.ca # bck9
Hosts: 216.239.32.20 www.google.ch # bck9
Hosts: 216.239.32.20 www.google.cl # bck9
Hosts: 216.239.32.20 www.google.co.il # bck9
Hosts: 216.239.32.20 www.google.co.in # bck9
Hosts: 216.239.32.20 www.google.co.jp # bck9
Hosts: 216.239.32.20 www.google.co.kr # bck9
Hosts: 216.239.32.20 www.google.co.nz # bck9
Hosts: 216.239.32.20 www.google.co.uk # bck9
Hosts: 216.239.32.20 www.google.co.ve # bck9
Hosts: 216.239.32.20 www.google.co.za # bck9
Hosts: 216.239.32.20 www.google.com # bck9
Hosts: 216.239.32.20 www.google.com.ar # bck9
Hosts: 216.239.32.20 www.google.com.au # bck9
Hosts: 216.239.32.20 www.google.com.br # bck9
Hosts: 216.239.32.20 www.google.com.co # bck9
Hosts: 216.239.32.20 www.google.com.gr # bck9
Hosts: 216.239.32.20 www.google.com.hk # bck9
Hosts: 216.239.32.20 www.google.com.mx # bck9
Hosts: 216.239.32.20 www.google.com.my # bck9
Hosts: 216.239.32.20 www.google.com.pe # bck9
Hosts: 216.239.32.20 www.google.com.ph # bck9
Hosts: 216.239.32.20 www.google.com.pk # bck9
Hosts: 216.239.32.20 www.google.com.sg # bck9
Hosts: 216.239.32.20 www.google.com.tr # bck9
Hosts: 216.239.32.20 www.google.com.tw # bck9
Hosts: 216.239.32.20 www.google.com.ua # bck9
Hosts: 216.239.32.20 www.google.de # bck9
Hosts: 216.239.32.20 www.google.dk # bck9
Hosts: 216.239.32.20 www.google.es # bck9
Hosts: 216.239.32.20 www.google.fi # bck9
Hosts: 216.239.32.20 www.google.fr # bck9
Hosts: 216.239.32.20 www.google.it # bck9
Hosts: 216.239.32.20 www.google.lt # bck9
Hosts: 216.239.32.20 www.google.lv # bck9
Hosts: 216.239.32.20 www.google.nl # bck9
Hosts: 216.239.32.20 www.google.pl # bck9
Hosts: 216.239.32.20 www.google.pt # bck9
Hosts: 216.239.32.20 www.google.ro # bck9
Hosts: 216.239.32.20 www.google.ru # bck9
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
360Amigo System Speedup PRO
7-Zip 9.20 (x64 edition)
AccelerometerP11
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Content Viewer
Adobe Default Language CS3
Adobe Digital Editions
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe InDesign CS5
Adobe Linguistics CS3
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS5
Adobe Reader X (10.1.7) MUI
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced Audio FX Engine
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
AHV content for Acrobat and Flash
Alien Swarm
All Zombies Must Die!
Anomaly Warzone Earth Demo
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artisteer 3
Arx Fatalis
AVS Update Manager 1.0
Aztaka Demo
Bamboo
Batman: Arkham Asylum GOTY Edition
Beat Hazard
BioShock
BioShock 2
BIT.TRIP RUNNER
Blender
Blue Coat K9 Web Protection
Bonjour
Bos Wars
Boxoft WMA to WAV Converter (freeware)
Brink
Byte Red Timer
Camfrog Video Chat 6.2
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator 3.1
Canon MX870 series MP Drivers
Capsized - Demo
Castle Crashers
Combat Arms
ConnectWise Internet Client
Consumer In-Home Service Agreement
Cozi
Crysis(R)
D3DX10
Darkspore Demo
Dawn of War Demo
Dead Space
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell Webcam Central
Desura
DirectX 9 Runtime
DivX Setup
DriverUpdate
Dropbox
Dungeon Defenders
Duplicate Finder
EasyBits GO
eBay
Epson Event Manager
EPSON Scan
Eufloria
Evernote v. 4.5.10
F.E.A.R. 2: Project Origin
Fable III
Facebook Video Calling 1.0.0.8526
Facebook Video Calling 1.0.0.8714
Facebook Video Calling 1.0.0.8953
Facebook Video Calling 1.1.0.13
Facebook Video Calling 1.1.1.1
Facebook Video Calling 1.2.0.159
Facebook Video Calling 1.2.0.287
Fallout 3 - Game of the Year Edition
FileZilla Client 3.5.3
FlashGet 3.7
Free WMA to MP3 Converter 1.16
From Dust
GameSpy Comrade
Glest 3.2.2
GoodSync
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript
GraphicsGale FreeEdition version 1.93.18
H&R Block Colorado 2010
H&R Block Deluxe + Efile + State 2010
Hacker Evolution Duality Demo
Half-Life
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
I-Doser Free
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor 2.0
Intel(R) Wireless Display
Internet Explorer
IrfanView (remove only)
iTunes
Java 7 Update 7
Java(TM) 6 Update 22
Java(TM) 6 Update 24 (64-bit)
Java(TM) 6 Update 29
JavaFX 2.1.1
Junk Mail filter update
Killing Floor
Killing Floor Mod: Defence Alliance 2
Kobo
Lame ACM MP3 Codec
Last.fm 1.5.4.27091
Left 4 Dead
Left 4 Dead 2
LIMBO Demo
Lucid Dream Preparation
Lucid Dreaming Kit
Lucid Dreaming Screensaver
Machinarium
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Morrowind
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Fusion 2
My Dell
NoteTab Light 6 (Remove only)
Nuclear Dawn
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Oblivion
OpenAL
OpenOffice.org 3.3
PaintTool SAI Ver.1
Panda Cloud Antivirus
Panda Security Toolbar
Panda Security URL Filtering
PDF Settings
Pdf995 (installed by H&R Block)
PDFCreator
PdfEdit995 (installed by H&R Block)
PhotoShowExpress
Portal
Portal 2
PunkBuster Services
Quickset64
QuickTime
RAGE
RBVirtualFolder64Inst
Reality Check
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RoboForm 7-8-0-5 (All Users)
RockMelt
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
SBaGen 1.4.4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Toolbars
Skype™ 6.5
SlimCleaner
SlimDrivers
Sonic CinePlayer Decoder Pack
Soul Reaver 2 (remove only)
Source SDK Base 2006
Source SDK Base 2007
Spiral Knights
Star Wars: Knights of the Old Republic
StarCraft II
StartNow Toolbar
Steam
Stratagus (64 bit)
Synaptics Pointing Device Driver
System Requirements Lab CYRI
Team Fortress 2
Team Fortress 2 Beta
TES Construction Set
The Path - Prologue
The Sims(TM) 3
Thief - Deadly Shadows
Tom Clancy's Rainbow Six 3: Athena Sword
Tom Clancy's Rainbow Six 3: Gold Edition
Toolbar Cleaner 1.0
TreeSize Free V2.6
Trillian
Ubisoft Game Launcher
Unity Web Player
Unreal Anthology
Unreal Development Kit: 2009-11
Unreal Tournament 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Warhammer® 40,000™: Dawn of War® II - Single Player Demo
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/29/2013 9:48:01 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/29/2013 9:48:01 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
6/29/2013 9:46:02 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/29/2013 9:45:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
6/29/2013 9:44:14 AM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
6/29/2013 9:44:14 AM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
6/29/2013 9:44:14 AM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
6/29/2013 3:02:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430).
6/28/2013 3:34:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
6/28/2013 10:31:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000117 (0xfffffa80083c24e0, 0xfffff8800f222a88, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\062813-68188-01.dmp. Report Id: 062813-68188-01.
6/27/2013 6:01:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ION-PC\ION SID (S-1-5-21-1291173224-2023153693-1731437870-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/27/2013 5:24:13 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/27/2013 5:22:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/27/2013 5:22:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/27/2013 5:22:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/27/2013 5:22:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/27/2013 5:22:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache NNSALPC NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPIHSW NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC PSINKNC spldr Wanarpv6
6/27/2013 5:22:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/27/2013 5:22:06 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
6/27/2013 5:16:56 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \\?\Volume{c77cee39-8f72-11e0-bac9-806e6f6e6963}.
6/27/2013 10:28:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
6/26/2013 9:38:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
6/26/2013 9:38:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
6/26/2013 9:38:47 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2013 12:12:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
6/26/2013 12:12:14 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2013 12:08:28 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
6/26/2013 12:08:24 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
6/26/2013 12:05:31 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
6/25/2013 8:14:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2013 8:09:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/25/2013 8:09:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/25/2013 8:09:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD bckd DfsC discache NetBIOS NetBT NNSALPC NNSHTTP NNSHTTPS NNSIDS NNSNAHSL NNSPICC NNSPIHSW NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC nsiproxy Psched PSINKNC rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2013 8:03:14 AM, Error: Service Control Manager [7031] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/25/2013 8:03:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
6/25/2013 7:35:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
6/25/2013 7:35:41 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/25/2013 7:01:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
6/25/2013 6:53:31 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
6/25/2013 6:52:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
6/25/2013 6:52:32 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2013 11:02:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Desura Install Service service to connect.
6/24/2013 11:02:27 PM, Error: Service Control Manager [7000] - The Desura Install Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2013 10:26:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
6/24/2013 10:26:45 PM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Ark.txt


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-29 11:35:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698.64GB
Running: vj814210.exe; Driver: C:\Users\ION\AppData\Local\Temp\pwldrpow.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\PnkBstrA.exe[2656] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072d41a22 2 bytes [D4, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2656] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072d41ad0 2 bytes [D4, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2656] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072d41b08 2 bytes [D4, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2656] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072d41bba 2 bytes [D4, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2656] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072d41bda 2 bytes [D4, 72]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075a14406 6 bytes JMP 719c0f5a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceNextW 0000000075a14cbc 6 bytes JMP 71a80f5a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceEnd 0000000075a15239 6 bytes JMP 71a50f5a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000075a1575a 6 bytes JMP 71af0f5a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!recv 0000000075a16b0e 6 bytes JMP 719f0f5a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!send 0000000075a16f01 6 bytes JMP 71a20f5a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075a17089 6 bytes JMP 71990f5a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000075a17489 6 bytes JMP 71960f5a
? C:\Windows\system32\mssprxy.dll [5884] entry point in ".rdata" section 00000000730871e6
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000660911a8 2 bytes [09, 66]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000660913a8 2 bytes [09, 66]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000066091422 2 bytes [09, 66]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000066091498 2 bytes [09, 66]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0x104b628; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0x104b668; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0x104b5a8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0x104b528; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0x104b728; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0x104b768; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0x104b6e8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0x104b6a8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0x104b468; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0x104b4a8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0x104b428; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0x104b5e8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0x104b568; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0x104b4e8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0xa01e28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0xa01e68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0xa01da8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0xa01d28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0xa01f28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0xa01f68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0xa01ee8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0xa01ea8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0xa01c68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0xa01ca8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0xa01c28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0xa01de8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0xa01d68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0xa01ce8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0x867228; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0x867268; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0x8671a8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0x867128; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0x867328; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0x867368; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0x8672e8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0x8672a8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0x867068; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0x8670a8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0x867028; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0x8671e8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0x867168; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0x8670e8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0xf69e28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0xf69e68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0xf69da8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0xf69d28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0xf69f28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0xf69f68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0xf69ee8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0xf69ea8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0xf69c68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0xf69ca8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0xf69c28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0xf69de8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0xf69d68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0xf69ce8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0x8c8e28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0x8c8e68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 2 bytes [BA, A8]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 8 0000000077a2fc08 4 bytes {MOV [RAX], ES; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 2 bytes [BA, 28]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8 0000000077a2fc20 4 bytes {MOV [RAX], ES; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0x8c8f28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0x8c8f68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0x8c8ee8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0x8c8ea8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0x8c8c68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0x8c8ca8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0x8c8c28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 2 bytes [BA, E8]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8 0000000077a310a8 4 bytes {MOV [RAX], ES; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 2 bytes [BA, 68]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 8 0000000077a31120 4 bytes {MOV [RAX], ES; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0x8c8ce8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0xcef228; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0xcef268; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0xcef1a8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0xcef128; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0xcef328; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0xcef368; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0xcef2e8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0xcef2a8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0xcef068; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0xcef0a8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0xcef028; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0xcef1e8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0xcef168; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0xcef0e8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0x666e28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0x666e68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0x666da8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0x666d28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0x666f28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0x666f68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0x666ee8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0x666ea8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0x666c68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0x666ca8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0x666c28; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0x666de8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0x666d68; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0x666ce8; JMP RDX}
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
.text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
.text ... * 2
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
.text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7016:8156] 000007fefba42a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7016:2568] 000007fee977d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7016:6432] 000007fee977d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7016:6944] 000007fef3935124
---- Processes - GMER 2.1 ----

Library C:\Users\ION\AppData\Local\Temp\nstC36F.tmp\System.dll (*** suspicious ***) @ C:\Users\ION\Desktop\dds.scr [7232] 0000000010000000
Library C:\Users\ION\AppData\Local\Temp\nstC36F.tmp\Banner.dll (*** suspicious ***) @ C:\Users\ION\Desktop\dds.scr [7232] 00000000003c0000
Library C:\Users\ION\AppData\Local\Temp\nstC36F.tmp\nsExec.dll (*** suspicious ***) @ C:\Users\ION\Desktop\dds.scr [7232] 0000000000840000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CDC8395C-008A-466E-823B-1B0439C0CA04}\Connection@Name isatap.{375F99C5-5A81-4537-A445-02522EA5BFB1}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{323EB616-AAB7-4061-BEEA-36F08F9AEB07}?\Device\{CDC8395C-008A-466E-823B-1B0439C0CA04}?\Device\{9259DDA5-B659-41EE-ABF7-448985CE6865}?\Device\{F788BF1B-6EA0-433D-86A7-B69FE98845A4}?\Device\{19D8491D-B683-41E3-84D6-AFAE8576E832}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{323EB616-AAB7-4061-BEEA-36F08F9AEB07}"?"{CDC8395C-008A-466E-823B-1B0439C0CA04}"?"{9259DDA5-B659-41EE-ABF7-448985CE6865}"?"{F788BF1B-6EA0-433D-86A7-B69FE98845A4}"?"{19D8491D-B683-41E3-84D6-AFAE8576E832}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{323EB616-AAB7-4061-BEEA-36F08F9AEB07}?\Device\TCPIP6TUNNEL_{CDC8395C-008A-466E-823B-1B0439C0CA04}?\Device\TCPIP6TUNNEL_{9259DDA5-B659-41EE-ABF7-448985CE6865}?\Device\TCPIP6TUNNEL_{F788BF1B-6EA0-433D-86A7-B69FE98845A4}?\Device\TCPIP6TUNNEL_{19D8491D-B683-41E3-84D6-AFAE8576E832}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDC8395C-008A-466E-823B-1B0439C0CA04}@InterfaceName isatap.{375F99C5-5A81-4537-A445-02522EA5BFB1}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDC8395C-008A-466E-823B-1B0439C0CA04}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 23633

---- EOF - GMER 2.1 ----


Thanks for the assistance.

Ian
icbarefoot's Avatar
icbarefoot icbarefoot is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: Nov 2006
02-Jul-2013, 12:58 PM
bumping this.
icbarefoot's Avatar
icbarefoot icbarefoot is offline
Member with 30 posts.
THREAD STARTER
 
Join Date: Nov 2006
17-Jul-2013, 02:57 PM
bump
I updated all my drivers and ran cleanup and my bar is back, the freezes seem to stop but I still get the BSOD every few days which has me worried. It flashes by to fast to record the error, I need to keep a pencil and pad by the desk because there's no time for a picture but may be time to write some numbers, if I'm lucky.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!


Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑