Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Too many processes and too much physical memory being used

(In Progress)
(!)

konsowa's Avatar
konsowa konsowa is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2013
20-Jul-2013, 09:09 PM #1
Too many processes and too much physical memory being used
Hello, lately my computer seems to be getting slower with over 100 processes on avg and about 90% of the memory being used, how can i solve this problem? is this pc infected?


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:06:29 AM, on 7/21/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)

FIREFOX: 22.0 (en-US)
Boot mode: Normal

Running processes:
C:\Users\Konsowa\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\Konsowa\AppData\Local\Akamai\netsession_win.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Razer\Razer Game Booster\gbtray.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Konsowa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Konsowa\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alnaddy.com/?afltid=wbpk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL
O2 - BHO: Alnaddy.com Helper Object - {55928DD2-8878-4275-AAB3-B3A09A67A1EB} - C:\Program Files (x86)\Alnaddy.com\alnaddyToolbar\1.6.9.16\bh\alnaddyToolbar.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: Alnaddy.com Toolbar - {CD3AED25-23AB-4543-B915-159449C37197} - C:\Program Files (x86)\Alnaddy.com\alnaddyToolbar\1.6.9.16\alnaddyToolbarTlbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Konsowa\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Free YouTube Download - C:\Users\Konsowa\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.ht m
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CFCBFF4-A3BE-4BCD-B59C-BC570DDDC709}: NameServer = 213.131.65.20 213.131.66.246
O17 - HKLM\System\CCS\Services\Tcpip\..\{44BAA6BC-7532-4FA6-9738-AB5E49198948}: NameServer = 213.131.65.20 213.131.66.246
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2FA0FE3-82C5-4AFD-8D28-4B1DF6B14762}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{D99268AF-4CBF-4C65-9C2B-146A58A9BB5C}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\users\konsowa\desktop\newfol~1\bin\detour.dll c:\progra~2\browse~2\sprote~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: DTSAudioService - DTS - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mobinil USB Modem. OUC (Mobinil USB Modem. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobinil USB Modem\UpdateDog\ouc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - MySQL AB - C:\xampplite\mysql\bin\mysqld.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

--
End of file - 15509 bytes
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,448 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jul-2013, 06:13 AM #2
Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
konsowa's Avatar
konsowa konsowa is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2013
21-Jul-2013, 10:06 AM #3
# AdwCleaner v2.306 - Logfile created 07/21/2013 at 16:05:08
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Konsowa - KONSOWAZ-PC
# Boot Mode : Normal
# Running from : C:\Users\Konsowa\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\user.js
File Found : C:\Users\Konsowa\AppData\Local\funmoods-speeddial_sf.crx
File Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Folder Found : C:\Program Files (x86)\BrowserCompanion
Folder Found : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Found : C:\Program Files (x86)\Funmoods
Folder Found : C:\ProgramData\~0
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\BrouwsEe2save
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrouwsEe2save
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Konsowa\AppData\Local\APN
Folder Found : C:\Users\Konsowa\AppData\Local\Babylon
Folder Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Konsowa\AppData\Local\PackageAware
Folder Found : C:\Users\Konsowa\AppData\LocalLow\bbrs_002.tb
Folder Found : C:\Users\Konsowa\AppData\Roaming\Babylon
Folder Found : C:\Users\Konsowa\AppData\Roaming\dvdvideosoftiehelpers
Folder Found : C:\Users\Konsowa\AppData\Roaming\Funmoods
Folder Found : C:\Users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\Users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\r16l93jp.default\ extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\r16l93jp.default\ jetpack

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~2\sprote~1.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Blabbers
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Funmoods
Key Found : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserCompanion
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchn okgfpphh
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiaf dgfeehoj
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F31 65C-74D3-6FDB-3274-14FDA8698CFA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F31 65C-74D3-6FDB-3274-14FDA8698CFA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Browse rCompanion
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoo ds
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-3920387077-942025914-700066375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\r16l93jp.default\ prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);
Found : user_pref("aol_toolbar.default.search.check", false);
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("extensions.515f183f72d12.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && [...]
Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "a8a9fa2c000000000000002586e8aa62");
Found : user_pref("extensions.BabylonToolbar_i.id", "a8a9fa2c000000000000002586e8aa62");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15450");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1713:33:11");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.1] : urls_to_restore_on_startup ={"backup":{"session":{["hxxp://www.google.com","hxxp://searchfunmoods.com/?f=1&a=nv2&cd=2XzuyEtN2Y1L1QzutCyE0D0A0EzyyCzz0CyDtC0F0F0AtB0CtN0D0Tzu0CyEy CtCtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=1263485266&ir=","hxxp://www.alnaddy.com/?afltid=wbpk"]}},"browser":{"clear_data":{"browsing_history":false,"cookies":false,"downl oad_history":false,"form_data":false,"time_period":0},"clear_lso_data_enabl ed":true,"last_known_google_url":"hxxps://www.google.com.eg/","last_prompted_google_url":"hxxps://www.google.com.eg/","pepper_flash_settings_enabled":true,"window_placement":{"bottom":691,"le ft":890,"maximized":true,"right":1735,"top":0,"work_area_bottom":1040,"work _area_left":0,"work_area_right":1920,"work_area_top":0}},"cloud_print":{"em ail":""},"countryid_at_install":21843,"default_apps_install_state":2,"devto ols":{"split_location":330},"download":{"directory_upgrade":true,"extension s_to_open":""},"extensions":{"autoupdate":{"last_check":"13013905091192895" ,"next_check":"13013967123880581"},"blacklistupdate":{"lastpingday":"130139 38794938299","version":"0.0.0.148"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"last_chrome_version":"26.0.1410.64","settings":{"aakhlmakppmkkmfkoibponk mmpgpmjgl":{"blacklist":true},"aandpgohbohmlknpjbblpmoladhoochg":{"blacklis t":true},"aangdcfipmfploijfkoonkajgpdkfmbm":{"blacklist":true},"abciiempgoh amehppammbkhkicmkgkob":{"blacklist":true},"abfclfmhaemoockhhinpplncjehfpdbd ":{"blacklist":true},"abidmaanmbfeddegmapgpjhdmgjaloen":{"blacklist":true}, "acchaoeabgiclhngknbkegekbfphgndl":{"blacklist":true},"acmpfcamncegnhjdeiod gilikjafcamg":{"blacklist":true},"acomnmbomlajgjbcijkflekoojdfcldj":{"black list":true},"aconhjfogglfnkjhkjipaifepjklolog":{"blacklist":true},"aebfkgca mgnimcbnbiopgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoae bld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":tru e},"aglmapjbjphdidmnileogpjkgpdoliep":{"blacklist":true},"agmhonoepgcnakccf pidhjehlocaeaaj":{"blacklist":true},"agodbcffjkjcnceklapkjfcmkfepmbgm":{"bl acklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"a pi":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"h","creation_flags":1,"from_bookmark":false,"from _webstore":false,"install_time":"13009649069582994","location":5,"manifest" :{"app":{"launch":{"web_url":"hxxps://chrome.google.com/webstore"},"urls":["hxxps://chrome.google.com/webstore"]},"description":"Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"}, "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy 7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB ","name":"Chrome Web Store","permissions":["appNotifications","webstorePrivate","management"],"version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.43\\resources\\web_store","wa s_installed_by_default":false},"ahjfgnikolodijnpakeknpilnemojlhc":{"blackli st":true},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist":true},"aieihijcjc ccdiepockaiekhpflicdii":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneemp p":{"blacklist":true},"ajlkjjdbgcjdiklbcomhnfghjigfccoh":{"blacklist":true} ,"ajneiojjdhceikkgmhnjhgaacpfhldpi":{"blacklist":true},"akadaakimgegecohlif eejdnnjbnobop":{"blacklist":true},"akbdojiajlefghcdclgkgmbbljamgehd":{"blac klist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"aldalon ecchncedclgcndcndgilaclnk":{"blacklist":true},"alfahpoknocfdebmiclonikapcnl jlob":{"blacklist":true},"aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":tr ue},"amfgdngndpfldigimkcindjalokfnmem":{"blacklist":true},"amoobcjlpgloocpl pikcldcpjjdnoeii":{"blacklist":true},"anmjpohfnlopdfaojooicpemopnliimn":{"b lacklist":true},"aofechiiopolnegcjcddgedjabmkemhf":{"blacklist":true},"aoji cjocmihiopalnhjikigammkhgckb":{"blacklist":true},"aokenbhllkgpooaacldiamnpm mgkjblo":{"blacklist":true},"apdebchnkegjokdjplmfmepcdgneemhe":{"blacklist" :true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnlabk eipnbbicmcahnamibgb":{"blacklist":true},"bbjciahceamgodcoidkjpchnokgfpphh": {"ack_external":true,"active_permissions":{"api":["cookies","tabs"],"explicit_host":["*://*.facebook.com/*","*://f.funmoods.com/*","*://igor.funmoods.com/*","hxxp://*/*","hxxp://addon.greetingmoods.com/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":f alse,"from_webstore":false,"install_time":"13009649074226237","location":3, "manifest":{"background":{"page":"background.html"},"browser_action":{"defa ult_icon":"img/16.png","default_popup":"dropdown.html","default_title":"Funmoods"},"conten t_security_policy":"script-src 'self' hxxps://addon.greetingmoods.com/ hxxps://cdn.montiera.com/ hxxps://ssl.google-analytics.com/ ; object-src 'self' ;","description":"Enhance your facebook chat with smileys, emoticons, winks and much more...","icons":{"128":"img/128.png","16":"img/16.png","32":"img/32.png","48":"img/48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5x Su+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmh BnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB","manifest_version":2,"name":"Funmoods","p ermissions":["tabs","cookies","hxxp://*/*","*://*.facebook.com/","hxxp://addon.greetingmoods.com/","*://igor.funmoods.com/*","*://f.funmoods.com/*"],"update_url":"hxxp://funmoods.com/public/download/chrome/update.xml","version":"2.3"},"path":"bbjciahceamgodcoidkjpchnokgfpphh\\2.3_ 0","state":0,"was_installed_by_default":false},"bccdgfmbcjkfkinkkagaflgdaoa amogo":{"blacklist":true},"bcddmcejgphfgofbpoocakaeapfomlek":{"blacklist":t rue},"bckhfnghfdponbaldednpnljadgfjecj":{"blacklist":true},"bdgijcibmhjjccg bdohofncdjcophknj":{"blacklist":true},"benclngoadbppljglhphhnfknoppmjoa":{" blacklist":true},"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":true},"bhk dpodceenlocjmmgodpbbpkafkpljc":{"blacklist":true},"bhmahaiplmeodpakkcchmola ihbhkpdl":{"blacklist":true},"biiponhbbifajapmbggbgaepiedinifm":{"blacklist ":true},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklist":true},"bioeopenmokd gbekbgpgnacecjmpckbb":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj" :{"blacklist":true},"bkhafliomebnpccanacmlfaemgfiofko":{"blacklist":true}," bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"bkplhcigeaiiliajeeheh iikokgocbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameigoohecdfl":{"blackl ist":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"active_permissions":{"api" :["appNotifications"]},"app_launcher_ordinal":"t","creation_flags":9,"from_bookmark":false,"from _webstore":true,"granted_permissions":{"api":["appNotifications"]},"install_time":"13010341666085883","lastpingday":"13013938795008299","loc ation":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/?feature=ytca"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","descript ion":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD CBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNv ExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","manifest_version":2, "name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.6"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbl dkacnbeo\\4.2.6_0","state":1,"was_installed_by_default":false},"bmjhmeeepkk bmjdajachipfgihmpokpd":{"blacklist":true},"bndahdijlcnncjbpammoedeapmlobllc ":{"blacklist":true},"bnffnggkphadlnoopcoakdnkellnifjp":{"blacklist":true}, "boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihc gajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"black list":true},"bpfadpmhabiajakhgnaipdplkcjaklnj":{"blacklist":true},"canhmdgd depdjikkjhpmhcfdkkjdbppi":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaaj agb":{"blacklist":true},"cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":tru e},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cbhhdkemlehgodemc igfabmcdnohhhef":{"blacklist":true},"cbjlfaogacjpkplebfbijaakaifoflno":{"bl acklist":true},"cconecmbohgadkjghlfbchmjpgbobkaf":{"blacklist":true},"cdoga eccgljmkecjmoedambgiekkllij":{"blacklist":true},"cedclbokcakighlpbnbhfjffdj eihfdp":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist": true},"cepfogmgfkddnllaopgknbdfkceejmhk":{"blacklist":true},"cfbdodejdeejbk ffcmiaknpmojjeibpn":{"blacklist":true},"cfdedhfmaeiheeklgodcmcgfpedooocj":{ "blacklist":true},"cfnfobbpdaccoljfahpmfjdmbfmmkeof":{"blacklist":true},"cf ogpbanfnocakdckmgafapdlmclpiln":{"blacklist":true},"cgnegjfmdfenjojhjffejin pnpoglmlh":{"blacklist":true},"cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklis t":true},"chhniecmnighakmlnhkifeogjddhoajn":{"blacklist":true},"chlplighidm hpgmidehfmjfdlahakjog":{"blacklist":true},"cidnoinjdbalndcidafahfnoeehfblfl ":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true}, "cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhpohinff ggbphnhoblea":{"blacklist":true},"cjpglkicenollcignonpgiafdgfeehoj":{"ack_e xternal":true,"active_permissions":{"api":["bookmarks","contextMenus","history","management","storage","tabs","topSite s","unlimitedStorage","webNavigation"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":f alse,"from_webstore":false,"install_time":"13013528136513530","location":3, "manifest":{"background":{"page":"background.html","persistent":true},"chro me_url_overrides":{"newtab":"newtab/newtab.html"},"content_security_policy":"script-src 'self' hxxps://ssl.google-analytics.com; object-src 'self'","current_locale":"en_US","default_locale":"en","description":"Newta b Speed Dial by Funmoods","icons":{"128":"assets/128.png","16":"assets/16.png","48":"assets/48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRqN9D2z7WOarG6HPbopi FxzXhGGBycI3jvJwPztlgJ6/vTsLX2SLP1xj54If/v/5F6Nz1WHHhOgTgaQ0xCch4ELAluUDnjx/gjtMi1nlw38O+TWcinxlXVVE4zRtd+p6iMxrrhno7LRykN4iyjqhK2RqYrTHbb1LDj4f4vcY/6wIDAQAB","manifest_version":2,"minimum_chrome_version":"23","name":"Newtab ","permissions":["storage","unlimitedStorage","contextMenus","webNavigation","history","book marks","tabs","management","topSites","chrome://favicon/","hxxp://*/*","hxxps://*/*"],"update_url":"hxxp://update.speedial.com/addons/funmoods-ch.xml?v=fn-tv8-c3","version":"8.2","web_accessible_resources":["newtab/newtab.html"]},"path":"cjpglkicenollcignonpgiafdgfeehoj\\8.2_0","state":0,"was_installed _by_default":false},"ckckpgefkpjfopjppjfcikppehdhceah":{"blacklist":true}," ckphhghhpjbfddcgkpfbelfeojcciglo":{"blacklist":true},"clapnamcglekekmamicmb ahkghdcjaeh":{"blacklist":true},"clfhanhcjmgjnbpjfopldmnabimhmcmp":{"blackl ist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"cmlokmkdo lieoaoddlfhaidnlmiadhik":{"blacklist":true},"cmnfphnmpedeolmelllmgkghmjcnla jp":{"blacklist":true},"cnimdnlablahacgompaahbgohcokcclp":{"blacklist":true },"cniodhfhdiidogekcjkplecimemfocpn":{"blacklist":true},"coajchbkdbfhmhbgcj epiofllfjjcpfp":{"blacklist":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"app _launcher_ordinal":"w","creation_flags":9,"from_bookmark":false,"from_webst ore":true,"install_time":"13010341663812883","lastpingday":"130139387950082 99","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"}," key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55X B9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuN fv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","mani fest_version":2,"name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.20"},"page_ordinal":"n","path":"coobgpohoikkiipiblmje ljniedjpjpf\\0.0.0.20_0","state":1,"was_installed_by_default":false},"copjb edljgpkaakkmbhgkpoaadeahido":{"blacklist":true},"cpiiakoibaohkfoaijaigdnocf olnmll":{"blacklist":true},"dadcalgappognjbjpalfophhcfakoeac":{"blacklist": true},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbanhghadfmjnd njmmejdgfdmgidlbpm":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{ "blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dc fefnkefopibnlcjhjcfegckhanekld":{"blacklist":true},"dcpjokbfgfnbaekphjgehhj aokkcifbj":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklis t":true},"deocpjmfifplhepinpkmpinpnbiemfje":{"blacklist":true},"deonbedlmak dddidplniclflladdjoep":{"blacklist":true},"dfafokiagoiocidlpglcanjkcdbdnioi ":{"blacklist":true},"dfjhgoeofgmepmcngkhnaiphbhdbonhp":{"blacklist":true}, "dfoegfajplmijblljfancdapbdaopebb":{"blacklist":true},"dgaehaeahdegbdlenicb mkbakhdgoeml":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"black list":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dhclobck lknojliojkkclgjndemadnig":{"blacklist":true},"dhdepfaagokllfmhfbcfmocaeigmo ebo":{"blacklist":true},"dhmghpedmigfknfpolfmkihcaeiccjgf":{"blacklist":tru e},"dibljdngacjhpccjckmlmeklpgjeinjd":{"blacklist":true},"digmihafmlfkgdbjj dgbcojghcgcoeoa":{"blacklist":true},"diinokaoicgobepmadnmedlhdfnpehcj":{"bl acklist":true},"dinhjcapnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"djnah dkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true},"djpnjilhooodipllnjedjeiabk boakok":{"blacklist":true},"dkhkecikbdfpoiopnnpoeglbdphgflmf":{"blacklist": true},"dkpdmjefniplpkalcgnainfmmclllpnn":{"blacklist":true},"dlobhinihbmedm heccecfnkcadpehmbf":{"blacklist":true},"dlopielgodpjhkbapdlbbicpiefpaack":{ "blacklist":true},"dmabikjmolgegjajdhmgpmgffajlmmkb":{"blacklist":true},"dm hgenmamfphbclmhdgmffajkfommkom":{"blacklist":true},"dmhjdbigobajgnfoabodjgm cdgoeoljm":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklis t":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{"blacklist":true},"doneghboglg nflpdicnkaojmmljgejkj":{"blacklist":true},"dpaphgcjeeochbiafgbochohgmpcmlbj ":{"blacklist":true},"dpcdiabehkofdddfhdmkgkndjilfoppd":{"blacklist":true}, "dpfanoongnoofcdhgijjdjmbnfekdejj":{"blacklist":true},"dpgenihgggagjjggfocj ceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"black list":true},"eagmciolnojfofmggkffclbonhleeank":{"blacklist":true},"ebdcdchj cndpjhehacedepnggfdbfkpn":{"blacklist":true},"ebhdpnhjbfkchfamjcpebpeddhhic nab":{"blacklist":true},"echjhfifjidfhoappglfmoffcpmpkigb":{"blacklist":tru e},"echngajnlpjeacbanjejlhcajjfoedcc":{"blacklist":true},"ecinfbhalenfhdhnl jmkglajfjjfehoj":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"bl acklist":true},"eemcgdkfndhakfknompkggombfjjjeno":{"active_permissions":{"a pi":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs "],"explicit_host":["chrome://favicon/*","chrome://resources/*"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_t ime":"13009649069581994","location":5,"manifest":{"chrome_url_overrides":{" bookmarks":"main.html"},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","description":"Bookmark Manager","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD QcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","ma nifest_version":2,"name":"Bookmark Manager","permissions":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs ","chrome://favicon/","chrome://resources/"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.43\\resources\\bookmark_manag er","was_installed_by_default":false},"efbeabpbbkahnnjalakldjfhljboclkf":{" blacklist":true},"efcnjdcimjmggfdkahncpoikhehcfgnh":{"blacklist":true},"efh jelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjc eeeondmn":{"blacklist":true},"efonemhbokfedckpfpohpmcamfihnnlm":{"blacklist ":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoi npkllmmnikghgpghnabc":{"blacklist":true},"ehmjnpjodmgeocfphkjjnheiheehcoid" :{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true}," eiflkkehgogioennialfbilppmegcpoa":{"blacklist":true},"eihjeehdobnpkonebmpan onopghepfle":{"blacklist":true},"eijbdinddjecmebnlienfoijpjjobkjh":{"blackl ist":true},"einmhcleeonenkkldjlmhhcmgolhblhh":{"blacklist":true},"ejakhnjbo mgngodiidgbkapjgbdckhnh":{"blacklist":true},"ejijgghlncnaphklndknkbkclebfbo ca":{"blacklist":true},"ejlekamipdcfcfpgfepjmklllbpeecaj":{"blacklist":true },"ekikoahmboikmmclhnijlmldpmleahnh":{"blacklist":true},"elcaigjcaijbfpjnga ekbblphmfjdhfo":{"blacklist":true},"emcdpbapjmnjgoannclkongdfboaabho":{"bla cklist":true},"ennkphjdgehloodpbhlhldgbnhmacadg":{"active_permissions":{"ap i":["app.currentWindowInternal","app.runtime","app.window"],"explicit_host":["chrome://settings-frame/*"]},"app_launcher_ordinal":"w","creation_flags":1,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":false,"install_time":"13009649069584 994","location":5,"manifest":{"app":{"background":{"scripts":["settings_app.js"]}},"description":"Settings","display_in_launcher":true,"display_in_new_tab_ page":false,"icons":{"128":"settings_app_icon_128.png","16":"settings_app_i con_16.png","32":"settings_app_icon_32.png","48":"settings_app_icon_48.png" },"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuua pgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB","manifest_version":2,"name":"Settings","permissions":["chrome://settings-frame/"],"version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.43\\resources\\settings_app", "running":false,"was_installed_by_default":false},"eofejpelggimkodeojpeojnb ijgiglgh":{"blacklist":true},"eopmhecjnginkckggjmhombbopmkjpam":{"blacklist ":true},"epbmnbdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"fafoohpbicgb cejffcplajonhhooddle":{"blacklist":true},"fakdahljemjliginkgdehfoocmjgloam" :{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true}," fbjjhbijaiopkcdolheliknnjlkaekeb":{"blacklist":true},"fbmgoajoadbjhoachcdip lofcblaihdc":{"blacklist":true},"fbmimoidopbghbcmdmpkjaffffmcbmbg":{"blackl ist":true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blacklist":true},"fcijaeofm fihkldhkofkjoibdoeoflha":{"blacklist":true},"fclheclkknbgfndeahkfdomollhmfk cn":{"blacklist":true},"febmhchodibcbchcofonaamfglbjhggg":{"blacklist":true },"fekjidlkjnecepnlmdmjohmgpkdlbegi":{"blacklist":true},"ffgfbfakpcnngelphj nppokmoicdollk":{"blacklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{"bla cklist":true},"fhpclkemjlhmbfbjakbmdjihocinkmim":{"blacklist":true},"fiapkd jniadkodmdibdnchoifkpfoiid":{"blacklist":true},"fibgploapkhokkbncddlkcmbmie ngcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpmifhbkiinp":{"blacklist":t rue},"fiiblakkkkgeljngobmpeljjapemenhi":{"blacklist":true},"fjhfnfakmfcejgm fkmnapemgblmehppf":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{" blacklist":true},"fjpofaghniailakahnhkjjfbfonpfglo":{"blacklist":true},"fla lbhkmnijcnpialgakicllnabckmhi":{"blacklist":true},"fleljamdchegbjeiipbnmieb nhgheeld":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist ":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgba bjifjfaoamdflijecdbk":{"blacklist":true},"fngolbdmkneakeaoiieafkilnogbocda" :{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true}," fnihpenllbnplcglabekelhhblcdndbb":{"blacklist":true},"fnkaadkanmfgpfbmdcllh jdgmdbgljpi":{"blacklist":true},"fnnmbghphdnmmjdapccfobgjemjadeli":{"blackl ist":true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blacklist":true},"foenbafkk majnmfnlcmejonkfaipdmme":{"blacklist":true},"folhciaicehdnoalhbkbgkakfcocko pc":{"blacklist":true},"fomljmklmcefndkgpakgifbiiidgbjej":{"blacklist":true },"fommcgokigkhmnhlhlkckfjhefnmfohd":{"blacklist":true},"fopgndklnkecillfbd mfknhmadmenikm":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"bla cklist":true},"fpbkafpphnhlpakobppekmkebmbhkoco":{"blacklist":true},"fpjdac kpllilinpkgmhkpidkanmccblc":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgn pkgmf":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbgkgahg":{"blacklist":t rue},"fpokembamndopkflopmplkklbdngnknd":{"blacklist":true},"gagalgomhifgcme ciklindhpaihmecgi":{"blacklist":true},"gaicmfjflflabagobdiodejfpjikheeo":{" blacklist":true},"gandihaiobadcggbfkhpbkocmiemjlnf":{"blacklist":true},"gbe nikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"gchbiabnbdikkgfhnkclecjn cojnkmhb":{"blacklist":true},"gdggdkkjecogagaffaemnbfmllcoihjp":{"blacklist ":true},"gdlgbpbmiiagaikjbednkikinokbkbcb":{"blacklist":true},"geggofhlfbcm anadhknllmlajiafopoh":{"blacklist":true},"gekkhpjigmckhgmgngadbeknekgpgolb" :{"blacklist":true},"gfjfhihpkmehdmblhfaikkipeplpdcla":{"blacklist":true}," gfmmoiakbmdohkgeoekiokjgljcminig":{"blacklist":true},"ggkpicnfnljflddbdoeea ajjgepapcbf":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blackl ist":true},"ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":true},"gifglngcd bggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebio lo":{"blacklist":true},"gjmhdmobkhfhkpfmfegnkkimlamjdldi":{"blacklist":true },"gkcfodgjdcijjlliehfhgohlkemcbobl":{"blacklist":true},"gkhbgnodbilglgholi fcjdblbgdaieah":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"bla cklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm":{"blacklist":true},"gklphm okmaaepjgandocpneomjlidjag":{"blacklist":true},"glhhlafadlhkgbklgbjnmblfhnk fknbm":{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhcjeb":{"blacklist":t rue},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelb fhlndhljnecoednaa":{"blacklist":true},"gngfmjidncdccdlfjcjbnngeaaclfgpl":{" blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gob jcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"goedioiidkokkbobdnopnlna aalniegm":{"blacklist":true},"gomkbnfeifchddfokcicibjnlgbolhol":{"blacklist ":true},"gompblemgafijijmlgbaepcijfgfgljf":{"blacklist":true},"gpdcodmabpgm ncbkhpipakhehepmpopk":{"blacklist":true},"gpgehbjbkfhngdlfpfeokjgbkmmokjhe" :{"blacklist":true},"gplgjmecjpbfcdikpbicknafcnfcidek":{"blacklist":true}," hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hbdhabpmbbanaopgkbaon dabkkepjfaf":{"blacklist":true},"hbmlheccjkodhfejcmblndjodllmnlnl":{"blackl ist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchn lgojmnijaldkicigmihmdca":{"blacklist":true},"hdijkiondgomjpehfhopomicjbiodm cm":{"blacklist":true},"hdnbmmfjbblajkjkcaeofolgfnljpnim":{"blacklist":true },"hecijapnccjhonbmacmkmffooodfokoo":{"blacklist":true},"hefmoncdemhjembgbn kgglhlookbipdc":{"blacklist":true},"hfcgbiofoebieldldghfocjfnnajmpej":{"bla cklist":true},"hfjpjodbolkmheaehcnmfhjakjileoof":{"blacklist":true},"hfpfbh nmbbigpmoodjemilggabklpopj":{"blacklist":true},"hgbaomphocgmdpmiohjclchaalj paelp":{"blacklist":true},"hgboiaecclcbjphldpbgfgggcbihmnai":{"blacklist":t rue},"hgjgaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true},"hhbihfbjoifhheb cnchglobmkmapgjkm":{"blacklist":true},"hhfffemhgkginfafaoapljdllodppana":{" blacklist":true},"hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist":true},"hhj mkijkgojfifipdgmiemghfikbohcm":{"blacklist":true},"hhlgbfcfbkhlmajakkcjippg pcmejkko":{"blacklist":true},"hhommgjjeekpmpcbdmfnhpchijdkgaei":{"blacklist ":true},"hilncbjbdpnfepdidfchmdclhpnlegpj":{"blacklist":true},"himgjpdejpik enoibmolgmfblolpahno":{"blacklist":true},"hjkhligcnpfjhjlapmejaiaiigibofif" :{"blacklist":true},"hjnigaibahdeadcdnpnommdehajodlhc":{"blacklist":true}," hkbgccpdcpbdckohbknjlamamelcnlki":{"blacklist":true},"hkjcejgfmaanpncnpoidg bhoikcaeepd":{"blacklist":true},"hkjfdgjkgpbbdmadbglcgljjjddkcdha":{"blackl ist":true},"hmmoglffhpmacaacfbbmbbkcbdkjphnc":{"blacklist":true},"hnbcdmfeo ldeppcbnnjmjkdofohaljbn":{"blacklist":true},"hncomkjbbkchfjelocejkbbflmjhlh fp":{"blacklist":true},"hnipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true },"hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist":true},"hnnebfeppcbhhbhiif eaajgcjnkljlld":{"blacklist":true},"hnonhhpgjnjcjfbkjdpfbkfpaodcmncb":{"bla cklist":true},"hnpgphegniamplngojaffllhjahkgbfl":{"blacklist":true},"hpcdoo djfcmpcpkeendjnjkeinimhkih":{"blacklist":true},"hphibigbodkkohoglgfkddblldp fohjl":{"blacklist":true},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":t rue},"iablioliielnhdianpbiijaoncbmfend":{"blacklist":true},"ibnhidklhjoopeb onemhliklfbhndjjd":{"blacklist":true},"iccblehkchfmjgfafjcpjlkjcponhdhl":{" blacklist":true},"icihfeaofpcfehanhbnjigdlpfahjlee":{"blacklist":true},"idb dlnkdnaodonmgnimcfelpngbmcpjk":{"blacklist":true},"iedogbkombgmapifenoojnmp cnjighfm":{"blacklist":true},"iemfpgbdjfoihicbocpbjppipdbfimeh":{"blacklist ":true},"ifbkndkaolfbjjhnnhfmkbkoclpdkpli":{"blacklist":true},"ifeijfpkjcke dpclgncedmgdiaoeahmk":{"blacklist":true},"igaajdmlejbjcbmpmnigopikfdaccdcm" :{"blacklist":true},"igbaoknfddliiaoimhehfbkfekpmmfll":{"blacklist":true}," igghanohiioehififjoalfkdoicafjof":{"blacklist":true},"iggjepemmdkieakihpomc cndhdfcljdp":{"blacklist":true},"igjhgaoajaccjllfkfffboldnmncmhoh":{"blackl ist":true},"igkdgkdiiolilocklmiolkpoohacojop":{"blacklist":true},"ihnembcpo dnfgkafmiojebccomjekopm":{"blacklist":true},"iiiinekimabooeihccihfopoadcaap hn":{"blacklist":true},"iijdejcjlbgbpkdjanfjanndnffpkfdl":{"ack_external":t rue,"active_permissions":{"api":["notifications","plugin","tabs"],"explicit_host":["hxxp://*/*"],"scriptable_host":["file:///*","hxxp://*/*","hxxps://*/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":f alse,"from_webstore":false,"install_time":"13009658159178652","lastpingday" :"13013938795008299","location":3,"manifest":{"background_page":"bg.html"," content_scripts":[{"all_frames":true,"js":["json2.min.js","ct.js","appCntrl.js"],"matches":["hxxp://*/*","hxxps://*/*","file:///*"]}],"description":"Alnaddy Chrome Toolbar","icons":{"128":"logo.png","48":"logo.png"},"key":"MIGfMA0GCSqGSIb3 DQEBAQUAA4GNADCBiQKBgQCkKub7xEwZ0oIehWUztF+thfTAze3qNtrM3RTu7uUSr6qi9aQ28ji +03E29pXu7Nkh2OEvZ1xNEeEr2H9hp9R5TI+stpoZVPeQvXEF9oA3SmWB2Y/wsMG0qxwrYM/hyOvI3DrAVPKQC61i8zgjJDBRqjQOTl4lKC+i+4O8HG73nwIDAQAB","name":"Alnaddy Chrome Toolbar","permissions":["tabs","hxxp://*/","notifications"],"plugins":[{"path":"ctb.dll","public":true}],"version":"1.0"},"path":"iijdejcjlbgbpkdjanfjanndnffpkfdl\\1.0_0","state": 0,"was_installed_by_default":false},"ijecjbcgpblkacpijljpaienknanaloa":{"bl acklist":true},"ijenlpgidnapbndonoinbkhekgjonojg":{"blacklist":true},"ijjmb bddenkbenbcfldgghhjgjmcnioo":{"blacklist":true},"ilhjicgcglhjigdehkcehjdokm kahbjl":{"blacklist":true},"iljfgjkppapinhcgonhjnipfppfmfedh":{"blacklist": true},"ilmknaabackgdbnkgbihgpgiopnlkjek":{"blacklist":true},"imfbomjbodpfgf hfahlgkkcllmhbelhk":{"blacklist":true},"imkffpjpdngdkpgadcmnlkhhmhdocijn":{ "blacklist":true},"inbhlfpapeikbbgpfionabkigakepbbm":{"blacklist":true},"in dfhnliadamglhalanplbajgenpjdml":{"blacklist":true},"iobnpmeeecphddicmhhmdjb nlbdhjlne":{"blacklist":true},"iomejadoamfilglofmeaffghddcgapmf":{"blacklis t":true},"jabpdgllijbnknhkgjideeajfofafckp":{"blacklist":true},"jaejgaoiipd jjlbnapngknalafalbkej":{"blacklist":true},"jafnimahlamccccjbkhjjpeiipiedpik ":{"blacklist":true},"janhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true}, "jaoiiahdoamhobamdkmcmielddmnelko":{"blacklist":true},"jbfebbkjjmkcoldeaeel hpconkmgjhbg":{"blacklist":true},"jbmbiepnidbnhbbfdbgioomdkgnbcacj":{"black list":true},"jbnafcjbcfgejacaanogofkkehcomamp":{"blacklist":true},"jcmipeje poimfflnoapdmkdephgjinck":{"blacklist":true},"jddbdddmbfencninofcgnodekclof paj":{"blacklist":true},"jdiakcmbpmcnniggjcmcjknnklpdlogc":{"blacklist":tru e},"jeehjhnmgohgpfpjneglogiholalkeip":{"blacklist":true},"jfalnphfjdoalcdhl nhdpekbmmopkgkj":{"blacklist":true},"jfhmafmjfdblceidmfdmoihamolaaeco":{"bl acklist":true},"jfjagidcpadkoaonbogmbgfimmnefeie":{"blacklist":true},"jgdka ppiifgomhgikcjbanhnmlekpeje":{"blacklist":true},"jgmpapdckakiohhebmeoemejib ommimi":{"blacklist":true},"jgoljhcbgajhbhnchplgjdkknendhjnn":{"blacklist": true},"jhhabiomopkibeecgngiggmopkeofacl":{"blacklist":true},"jihmekmccilkoc efjpejdebpapohlhjb":{"blacklist":true},"jiiccolbjkhpgockodneljpejdeaaodf":{ "blacklist":true},"jindbcpkhnnnjgcjgmkjedbibibiojjf":{"blacklist":true},"ji ofcofpcbijcnlpekdkpmgjdppajbjb":{"blacklist":true},"jjahldbngdicbnejidklgki enpkdcpba":{"blacklist":true},"jjhackoobdibnnndjopfjldbjmohkpdk":{"blacklis t":true},"jjnkfllhcgkgnfbekpnmoikpfihpjfli":{"blacklist":true},"jkihmglffmf jedfbpbpdbbimcodjbmdh":{"blacklist":true},"jkkfmenldnihjkgnolhlakhaepomhoob ":{"blacklist":true},"jkmhalpofmlfeglboejbchpoijnkmcgh":{"blacklist":true}, "jljfnkmkkdkppfndippkedacgfkafped":{"blacklist":true},"jmbkhogpjgjpfjhpdikl oblkbkljkgao":{"blacklist":true},"jmeanodbelbflfmnkfdjgpikmldgjjko":{"black list":true},"jmifipgdcllamghkhdplfjffkciekbgo":{"blacklist":true},"jnehbnhj kefckoljkcmjfgkkeejhipgi":{"blacklist":true},"jokbafidjfknjbchmcakabjgdiiac gek":{"blacklist":true},"jolgdmpdhloiienhblmiimamomhdphlk":{"blacklist":tru e},"jpehgolpfgnknboibogccapmdcadjkbd":{"blacklist":true},"jpeijjbllejgmokma hkeommcodahoobm":{"blacklist":true},"jpgidahfcgiajlcbleeiaibpmmblcmnb":{"bl acklist":true},"jpiedgcdjigcoeagojmlokclbljokpon":{"blacklist":true},"jpkdl ckejfjidmplieobnhijmoiecbhl":{"blacklist":true},"kbipembkfhbdmkkkfbigmohilm knjnof":{"blacklist":true},"kbmkecfipofebpaikgifajmahdmadlnb":{"blacklist": true},"kcanfkmhccbaheheaackijegkclkaeic":{"blacklist":true},"kcfnnanmpghdno ompcfclakpacapnfbn":{"blacklist":true},"kcgplbmkmfcpngilmhjmebdgkkpbdemp":{ "blacklist":true},"kcmnkpehkjhodoodchlmgnicaifckhdj":{"blacklist":true},"kd chmeaiapjkejkcbeclgjklemecieeg":{"blacklist":true},"kdcnnmifdmlmjffdgeieikc okcogpbej":{"blacklist":true},"kdfahjokahcbmecgaandpobmgiiknagf":{"blacklis t":true},"kdicckonacionpoompfoopggkgimjpcb":{"blacklist":true},"kdjhalklkkc modeicjiaekcgifkcepaf":{"blacklist":true},"kdpcgcpfnkolljkhgdbbgimplfkhakec ":{"blacklist":true},"keknhkokjnjhgpcofobpcbelddppeolp":{"blacklist":true}, "kelcbonmemlciepjdmfcifnhloeammhj":{"blacklist":true},"kelljdoinjlkmkncffga dbebgpmlcang":{"blacklist":true},"keoimpnicgbcjamfdgpcecihicnbmhej":{"black list":true},"kffhenjbibjnbnjhlkcdlmpeccpaohio":{"blacklist":true},"kfodnkhd fdgeaegehjjnkjkieloddelg":{"blacklist":true},"kgbkdabomfdpfoibliicpmibceaoo hgh":{"blacklist":true},"kgbmmcjgkkecjcafigegjphkmkdpnggo":{"blacklist":tru e},"kgdhnhadbnpeibkghaebmhmngobdafag":{"blacklist":true},"kgdkcodealpfjolmi agcogfbgmaamegh":{"blacklist":true},"kgdmldjagfciieddcnlhampgkajkpanc":{"bl acklist":true},"khgjomcpjblpoaipanicbfjfgcfbpegp":{"blacklist":true},"kibgm cdcfmcglajcfbecilngejnfppjp":{"blacklist":true},"kiipngoehgkgkackngaidmhmnc hfbmio":{"blacklist":true},"kincjchfokkeneeofpeefomkikfkiedl":{"blacklist": true},"kinhljbhjmcmoddhdoodekeklmjapjff":{"blacklist":true},"kkhejjmlcfbcle olhadhekjbcanoopna":{"blacklist":true},"kkhomejdleoonmbdhcigkhkjcghngncf":{ "blacklist":true},"kkkeikdkpjenmoiicggnnodbkebafgpc":{"blacklist":true},"kl eaapgdkahaekcocmkbgfainbhihccj":{"blacklist":true},"kljhmdlkclaglodecegamnp ioaflmage":{"blacklist":true},"kmlebjoghkhpapfhbdikannggmmffnco":{"blacklis t":true},"kojkdbedffnppdoalcfkkeelbhbklhgp":{"blacklist":true},"kolbbghckji lleabphhgeggcgpfidofi":{"blacklist":true},"kpbfifeiomkhocgkkffocfinoedcjebg ":{"blacklist":true},"laicaenbonaajhkmfhhbpiapobdieffm":{"blacklist":true}, "lambangeielkjcnmioccboaphdfcffib":{"blacklist":true},"lbaddolhebpnhdcdkicp cflhnfamcemn":{"blacklist":true},"lbcmmpmjjaockhkcofljpakjcbmjmgla":{"black list":true},"lbficnmfealeidppcbgdcbemgfjodbkg":{"blacklist":true},"lcbfjcek jncehfbcimlogajbekmoeblm":{"blacklist":true},"lcccggoiffkhgfkefgbicjdgdnfpo ihn":{"blacklist":true},"lceaiepehinnomgijphkmjccbigkljkj":{"blacklist":tru e},"lcfkojlnjnedeoepfemhdgkhiabkeadc":{"blacklist":true},"lcmpleboacinanffc dgenhhbkboclkjb":{"blacklist":true},"ldgfapfmnplpaohbbadnecegcpfkfall":{"bl acklist":true},"ldmoahefokhfelhpbgfjpelcdbahdofk":{"blacklist":true},"leccg hfplhenabeogpibljliijgapfgb":{"blacklist":true},"lfechjkgjjijfjoandhakaghde imjcod":{"blacklist":true},"lfggokjjaanlfikbbapgnfemifmddalf":{"blacklist": true},"lgalokbapphhklmilicdefmgbjkcmldf":{"blacklist":true},"lgcnahanhlfpce encjmlehpfklokhojk":{"blacklist":true},"lhajoamjgchgljkdjigcgmmcehjkagan":{ "blacklist":true},"lhgbajoidigcpmgbnnonllfkndhahmie":{"blacklist":true},"li fbcibllhkdhoafpjfnlhfpfgnpldfl":{"ack_external":true,"active_permissions":{ "api":["plugin","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["file:///*","hxxp://*/*","hxxps://*/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":f alse,"from_webstore":false,"install_time":"13013119330572382","lastpingday" :"13013938795008299","location":3,"manifest":{"background":{"page":"backgro und.html"},"browser_action":{"default_icon":"skype.png","default_title":"Op tions"},"content_scripts":[{"all_frames":true,"js":["contentscript.js"],"matches":["hxxp://*/*","file://*/*","hxxps://*/*"],"run_at":"document_end"}],"description":"Skype Click to Call","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMxFysW3wPKWRPPe3xuJQz3m 1ZDLX1hN8EYdP37tRPf7lp8vIhG4xirlXHGK748qcLPc4Lm8WsHDhvS5okN54Kwcnw4T2tBXSCZ JxMmlu14HZ5yc/t969QLTPLIbAsasq4NVo40YuP2B7umxV9BlcxZEB9TEKPEQq8DRoKhj9jBQIDAQAB","manifes t_version":2,"name":"Skype Click to Call","permissions":["tabs","hxxp://*/*","hxxps://*/*"],"plugins":[{"path":"npSkypeChromePlugin.dll","public":true}],"version":"6.8.0.12323","web_accessible_resources":["change_sink.js","contentscript.js","document_iterator.js","find_proxy.js", "get_html_text.js","global_constants.js","menu_injection_builder.js","menu_ injection_handler.js","name_injection_builder.js","number_injection_builder .js","string_finder.js","flags.gif","numbers_common_active_icon_set.gif","n umbers_common_inactive_icon_set.gif","numbers_free_icon_set.gif","skype_nam e_icon_set.gif","space.gif","call_icon.png","dropdown_menu_icon_set.png","n umbers_button_skype_logo.png","skype.png"]},"path":"lifbcibllhkdhoafpjfnlhfpfgnpldfl\\6.8.0.12323_0","state":0,"was_i nstalled_by_default":false},"likifpgnijjfbdegfepoalpamlgnfofi":{"blacklist" :true},"liomofjeffddiiccaolcnllbhnipbkhe":{"blacklist":true},"ljcicfibknpml cmcecddjlbgkejehhpa":{"blacklist":true},"ljeihpebkahejeacdalhkhmckmggppif": {"blacklist":true},"ljlppmpjdogefnanekncklkjgpnhpcpd":{"blacklist":true},"l jmjoloiepllcndinchenhomcdcgbgef":{"blacklist":true},"lkdimamelhbiijkiljlned mhnnkkmlbl":{"blacklist":true},"lkfdchejjogilmloogbbjlnlpbhgjfab":{"blackli st":true},"lkhcbijhgfchgdmklonlobkfbcadbokg":{"blacklist":true},"lljnngafek bnkpdfophmcdlbfebcbcld":{"blacklist":true},"lmhdacagnmfmomeodbgmlghejdbmldg e":{"blacklist":true},"lnahlgmhpghkhmafjppdidhcoaomipfg":{"blacklist":true} ,"lnbeebaenahmkbffnimghceldeeihfak":{"blacklist":true},"lncjcfkpannmofmpgdf oonkniofdnaba":{"blacklist":true},"lndempehphjoeimfchjflohpmhamiamf":{"blac klist":true},"lnjgjionmhobdfdegbciceafphgemjnc":{"blacklist":true},"lnlaebl encbjjjeaanegaldcjfekeled":{"blacklist":true},"lodollblmkailkkdiijmoccefdfj ohgk":{"blacklist":true},"loggadfheaoeabmkgolecncpfdfioefa":{"blacklist":tr ue},"lojppnndedobolgfepahepphhloediji":{"blacklist":true},"loldehkdjdncebfn ncknlkdchjclifbn":{"blacklist":true},"lookpbabilcplifjdeifacodednpacmk":{"b lacklist":true},"lpgiafapdmlapiokjnmpbbfkomiceoml":{"blacklist":true},"lplm cpcnhpbffpcfiaddbeaplhhbengd":{"blacklist":true},"maakimnachffhlgdhfomaejee aikgjap":{"blacklist":true},"mafccdbbhekjhemajjejkaidndokeena":{"blacklist" :true},"magllcifjcllaafcdplnajmobccbcdlo":{"blacklist":true},"mamfageekafif nickhgkibkofcclfefe":{"blacklist":true},"mandondadnlimicalgkbkaohmeopdojj": {"blacklist":true},"mbifidpgmfiielflaipknojhpfcljmgo":{"blacklist":true},"m bmdaiddhfoljplpdhohimgieioblfif":{"blacklist":true},"mcbkimglepddodbiongpoh peidioafgk":{"blacklist":true},"mcknnlhkkdbcppajgefagceglahcafjd":{"blackli st":true},"mdiehnlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true},"mdngbiejio alifclonjepjjfppmbgned":{"blacklist":true},"megkcfpbmemnpkgadkoompnoajcolpn i":{"blacklist":true},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissio ns":{"api":["cloudPrintPrivate"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_t ime":"13009649069582994","location":5,"manifest":{"app":{"launch":{"web_url ":"hxxps://www.google.com/cloudprint"},"urls":["hxxps://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBi QKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D 5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQI DAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.43\\resources\\cloud_print"," was_installed_by_default":false},"mfffdpnblflpobcnekhekiahepofaane":{"black list":true},"mfgkkephjfnkggbmahehnjhdcmkioaff":{"blacklist":true},"mfhfkclo jmdocagbmecgcnlofppebebd":{"blacklist":true},"mfncimdpmknolnnnccdmkpnpkaofo nkc":{"blacklist":true},"mfooalpniplhaaealemjpchkchmmgdko":{"blacklist":tru e},"mgdgiplcofghdmpekdeeceolepakodcb":{"blacklist":true},"mgndgikekgjfcpckk fioiadnlibdjbkf":{"app_launcher_ordinal":"t","creation_flags":1,"from_bookm ark":false,"from_webstore":false,"install_time":"13009649069583994","locati on":5,"manifest":{"app":{"launch":{"web_url":"hxxp://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"1 28":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGS Ib3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLf K4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name": "Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.43\\resources\\chrome_app","w as_installed_by_default":false},"mhbffdldpckobeihgebaamjalehefnia":{"blackl ist":true},"mhldlgmggplfkkjgpgjjpebflplpgekg":{"blacklist":true},"mickhiflm jglhpdpfigpkpjiipfdlphj":{"blacklist":true},"mikpklndmiopinkkmalgoophegfnmm fh":{"blacklist":true},"mjalegijammcloleihdmooifidcjggjp":{"blacklist":true },"mjgobkikdipfikmaoakdcdbicpioljgg":{"blacklist":true},"mjhlngjakabhonjagn limeicooahajpl":{"blacklist":true},"mjolnadmlahbpepjaemohnkhpjkbhmef":{"bla cklist":true},"mknjbohhleiicbpagpgmhoaigbblmnic":{"blacklist":true},"mkobbl pffgbncfhijabakfafmkjdmmnm":{"blacklist":true},"mlmegahemifabfmdnndafagnncf bnahn":{"blacklist":true},"mlmmbepkgelpbenpobinockmiehdahai":{"blacklist":t rue},"mlnndjkcclbekgoebkenkdgiggaomaed":{"blacklist":true},"mlnoedbhndgbjcb eadjfnmjloejlgojk":{"blacklist":true},"mmjodihhmnpkldljaifiajmlnpflfhpm":{" blacklist":true},"mndoohjdoechinpkfbkolflbonciahfo":{"blacklist":true},"mnh cgaghminpdabllkbkecahjfkdiabk":{"blacklist":true},"mnichagcickblneeijmfnmoi akigmmhf":{"blacklist":true},"mnllienogacopjnkmhgnniopjpgjpopp":{"blacklist ":true},"mogepbcllienegdibkfpmombhefhcoic":{"blacklist":true},"mokdlfbphidp iopnlfejpcmadcbomckn":{"blacklist":true},"mpcglemopeoeapmagdbeenepkdbajape" :{"blacklist":true},"mpgehpkneknbopplhmmkfijfiniddipf":{"blacklist":true}," mplhbhmkccidaokcelbcbcmhhedebcng":{"blacklist":true},"mplpabdbfbloeiboikmdb nggfnjbjmlh":{"blacklist":true},"naopgnjebjeeedbbhcadkhkmeefmloho":{"blackl ist":true},"nbfcehkihbmpebblmfkihadebllgfmgl":{"blacklist":true},"nbieffehf dniifkgdckbndjhojohbfjj":{"blacklist":true},"nckmikohoilfkcoahbjpbgbpegcjgn gm":{"blacklist":true},"ncpdanjmicnihdlijomcggnnekloephc":{"blacklist":true },"ndhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true},"ndibdjnfmopecpmkdi einmbadjfpblof":{"ack_external":true,"active_permissions":{"api":["cookies","management","plugin","tabs","unlimitedStorage","webNavigation"," webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["\u003call_urls\u003e","hxxp://dnt.cloud.avg.com/*","hxxp://dntf.cloud.avg.com/*"],"scriptable_host":["\u003call_urls\u003e","hxxp://toolbar.avg.com/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":f alse,"from_webstore":false,"install_time":"13013903997317165","lastpingday" :"13013938795008299","location":3,"manifest":{"background":{"page":"cont ent/background.html"},"browser_action":{"default_icon":"content/icons/logoAVG.png","default_title":"AVG Do Not Track"},"content_scripts":[{"all_frames":false,"js":["content/js/content.js"],"matches":["\u003call_urls\u003e"],"run_at":"document_end"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"content_security_policy":"script-src 'self' 'unsafe-eval'; object-src 'self'","current_locale":"en_US","default_locale":"en","description":"AVG Security Toolbar","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT +A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","manifest_version":2,"name":"AVG Security Toolbar","options_page":"content/options.html","permissions":["\u003call_urls\u003e","tabs","webNavigation","unlimitedStorage","cookies", "management","plugin","webRequest","webRequestBlocking","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"15.2.0.5"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\15.2.0.5_0 ","state":0,"was_installed_by_default":false},"ndiogongcmocdgjciemhagfhpjam ehpe":{"blacklist":true},"negkalblfongjbphdcbbhddlickhlamd":{"blacklist":tr ue},"nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist":true},"nfecfkjnlkbphobj bcnphimihniieehc":{"blacklist":true},"nhbfbnmmdjkjahhfdeklgphihfodfgnb":{"b lacklist":true},"nhboiakpmibkbkbeehchlfkggmhphpnk":{"blacklist":true},"nhkm ojkfnknbbmhbnacjdlodokeophkl":{"blacklist":true},"nhooocacdhkpbmoocdclodjld dcebfoe":{"blacklist":true},"niapdbllcanepiiimjjndipklodoedlc":{"ack_extern al":true,"ack_prompt_count":1,"active_permissions":{"api":["tabs"],"explicit_host":["\u003call_urls\u003e"],"scriptable_host":["\u003call_urls\u003e"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":f alse,"from_webstore":false,"install_time":"13009658159218652","location":3, "manifest":{"background":{"page":"background.html"},"content_scripts":[{"js":["yl.js"],"matches":["\u003call_urls\u003e"],"run_at":"document_end"}],"content_security_policy":"script-src 'self' 'unsafe-eval'; object-src 'self'","description":"Add Yontoo to your web experience.","icons":{"48":"y2_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQC1QuP3Oh7W1BChzJrLJZHGegsCjf+XRykCTm+Dqae3hVTCoz9gkXVN91kDQLmjEjG UZaR74SQsbgV8wI/QhGdcb1m2tw5rAXIcgS8KbanF0a3mDJjlVooxBOkfI0Ae2kQDIwAaTwkKLZjZ+YL6MQUQlsN3Kk AW4PRQkmE/+biX6wIDAQAB","manifest_version":2,"name":"Yontoo","permissions":["tabs","\u003call_urls\u003e"],"update_url":"hxxps://download.yontoo.com/chrome-update.xml","version":"1.0.3"},"path":"niapdbllcanepiiimjjndipklodoedlc\\1. 0.3_1","state":1,"was_installed_by_default":false},"nibohffepnilngkecenfdgn okfhmnkod":{"blacklist":true},"nidmbljkkcbdfklgdkklgjgmhejmbojn":{"blacklis t":true},"nidodbfomffkfabciljelkbdiabkeehe":{"blacklist":true},"nifbebeekin defklojhchehidpikbjfc":{"blacklist":true},"nihhbeikpchdddoillfdcdinnnnllmna ":{"blacklist":true},"nikpibnbobmbdbheedjfogjlikpgpnhp":{"ack_external":tru e,"active_permissions":{"api":["background","contextMenus","plugin","tabs"],"explicit_host":["hxxp://*.youtube.com/*","hxxps://*.youtube.com/*"],"scriptable_host":["hxxp://*.youtube.com/*","hxxps://*.youtube.com/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":f alse,"from_webstore":false,"install_time":"13009649074346237","lastpingday" :"13013938795008299","location":3,"manifest":{"background":{"page":"backgro und.html"},"content_scripts":[{"css":["dvs_freeyoutubedownload.css"],"js":["dvs_freeyoutubedownload.js"],"matches":["hxxp://*.youtube.com/*","hxxps://*.youtube.com/*"],"run_at":"document_end"}],"content_security_policy":"script-src 'self' hxxps://ssl.google-analytics.com; object-src 'self'","current_locale":"en_US","default_locale":"en","description":"Run DVDVideoSoft Free YouTube Download","icons":{"128":"dvs_logo_128.png","16":"dvs_logo.ico","32":"dvs_l ogo_32.png","48":"dvs_logo_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDaCWFizilBLd9sYTblYhFnaowEtfxkyIRw5PA8K1HhC0IFf5qzC/uzCcFX5SJJV9DtPPBnpdyiOwFhFeBysVN2OB/CfBGxHqeUUpxcBU8fZvYsg30+VK1KOHfycyARvdk9P6AgNvHT2YmgJza0IZBUR1U7idBjBFwNe+ AhEHCe5QIDAQAB","manifest_version":2,"name":"DVDVideoSoft Browser Extension","permissions":["tabs","hxxp://*.youtube.com/*","hxxps://*.youtube.com/*","contextMenus","background"],"plugins":[{"path":"np_dvs_plugin.dll"}],"version":"1.0.1.1","web_accessible_resources":["images/YoutubeToMp3.png","images/YoutubeDownloader.png","images/backbar.png","images/download.png","images/headphone.png","fs.png","dvs_freeyoutubedownload.css","dvs_freeyoutubedownl oad.js","logo.png","errorRunProgramm.html"]},"path":"nikpibnbobmbdbheedjfogjlikpgpnhp\\1.0.1.1_0","state":0,"was_insta lled_by_default":false},"nlefocohkhlgmjdhgkjgdodobmffjbod":{"blacklist":tru e},"nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true},"nloaaepkhcnmoakoo ihnefhhggbmemed":{"blacklist":true},"nmgpbidjnaebdlbdbpjggenmbaolmfoi":{"bl acklist":true},"nmmnodocfckpoddcgihiihcdinaonckb":{"blacklist":true},"nmphb nbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true},"nnioepmjbjjlflmdgjanlcmbja hljeeo":{"blacklist":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist": true},"noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true},"npadaghbcdejfn gcjpbnoikajdnongca":{"blacklist":true},"npfpmgjnfcklmaipcffpjhapedmpjggj":{ "blacklist":true},"npolaghondefgiomhkbiiompikfjneep":{"blacklist":true},"oa fccdmmjdpialdmgenjfhijoondgncj":{"blacklist":true},"oakhllhnbcpgagdafgbninl pjdemdmjk":{"blacklist":true},"oanjogmonneelfpnfmdlalfddkeckdej":{"blacklis t":true},"obfnipbbnnhkbafmdbbfpgfgbjmmkgpm":{"blacklist":true},"obgljnmblda helaakfdbjkplokjoneip":{"blacklist":true},"obhplmafmpmelgapjjbfhcdkicnhakhf ":{"blacklist":true},"oblicopoaionpjoapgjmmoncjadpdioh":{"blacklist":true}, "ochmdkhojipfibbplgpeeggeimnagcfd":{"blacklist":true},"ocmhjnhildbnglmlfimk jnnfgddelacb":{"blacklist":true},"ocnlnkjmfnolmbclblfhfhcakldceiec":{"black list":true},"odeckaficnaplobiiaomegfbokokehhb":{"blacklist":true},"odefpckf dnfkeandbeccopcpncnbkonn":{"blacklist":true},"odnamglmogfldajnhkfodmloofeok cmm":{"blacklist":true},"oebmjchahlpmalnjpeagiibojcbfmema":{"blacklist":tru e},"oelhhkgiajkjfbccafjgggcpkbkjgpij":{"blacklist":true},"oghphhcagopecifjb lgdcfihjnlcbcfc":{"blacklist":true},"ogjbodghhojomghbdfnlkppdagkfjede":{"bl acklist":true},"oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blacklist":true},"oilfo kmpgejhjhecdjjpikloibggpenf":{"blacklist":true},"oimplfccampifgkgndlamabnkc ibkngc":{"blacklist":true},"ojglppmhgfohhfeinlhklglifnbfebak":{"blacklist": true},"ojmdhklabgbnnkkilmkcfcemdhognifc":{"blacklist":true},"omceiakkomngan gmllpgbjcoeloglald":{"blacklist":true},"omnicnmbagoinlpamknknbcgopadcoci":{ "blacklist":true},"oncmkbmjpjlihkpbohlpmjghiiogmoie":{"blacklist":true},"on fbaaifbbahonepmednhkjbhdgogkbl":{"blacklist":true},"onjaecbdddgibdijafoemfi achlbcgkj":{"blacklist":true},"onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklis t":true},"oocfbmollajebjjpkahmlnclfhkjijea":{"blacklist":true},"ookcgejbfhc mcanfkfmmmpahflnlajbl":{"blacklist":true},"oomelpjfeldbopnleifpjibbpekflhlg ":{"blacklist":true},"opnnngnphijodjhemhdafpnnpdjggofe":{"blacklist":true}, "pajgiddgjidlcajihkjoacjbplimkgfe":{"blacklist":true},"pbdgmppmccanplobanhf kjndjkmmabgk":{"blacklist":true},"pbekednmpdekknlffkiopooofokfmkla":{"black list":true},"pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true},"pbipaboe kjdfhkfifpkofbfnpbnlolji":{"blacklist":true},"pcaedgdgamlfffkfblocmakhgiegg oak":{"blacklist":true},"pcojpoljjgnicbhaffkiphphplijgbcc":{"blacklist":tru e},"pdhjoamffhjhlkiiminjhmihalkfjaee":{"blacklist":true},"peahabnpipmmfiajj jhgfggbeigbmbgp":{"blacklist":true},"peiijdmlgbelnnmnkighhkpeihmmamio":{"bl acklist":true},"pfaooklcbjnkgconjjepimkohgcjmdji":{"blacklist":true},"pfcel nbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true},"pfckhplmfbblecglndaigpojef idapai":{"blacklist":true},"pfgmgcnbngcnhjddppmnloflcidemopc":{"blacklist": true},"pfhlnanelpgjbhndafjamnpfhkjadoip":{"blacklist":true},"pfoiaildicnbcj ojocjlpcibenphhbln":{"blacklist":true},"pfonklmafadkmcedjlodommcoipgbcde":{ "blacklist":true},"pgelifedkjaohmjehecojkfldinjlamn":{"blacklist":true},"pg jpnfpidejcmjibaaohcmehfohacckf":{"blacklist":true},"pgldfhecfiofkhnbgcncepn kjkeoahlk":{"blacklist":true},"pgmfkblbflahhponhjmkcnpjinenhlnc":{"blacklis t":true},"pgmpnhbchhaningbkefchpdalnimjijd":{"blacklist":true},"phkpgooenao nkpnabopdbjjfmphclela":{"blacklist":true},"pihcfdffalbcnmbghijdfcaanagapelf ":{"blacklist":true},"pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true}, "pjgbfgdpkbfimabdalhjmmeeelbmkcac":{"blacklist":true},"pjkljhegncpnkpknbcoh dijeoejaedia":{"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"n","creation_flags":9,"from_bookmark":false,"from _webstore":true,"granted_permissions":{"api":["notifications"]},"install_time":"13010341664982883","lastpingday":"13013938795008299","loc ation":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQK BgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS 7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoeja edia\\7_0","state":1,"was_installed_by_default":false},"pjloefkigphblpjminn lpbhjchjafcfc":{"blacklist":true},"pkbbbncikcipejaiiiioboongndhmjgl":{"blac klist":true},"pkbkgagehkkoajkpgnmjegibihpalfdk":{"blacklist":true},"pkbkken demaimikinaefldfljliecapm":{"blacklist":true},"pkcbihpffghlanbclfmkegjmbijc pobj":{"blacklist":true},"pkdlpbfmpolnhligegklimbccminkioc":{"blacklist":tr ue},"pkhidkonipdjidjglnkfcfhnkfnlefbk":{"blacklist":true},"plfijddblbcdcnam mpdmfccchkbdekmm":{"blacklist":true},"pmbjemmaclljifpmnlagkcgpbcipdldb":{"b lacklist":true},"pnaaalnkbgjaphhmahecamecmaldknkc":{"blacklist":true},"pnai iipilbpcceggeanphcpkkihnojan":{"blacklist":true},"pndadpldhngimdmhnajebjldb mcbpjol":{"blacklist":true},"pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist" :true},"pnpfkfanlgljpkpilhgiimfadggfmhcd":{"blacklist":true},"pnpgiaejfbdap llkchhgchjpdbcpiooa":{"blacklist":true},"pobponmhkpmphbnfhpjdagklbkmjhked": {"blacklist":true},"ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true},"k ikeacjcceacohckgiajooneiabebfjj":{"blacklist":false},"glmfgahfleepmdfffonfc kpmkondpdkg":{"active_permissions":{"api":["bookmarks","history","management","storage","tabs","topSites","unlimitedSt orage"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/**"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"granted_p ermissions":{"api":["bookmarks","history","management","storage","tabs","topSites","unlimitedSt orage"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/**"]},"has_declarative_rules":false,"initial_keybindings_set":true,"install_tim e":"13016195577473212","location":1,"manifest":{"manifest_version":2,"name" :"Secure Speed Dial","version":"1.2.1","default_locale":"en","description":"The Ultimate Browser Speed Dial","homepage_url":"hxxp://www.websecuritykeeper.com/","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSW64gaanxBlwcYY68qbEkowyqVL EoSkb5SZMGVjLjYa6ox6mZnTj+PK12wukfZjlh1EFaEXuHSIttd3dg4eirZkBm2TukNr0gRswZK aA7LllgAAspbOKRuqM8hi7NkMoUBFmj4EvNOwrttkp1jEGsugD9mGUwvvUnSa4/E0z0ywIDAQAB","update_url":"hxxps://www.instair.net/extensions/instair_speeddial_chrome_update.xml","icons":{"16":"icon16.png","48":"icon4 8.png","128":"icon128.png"},"permissions":["webRequest","webRequestBlocking","tabs","hxxp://*/*","hxxps://*/*","chrome://favicon/","management","history","bookmarks","topSites","unlimitedStorage","storage "],"content_scripts":[{"run_at":"document_end","all_frames":false,"matches":["hxxp://www.google.com/cse?cx=014769746791310710274%3Aipbpdhvpzmc*"],"js":["js/content_append.js"]}],"web_accessible_resources":["cache/*"],"background":{"page":"background.html"},"chrome_url_overrides":{"newtab":" index.html"}},"path":"glmfgahfleepmdfffonfckpmkondpdkg\\1.2.1_0","state":1, "was_installed_by_default":false}},"sideload_wipeout_bubble_shown":3,"sidel oad_wipeout_done":true,"ui":{"developer_mode":true}},"google":{"services":{ "last_username":"mostakons@gmail.com","signin":{"CLIENT_LOGIN_STATUS":{"tim e":"Saturday, April 13, 2013 5:47:05 PM","value":"Successful"},"GET_USER_INFO_STATUS":{"time":"Saturday, April 13, 2013 5:47:06 PM","value":"Successful"},"LSID":"DQAAANEAAADD8lWa1IwzkLZcO2ku6EuYLJAD-S6Yv1plRapn2ydLW_pvuNeyzGTo2Q29sRKbGVdpHPTQyokYGB8YedhEReftnNiEsQVYoooR0ciz vS1nVDy_r7veeHcufNfoj88oqCGIZjxfUGSjYzQDF28PPmLC9LySYwC4S7Wio-s3Akngxhwel0CIC3QvI4xrONvdzAmyDcjhzCUaYD6IKjKN6LJIWnnM_alZ5F9FXGULh44UDnb3E 7YGXe4lHWhbo2eO2Zf4m_DkQ3g_YWwLq4q6bPog8SH6uRnHdP4kcS6xvQtzgQ","OAUTH_LOGIN _STATUS":{"time":"Saturday, April 13, 2013 5:47:05 PM","value":"Successful"},"SID":"DQAAANAAAADGCGZqvAC4FlSPkfVyeqfa_5OT104AsJ mAsg_Nuos_TIGE4sfZ5OPQpWQl_WR23dfkU0vkzI-L2MtGyWUU-OhvIl-bLXkGY9Bhq90Qsaqypds8vAIZUkgsSVGHkJaw3pnVQKSawPTAz7U6ynGejHXRomClLvQe45oGfV cLy7Acl9mWTIFYcRfthLvryfWNqP9B8X0-pFffnY0pz8deuMe6xT1CG7kpixUd2PXoYuTkF2AiC-nyVTNFCT8U0w7t46Bu6yY7SLaTJ3voawEnvawh","SIGNIN_TYPE":{"time":"Saturday, April 13, 2013 5:47:02 PM","value":"Signin with credentials"},"USERNAME":"mostakons@gmail.com","tokens":{"chromiumsync":{"s tatus":"Successful","time":"Saturday, April 13, 2013 5:47:06 PM","value":"DQAAANMAAAARvpaSPiO0tiyWgqVx0Bj3gRMS2H4bua1IiAQR3z6Fj0c44IPpzW DE57DYeIOszIdk-Wf3302u5M9y5asjrMc6VB_LUeH7zLEjHzuOxeDTQbvy5pRY9DxqziglOS-zO7kq3ELz1Vg4oc6THErxRUVBywcFxpwDueoGlKtRK1B2rcHd_Z0jdmRKcosIKnwdgL19xZewE2 Lh-copYdaz8YlAM0wLSBzW0JdTnQGpMqBl7K2SSMPkuZPTJT4go6wgi5pDsEFqJL5eqOhw_7i9xPPj pA7LHN-IboxxVpxgnndung"},"lso":{"status":"Successful","time":"Saturday, April 13, 2013 5:47:06 PM","value":"DQAAANMAAAARvpaSPiO0tiyWgqVx0Bj38FBxBEMwUQwCxj9BjE222gPJ1g_QzT JNw27dIo6aWGf5Qkteu6PwvMb-d_0K3cmF8wGvOH_nTTcbcKGiKIGnxzCDoeIijpp04Kbj8ZYSzYug44DUkpR19gJ5CWy4ctm--4r-aXgehh6LhymsF9tx6zQIKRCHtpMlr-Nacq7q1HwH9W_NOEXrH-ERLtSHo3PE7z6OF1_uYlttMwLmAeR4Cm1jQryvJI2puq4vOP7mLrHd98jaWe5rtvnxoyoUcR9Zk u-6dopiUNFQkUmBbUt-ew\n"},"mobilesync":{"status":"Successful","time":"Saturday, April 13, 2013 5:47:06 PM","value":"DQAAANIAAAARvpaSPiO0tiyWgqVx0Bj38FBxBEMwUQwCxj9BjE222gPJ1g_QzT JNw27dIo6aWGfN6qiCLw29VsONMs453FhUD3aYbLBFBYq0HmwzYtG8S6D4MwAPu-GNaa3ZENFMapQgnLhd3P4VPP7XfRMJgieXu-6Olm4GHKkZgY0PcjEEksGyd8w2rPwa29rA2b86qnTtSmMbI6HmXgk2qaXTe-4bh1rYiHEz6GbCVjCV0XCjBOEVoQRddLYc2jIzsQXCIQxHVQ8pP15P0nIvf67eF2-QXHkEFMqv6ptSQ01OxtQsyQ\n"},"oauth2LoginAccessToken":{"status":"Successful" ,"time":"Saturday, April 13, 2013 5:47:06 PM","value":"ya29.AHES6ZRkZv92OmnyYKKW0I83Snp0unfIQ1BsipkpN2Ie89Y"},"oauth2 LoginRefreshToken":{"status":"Successful","time":"Saturday, April 13, 2013 5:47:06 PM","value":"1/yE1DQkm5rHIxhfzRcx91zveLvsQhgbQcIrPs1hAWi-Y"}}},"username":"mostakons@gmail.com"}},"homepage":"hxxp://www.google.com","homepage_changed":true,"homepage_is_newtabpage":false,"ins tant":{"confirm_dialog_shown":true,"enabled":true},"invalidator":{"client_i d":"5VpFKKvRJbHjJxG+rJUavA==","invalidation_state":"CicKJQoGCgQIAxABEhIJ86V qNxBGMrURNUeJSsJvvJUaBwiBDBADGAESFDqX3pB0/hYDjiLBgeSVeM5kT6La","max_invalidation_versions":[{"max-version":"1365868069748000","name":"APP","payload":"W:ChfCt4645KQQLxpcmvIpm rzK088wLQh8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1369054630837000","name":"AUTOFILL","payload":"W:ChfCt4645KQQLxpW hkIZOxVDR6pOC4R9AhDMoIfayberwIYB","source":"1004"},{"max-version":"1365868457105000","name":"BOOKMARK","payload":"W:ChfCt4645KQQLxpW hkIZOxVDR0D1OAh8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1365868063250000","name":"DEVICE_INFO","payload":"W:ChfCt4645KQQL xpWhkIZOxVDR2j6LAh8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1348807383789000","name":"EXTENSION","payload":"W:ChfCt4645KQQLxp cmvIpmrzK0+1gYhZ0AhC365T2jI3dgmA=","source":"1004"},{"max-version":"1365174796018000","name":"NIGORI","payload":"W:ChfCt4645KQQLxpcmv IpmrzK07EliLV7AhC365T2jI3dgmA=","source":"1004"},{"max-version":"1366657572201000","name":"PASSWORD","payload":"W:ChfCt4645KQQLxpc mvIpmrzK0+PeSmZ8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1365948772747000","name":"PREFERENCE","payload":"W:ChfCt4645KQQLx pcmvIpmrzK01cKzBF8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1366132961078000","name":"SEARCH_ENGINE","payload":"W:ChfCt4645KQ QLxpcmvIpmrzK06kAwSd8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1369475730447000","name":"SESSION","payload":"W:ChfCt4645KQQLxpWh kIZOxVDR95BPrZ9AhD1+Zujlsa4wJ8B","source":"1004"},{"max-version":"1369475308679000","name":"TYPED_URL","payload":"W:ChfCt4645KQQLxp cmvIpmrzK04dhMbZ9AhD1+Zujlsa4wJ8B","source":"1004"}]},"net":{"hxxp_server_properties":{"servers":{"accounts.google.com.eg:443": {"settings":{"4":100},"supports_spdy":true},"accounts.google.com:443":{"set tings":{"4":100},"supports_spdy":true},"accounts.youtube.com:443":{"setting s":{"4":100},"supports_spdy":true},"ad-emea.doubleclick.net:443":{"supports_spdy":true},"ajax.googleapis.com:443": {"settings":{"4":100,"5":16,"6":21},"supports_spdy":true},"apis.google.com: 443":{"settings":{"4":100,"5":16,"6":11},"supports_spdy":true},"badge.faceb ook.com:443":{"supports_spdy":true},"chatenabled.mail.google.com:443":{"set tings":{"4":10},"supports_spdy":true},"clients1.google.com:443":{"settings" :{"4":100,"5":32,"6":0},"supports_spdy":true},"clients2.google.com:443":{"s ettings":{"4":100,"5":16,"6":9},"supports_spdy":true},"clients4.google.com: 443":{"settings":{"4":100},"supports_spdy":true},"csi.gstatic.com:443":{"se ttings":{"4":100,"5":16,"6":0},"supports_spdy":true},"docs.google.com:443": {"supports_spdy":true},"drive.google.com:443":{"supports_spdy":true},"encry pted-tbn0.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":tr ue},"encrypted-tbn1.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":tr ue},"encrypted-tbn2.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":tr ue},"fonts.googleapis.com:443":{"supports_spdy":true},"gmail.com:443":{"set tings":{"4":10},"supports_spdy":true},"googleads.g.doubleclick.net:443":{"s ettings":{"4":100,"5":16,"6":0},"supports_spdy":true},"gp4.googleuserconten t.com:443":{"supports_spdy":true},"gp5.googleusercontent.com:443":{"support s_spdy":true},"gp6.googleusercontent.com:443":{"supports_spdy":true},"html5 shiv.googlecode.com:443":{"supports_spdy":true},"i1.ytimg.com:443":{"suppor ts_spdy":true},"i2.ytimg.com:443":{"supports_spdy":true},"i4.ytimg.com:443" :{"supports_spdy":true},"id.google.com.eg:443":{"settings":{"4":100},"suppo rts_spdy":true},"lh3.googleusercontent.com:443":{"settings":{"4":100,"5":32 ,"6":0},"supports_spdy":true},"lh4.googleusercontent.com:443":{"supports_sp dy":true},"lh5.googleusercontent.com:443":{"supports_spdy":true},"lh6.googl eusercontent.com:443":{"settings":{"4":100,"5":2,"6":26},"supports_spdy":tr ue},"linkhelp.clients.google.com:443":{"supports_spdy":true},"mail-attachment.googleusercontent.com:443":{"settings":{"4":10},"supports_spdy": true},"mail.google.com:443":{"settings":{"4":10},"supports_spdy":true},"new s.google.com:443":{"supports_spdy":true},"p5-2pbuv3pypzyc2-iksbfdr4c3jrgryf-857219-i2-v6exp3-ds.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spd y":true},"p5-2pbuv3pypzyc2-iksbfdr4c3jrgryf-857219-s1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spd y":true},"p5-2prctz7e5to6k-hsgv24ru2zbqe74z-341828-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-2prctz7e5to6k-hsgv24ru2zbqe74z-341828-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-2prctz7e5to6k-hsgv24ru2zbqe74z-341828-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-4slodnnr25lb6-cmey5kuc75x4y7kn-783390-i2-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-5lieakwdzw42o-yf5gygvvexe5awhk-453922-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-5lieakwdzw42o-yf5gygvvexe5awhk-453922-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-5lieakwdzw42o-yf5gygvvexe5awhk-453922-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-acpikpbjm5xdc-7las2bxotgwvs5g4-688513-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-acpikpbjm5xdc-7las2bxotgwvs5g4-688513-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-acpikpbjm5xdc-7las2bxotgwvs5g4-688513-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-djlc4u4kgldv2-qowopwlzo4hxti2h-883273-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-djlc4u4kgldv2-qowopwlzo4hxti2h-883273-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-djlc4u4kgldv2-qowopwlzo4hxti2h-883273-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-djucxjhtcz3x6-moug3mwxs76yh6rk-494361-i1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spd y":true},"p5-djucxjhtcz3x6-moug3mwxs76yh6rk-494361-i2-v6exp3-ds.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spd y":true},"p5-djucxjhtcz3x6-moug3mwxs76yh6rk-494361-s1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spd y":true},"p5-dmcthqurkhcg4-salozt4msojxwe2m-579780-i2-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spd y":true},"p5-dvtpceywwaswe-jfn2spq2utaaor5b-353204-i2-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-dvtpceywwaswe-jfn2spq2utaaor5b-353204-s1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-eetefdxv4lrio-44y5rmszrg4svzo3-537814-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-eetefdxv4lrio-44y5rmszrg4svzo3-537814-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-iflsyctyrviuw-nminsfanhv2jny2j-359791-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-iflsyctyrviuw-nminsfanhv2jny2j-359791-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-ju3h3fll4bki4-y3tooki4f57zbrau-255993-i1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-ju3h3fll4bki4-y3tooki4f57zbrau-255993-i2-v6exp3-ds.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-kdhgjtrk7p4ke-u5i3ulhbhh3dk3bu-647089-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-kdhgjtrk7p4ke-u5i3ulhbhh3dk3bu-647089-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-l6fu4ushmuy4e-yjfkchafdw33ys43-826999-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-l6fu4ushmuy4e-yjfkchafdw33ys43-826999-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-l6fu4ushmuy4e-yjfkchafdw33ys43-826999-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-m36sedunxolqi-4iow3rjv3pt4nx3f-463735-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-m36sedunxolqi-4iow3rjv3pt4nx3f-463735-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-mghsapdzmrmc4-m7qfr4b5ixw4wjet-534445-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-mghsapdzmrmc4-m7qfr4b5ixw4wjet-534445-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-oy5gvnaytvnwy-6zgdspp27we5dggo-783978-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-oy5gvnaytvnwy-6zgdspp27we5dggo-783978-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-pa2ajiw5xxbwo-btsuypaznjodmekm-169947-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-pa2ajiw5xxbwo-btsuypaznjodmekm-169947-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-pa2ajiw5xxbwo-btsuypaznjodmekm-169947-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-qemd5jcxtxfk4-lybosmzxmb7c4cjn-406910-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-qemd5jcxtxfk4-lybosmzxmb7c4cjn-406910-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-qyvdundtx2nbg-ieew4w7uaqva25xj-308215-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-qyvdundtx2nbg-ieew4w7uaqva25xj-308215-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-qyvdundtx2nbg-ieew4w7uaqva25xj-308215-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-t5dpvd35q46us-gzzsemjn2dy6o2oe-140612-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-t5dpvd35q46us-gzzsemjn2dy6o2oe-140612-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-t5dpvd35q46us-gzzsemjn2dy6o2oe-140612-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-vdeu4gjuklz2m-cqqyjfe3acvfweqn-861098-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-vdeu4gjuklz2m-cqqyjfe3acvfweqn-861098-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-vdeu4gjuklz2m-cqqyjfe3acvfweqn-861098-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-vkljet3awdmwu-bw2kxekgehnwun4g-981383-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-vkljet3awdmwu-bw2kxekgehnwun4g-981383-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-vkljet3awdmwu-bw2kxekgehnwun4g-981383-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-x4v5ud2yvey4q-2aj25wjweqwwjqv7-487665-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-x4v5ud2yvey4q-2aj25wjweqwwjqv7-487665-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"pagead2.googleadservices .com:443":{"settings":{"4":100},"supports_spdy":true},"pagead2.googlesyndic ation.com:443":{"supports_spdy":true},"partner.googleadservices.com:443":{" supports_spdy":true},"pixel.facebook.com:443":{"supports_spdy":true},"plus. google.com:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true},"p lusone.google.com:443":{"settings":{"4":100,"5":4,"6":21},"supports_spdy":t rue},"profile-mszgatlg-sonar.xx.fbcdn.net:443":{"supports_spdy":true},"r.twimg.com:443":{"supports _spdy":true},"s.youtube.com:443":{"supports_spdy":true},"s.ytimg.com:443":{ "supports_spdy":true},"s2.youtube.com:443":{"supports_spdy":true},"securepu bads.g.doubleclick.net:443":{"supports_spdy":true},"ssl.google-analytics.com:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true} ,"ssl.gstatic.com:443":{"settings":{"4":100,"5":7,"6":12},"supports_spdy":t rue},"static.doubleclick.net:443":{"supports_spdy":true},"static.googleuser content.com:443":{"supports_spdy":true},"stats.g.doubleclick.net:443":{"set tings":{"4":100,"5":32,"6":0},"supports_spdy":true},"tpc.googlesyndication. com:443":{"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":tru e},"www.google-analytics.com:443":{"supports_spdy":true},"www.google.com.eg:443":{"setting s":{"4":100,"5":16},"supports_spdy":true},"www.google.com:443":{"settings": {"4":100,"5":16},"supports_spdy":true},"www.googleadservices.com:443":{"set tings":{"4":100,"5":16,"6":0},"supports_spdy":true},"www.googleapis.com:443 ":{"settings":{"4":100},"supports_spdy":true},"www.googletagmanager.com:443 ":{"supports_spdy":true},"www.gstatic.com:443":{"settings":{"4":100,"5":32, "6":0},"supports_spdy":true},"www.youtube-nocookie.com:443":{"supports_spdy":true},"www.youtube.com:443":{"supports_s pdy":true}},"version":1}},"ntp":{"app_page_names":["Apps"],"shown_page":2048},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl": true,"last_internal_directory":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64","migrated_to_pepper_flash ":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64\\PepperFlash\\pepflashplay er.dll","version":"11.6.602.180"},{"enabled":true,"name":"Chrome Remote Desktop Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Native Client","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64\\ppGoogleNaClPluginChrome. dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64\\pdf.dll","version":""},{" enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.1.33"},{"enabled":true, "name":"Microsoft Windows Media Player Firefox Plugin","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\np-mswmp.dll","version":"1.0.0.8"},{"enabled":true,"name":"Winamp Application Detector","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npwachk.dll","version":"5,6,3,3235"},{"enabled":true,"nam e":"Google Talk Plugin","path":"C:\\Users\\Konsowa\\AppData\\Roaming\\Mozilla\\plugins\\npg oogletalk.dll","version":"3.17.0.12440"},{"enabled":true,"name":"Google Talk Plugin Video Accelerator","path":"C:\\Users\\Konsowa\\AppData\\Roaming\\Mozilla\\plugins \\npgtpo3dautoplugin.dll","version":"0,1,44,24"},{"enabled":true,"name":"Go ogle Talk Plugin Video Renderer","path":"C:\\Users\\Konsowa\\AppData\\Roaming\\Mozilla\\plugins\\n po1d.dll","version":"3.17.0.12440"},{"enabled":true,"name":"Microsoft Office 2010","path":"C:\\PROGRA~2\\MIF5BA~1\\Office14\\NPSPWRAP.DLL","version":"14 .0.4761.1000"},{"enabled":true,"name":"AVG SiteSafety plugin","path":"C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\14.2.0\\\\npsitesafety.dll","version":"14, 2, 0, 1"},{"enabled":true,"name":"RIM Handheld Application Loader","path":"C:\\Program Files (x86)\\Common Files\\Research In Motion\\BBWebSLLauncher\\NPWebSLLauncher.dll","version":"7.1.0.22 (Release build by unknown)"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.135\\npGoogleUpdate3.dll","version":"1.3.21.1 35"},{"enabled":true,"name":"Java(TM) Platform SE 6 U39","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\plugin2\\npjp2.dll","version":"6.0.390.4"},{"enable d":true,"name":"Silverlight Plug-In","path":"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\npctrl.dll","version":"5.1.20125.0"},{"enabled":t rue,"name":"Pando Web Plugin","path":"C:\\Program Files (x86)\\Pando Networks\\Media Booster\\npPandoWebPlugin.dll","version":"2.3.3.8"},{"enabled":true,"name": "TVU Web Player for FireFox","path":"C:\\Program Files (x86)\\TVUPlayer\\npTVUAx.dll","version":"2.5.3.1"},{"enabled":true,"name": "Veetle TV Player","path":"C:\\Program Files (x86)\\Veetle\\Player\\npvlc.dll","version":"0.9.18"},{"enabled":true,"name ":"Veetle Broadcaster Plugin","path":"C:\\Program Files (x86)\\Veetle\\VLCBroadcast\\npvbp.dll","version":"0.9.18"},{"enabled":true ,"name":"Veetle TV Core","path":"C:\\Program Files (x86)\\Veetle\\plugins\\npVeetle.dll","version":"0.9.19"},{"enabled":true," name":"WEBZEN Browser Extension","path":"C:\\Program Files (x86)\\WEBZEN\\BrowserExtension\\NPWZCmnCtrl.dll","version":"0.9.4.0"},{"en abled":true,"name":"iTunes Application Detector","path":"C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"Nexon Game Controller","path":"C:\\ProgramData\\NexonEU\\NGM\\npNxGameeu.dll","version ":"1, 0, 1, 2"},{"enabled":true,"name":"Nexon Game Controller","path":"C:\\ProgramData\\NexonUS\\NGM\\npNxGameUS.dll","version ":"1, 0, 1, 2"},{"enabled":true,"name":"Unity Player","path":"C:\\Users\\Konsowa\\AppData\\LocalLow\\Unity\\WebPlayer\\lo ader\\npUnity3D32.dll","version":"4.0.0.62010"},{"enabled":true,"name":"Kal ydo Player Plugin for Mozilla","path":"C:\\Users\\Konsowa\\AppData\\Roaming\\Kalydo\\KalydoPlayer \\bin\\npkalydo.dll","version":"4, 01, 00, 5"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_2_202_233 .dll","version":"11,2,202,233"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.390.4","path":"C:\\Windows\\SysWOW64\\npdeployJava1.dll","version":"6.0 .390.4"},{"enabled":true,"name":"AVG SiteSafety plugin"},{"enabled":true,"name":"Adobe Flash Player"},{"enabled":false,"name":"Adobe Reader"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Chrome Remote Desktop Viewer"},{"enabled":true,"name":"Google Talk"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Java(TM)"},{"enabled":true,"name":"Kalydo Player Plugin for Mozilla"},{"enabled":true,"name":"Microsoft Office"},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Nexon Game Controller"},{"enabled":true,"name":"Pando Web Plugin"},{"enabled":true,"name":"RIM Handheld Application Loader"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"TVU Web Player for FireFox"},{"enabled":true,"name":"Unity Player"},{"enabled":true,"name":"Veetle Broadcaster Plugin"},{"enabled":true,"name":"Veetle TV Core"},{"enabled":true,"name":"Veetle TV Player"},{"enabled":true,"name":"WEBZEN Browser Extension"},{"enabled":true,"name":"Winamp Application Detector"},{"enabled":true,"name":"Windows Media Player"},{"enabled":true,"name":"iTunes Application Detector"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated": true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}},"\u005b*. \u005dguidedhacking.com,*":{"popups":1},"\u005b*.\u005dwww.elitepvpers.com, *":{"popups":1},"\u005b*.\u005dwww.youtube.com,*":{"fullscreen":1},"hxxp ://192.168.2.1,*":{"popups":1},"hxxps://\u005b*.\u005dstudent.uwo.ca:443,*":{"popups":1}},"plugin_whitelist":{"npsi tesafety":{"dll":true}},"pref_version":1},"exit_type":"Crashed","exited_cle anly":true,"is_managed":false,"name":"First user","per_host_zoom_levels":{"www.youtube.com":1.223901033401490}},"revers e_autologin":{"enabled":false},"selectfile":{"last_directory":"C:\\Users\\K onsowa\\Desktop\\Skool"},"session":{"restore_on_startup":1,"restore_on_star tup_migrated":true,["hxxp://www.google.com","hxxp://searchfunmoods.com/?f=1&a=nv2&cd=2XzuyEtN2Y1L1QzutCyE0D0A0EzyyCzz0CyDtC0F0F0AtB0CtN0D0Tzu0CyEy CtCtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=1263485266&ir=","hxxp://www.alnaddy.com/?afltid=wbpk"]},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Search Engines","Sessions","Apps","App settings","Extension settings","App Notifications","Dictionary","Encryption keys"],"app_notifications":true,"app_settings":true,"apps":true,"autofill":true," autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_boots trap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABvuJyUBq5Uiao4JdBe5VaQAAAAACAAAAAAAQZgAAAAEAACAAAACyoOVYiMx4QEgVQK BPMzpNehqSWjCBtTcTXIAcsvGybwAAAAAOgAAAAAIAACAAAAA/eJ/dMP4wh3hMhADcNNm/9+H74BSc1C83gbUwcnYXX0AAAADRsXYl+FhQKdKYgrTpA7QlKHLN1qzcMbK9WJJLAEQdcT60kEO Ra8YE9aEMu5V5iWZTjBYewbV3f+SLF1eRdbY1QAAAAB4HwdQ54Dc6+lBGrkTvCCC/AO+i50DVObflv7K+1u5Ad8p2V2fplkf161lCAhXxEAyy4DwuCHngj9n+3/2j9uw=","extension_settings":true,"extensions":true,"has_setup_completed":t rue,"keep_everything_synced":true,"keystore_encryption_bootstrap_token":"AQ AAANCMnd8BFdERjHoAwE/Cl+sBAAAABvuJyUBq5Uiao4JdBe5VaQAAAAACAAAAAAAQZgAAAAEAACAAAAD4fzsEGMTauUKmpS e8zatPUDApgqR3eIOVyBBVKC8pqQAAAAAOgAAAAAIAACAAAAD6nmzk+LA6OIN1eU7RnOHZNmimr fQnCR1WcRpw5caNZ1AAAADDjdo+l0pj3kWC8bDfq7lxPhhffLHY0EhSbcTnyl99ZPliLHb2V9dO GuH4+LezY7nHhqpuxga4hP+qLAfnspLOeqGT8rTHEmlIdegVhVB0nEAAAAAwbvRr9b1oEL+hrx/gVNdm8vUurSVfGodtyGJkqx9+nQI3bRvMOu0dxV++syIzW0/7R1mJ0ReYgZUTN0vgvxKK","last_synced_time":"13013950877479222","passwords":t rue,"preferences":true,"search_engines":true,"session_sync_guid":"session_s ync5VpFKKvRJbHjJxG+rJUavA==","sessions":true,"suppress_start":false,"themes ":true,"typed_urls":true},"sync_promo":{"user_skipped":true},"translate_acc epted_count":{"ar":0,"de":5,"es":4,"fr":3,"it":2,"ko":1,"pl":3,"ru":5,"vi": 1,"zh-CN":1},"translate_denied_count":{"ar":2,"de":0,"es":0,"fr":0,"it":0,"ko":0, "pl":0,"ru":0,"vi":0,"zh-CN":0},"translate_whitelists":{"de":"en"}}

*************************

AdwCleaner[R1].txt - [90934 octets] - [21/07/2013 16:05:08]

########## EOF - C:\AdwCleaner[R1].txt - [90995 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,448 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jul-2013, 10:26 AM #4
OK next step

Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt

tell us if you are still having any problems after this
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
konsowa's Avatar
konsowa konsowa is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2013
21-Jul-2013, 10:41 AM #5
# AdwCleaner v2.306 - Logfile created 07/21/2013 at 16:32:07
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Konsowa - KONSOWAZ-PC
# Boot Mode : Normal
# Running from : C:\Users\Konsowa\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Konsowa\AppData\Local\funmoods-speeddial_sf.crx
File Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Folder Deleted : C:\Program Files (x86)\BrowserCompanion
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files (x86)\Funmoods
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\BrouwsEe2save
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrouwsEe2save
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Konsowa\AppData\Local\APN
Folder Deleted : C:\Users\Konsowa\AppData\Local\Babylon
Folder Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Konsowa\AppData\Local\PackageAware
Folder Deleted : C:\Users\Konsowa\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Konsowa\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Konsowa\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Konsowa\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~2\sprote~1.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchn okgfpphh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiaf dgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F31 65C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Browse rCompanion
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoo ds
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\67zcrcqj.default-1374416997754\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : urls_to_restore_on_startup ={"backup":{"session":{["hxxp://www.google.com","hxxp://searchfunmoods.c[...]

*************************

AdwCleaner[R1].txt - [91013 octets] - [21/07/2013 16:05:08]
AdwCleaner[S1].txt - [12347 octets] - [21/07/2013 16:32:07]

########## EOF - C:\AdwCleaner[S1].txt - [12408 octets] ##########

Thanks, ill report if i have any more problems
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,448 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jul-2013, 11:27 AM #6
let us know how it is, there might still be other problems
konsowa's Avatar
konsowa konsowa is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2013
25-Jul-2013, 03:41 PM #7
So after a few days i noticed that things are much better but the ram usage keeps increasing with time even though there are fewer processes now and when i restart the pc everything goes back to normal.
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,448 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
25-Jul-2013, 04:03 PM #8
ok Next step please

follow advice here and post the logs those programs make
konsowa's Avatar
konsowa konsowa is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2013
25-Jul-2013, 04:24 PM #9
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:05 PM, on 7/25/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\skype.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\Konsowa\Downloads\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alnaddy.com/?afltid=wbpk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
O3 - Toolbar: Alnaddy.com Toolbar - {CD3AED25-23AB-4543-B915-159449C37197} - C:\Program Files (x86)\Alnaddy.com\alnaddyToolbar\1.6.9.16\alnaddyToolbarTlbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [cdloader] "C:\Users\Konsowa\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Free YouTube Download - C:\Users\Konsowa\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.ht m
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CFCBFF4-A3BE-4BCD-B59C-BC570DDDC709}: NameServer = 213.131.65.20 213.131.66.246
O17 - HKLM\System\CCS\Services\Tcpip\..\{44BAA6BC-7532-4FA6-9738-AB5E49198948}: NameServer = 213.131.65.20 213.131.66.246
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2FA0FE3-82C5-4AFD-8D28-4B1DF6B14762}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{D99268AF-4CBF-4C65-9C2B-146A58A9BB5C}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\users\konsowa\desktop\newfol~1\bin\detour.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Xamarin Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
O23 - Service: DTSAudioService - DTS - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

--
End of file - 12078 bytes
konsowa's Avatar
konsowa konsowa is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2013
25-Jul-2013, 04:26 PM #10
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Konsowa at 22:21:15 on 2013-07-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5490 [GMT 2:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\skype.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Konsowa\Downloads\HijackThis(1).exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
uProxyOverride = 127.0.0.1:9421;<local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Secure Speed Dial: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
TB: Alnaddy.com Toolbar: {CD3AED25-23AB-4543-B915-159449C37197} - C:\Program Files (x86)\Alnaddy.com\alnaddyToolbar\1.6.9.16\alnaddyToolbarTlbr.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\skype.exe" /minimized /regrun
uRun: [cdloader] "C:\Users\Konsowa\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\Konsowa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \Dropbox.lnk - C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:177
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Free YouTube Download - C:\Users\Konsowa\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.ht m
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: NameServer = 192.168.1.1 192.168.2.1
TCP: Interfaces\{1CFCBFF4-A3BE-4BCD-B59C-BC570DDDC709} : NameServer = 213.131.65.20 213.131.66.246
TCP: Interfaces\{1CFCBFF4-A3BE-4BCD-B59C-BC570DDDC709} : DHCPNameServer = 213.131.65.20 213.131.66.246
TCP: Interfaces\{38F75A8C-A838-4DA8-BD0C-9D616176C2BC} : DHCPNameServer = 192.168.1.1 192.168.2.1
TCP: Interfaces\{38F75A8C-A838-4DA8-BD0C-9D616176C2BC}\B4F6E637F67716 : DHCPNameServer = 213.131.65.20 213.131.66.246
TCP: Interfaces\{38F75A8C-A838-4DA8-BD0C-9D616176C2BC}\D4F62696E696C6027596D264960243739373 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{44BAA6BC-7532-4FA6-9738-AB5E49198948} : NameServer = 213.131.65.20 213.131.66.246
TCP: Interfaces\{B6EC4919-7F91-4384-917A-2E0264408775} : DHCPNameServer = 213.131.65.20 213.131.66.246
TCP: Interfaces\{C2FA0FE3-82C5-4AFD-8D28-4B1DF6B14762} : NameServer =
TCP: Interfaces\{D99268AF-4CBF-4C65-9C2B-146A58A9BB5C} : NameServer = 8.8.8.8,8.8.4.4
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\users\konsowa\desktop\newfol~1\bin\detour.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORDTSUPTBT
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Handler: AutorunsDisabled - <Clsid value has no data>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\67zcrcqj.default-1374416997754\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\Users\Konsowa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Konsowa\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-19 23:48; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-20 04:14; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn
FF - ExtSQL: 2013-07-21 03:34; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-17 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-15 1393240]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-17 169048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-21 279616]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130724.001\IDSviA64.sys [2013-7-25 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-17 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-17 433752]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-4-5 65024]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-11-18 21992]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-11-18 210024]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DataCardService\ HWDeviceService64.exe [2011-3-14 346976]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-18 13592]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-7-17 144368]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-7-17 132056]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-4 4153184]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2012-8-24 20512]
R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2008-7-29 1075712]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-7-18 138912]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-7-13 66728]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenu m.sys [2013-1-31 90112]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-18 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-1-31 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbe numfilter.sys [2013-1-31 13952]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-3-27 1431888]
S3 Gun;Gun;D:\SoftnyxGame\GunboundIS\Gun64.sys [2012-5-30 45176]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-1-31 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sy s [2013-1-31 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2013-1-31 238080]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;C:\Windows\System32\drivers\tinspusb.sys [2012-6-11 142848]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-7-21 14544]
S3 wolf;wolf;C:\Game\SoftnyxGame\WolfTeamIS\wolf64.sys [2012-6-13 40056]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 Apache2.2;Apache2.2;C:\xampplite\apache\bin\httpd.exe [2012-8-22 29416]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-26 8704]
S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
S4 Mobinil USB Modem. RunOuc;Mobinil USB Modem. OUC;C:\Program Files (x86)\Mobinil USB Modem\UpdateDog\ouc.exe [2013-1-31 655712]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 PhontonDashboardService;Photon dashboard service;C:\Users\Konsowa\Documents\Photon\deploy\bin_Tools\dashboard\Photon Dashboard.exe [2012-10-25 18432]
S4 Photon Socket Server: Default;Photon Socket Server: Default;C:\Users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocketServ er.exe [2012-10-25 7012352]
S4 Photon Socket Server: LoadBalancing;Photon Socket Server: LoadBalancing;C:\Users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSock etServer.exe [2012-10-25 7012352]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-7-21 2222928]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\updater.exe [2013-7-19 161384]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\UnityDevelop.exe="C:\Program Files\UnityDevelop\UnityDevelop.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-07-23 11:46:21 -------- d-----w- C:\Program Files (x86)\XoftSpy
2013-07-22 11:03:38 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-07-22 11:03:38 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-07-22 11:03:38 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2013-07-21 14:46:06 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-21 14:46:06 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-21 13:22:25 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2013-07-21 01:45:33 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-07-21 01:45:33 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-07-20 23:52:06 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-20 23:31:59 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\PC Cleaners
2013-07-20 23:31:51 4728712 ----a-w- C:\Windows\uninst.exe
2013-07-20 23:31:50 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\PCPro
2013-07-20 23:31:50 -------- d-----w- C:\ProgramData\PC1Data
2013-07-20 23:29:18 -------- d-----w- C:\ProgramData\PC Registry Cleaner
2013-07-20 23:07:46 -------- d-----w- C:\Users\Konsowa\AppData\Local\Razer
2013-07-20 23:07:44 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\Vtools
2013-07-20 23:07:42 -------- d-----w- C:\Program Files (x86)\Vtools
2013-07-20 23:07:11 -------- d-----w- C:\Program Files (x86)\Secure Speed Dial
2013-07-20 01:23:36 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-07-20 01:23:35 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-07-20 01:23:35 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-07-20 01:23:35 111448 ----a-w- C:\Windows\System32\consent.exe
2013-07-20 01:20:15 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-07-20 01:20:15 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-07-20 01:15:32 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-20 01:01:43 -------- d-----w- C:\Users\Konsowa\AppData\Local\YavSoft
2013-07-20 01:01:42 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\Flash Jigsaw Producer
2013-07-20 01:01:00 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-20 00:55:32 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-20 00:55:32 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-20 00:26:05 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-20 00:26:05 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-07-20 00:26:05 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-07-20 00:12:05 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-20 00:12:05 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-20 00:12:05 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-20 00:12:05 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-20 00:12:05 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-20 00:12:05 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-20 00:12:05 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-20 00:01:15 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-20 00:01:15 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-20 00:00:51 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-20 00:00:51 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 23:49:52 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-07-19 23:49:52 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-07-19 23:38:31 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-07-19 23:38:31 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-07-19 23:26:52 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-07-19 23:26:52 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-19 23:26:52 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-19 23:26:52 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-07-19 23:26:52 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-19 23:26:51 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-07-19 23:26:51 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-07-19 23:26:51 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-19 23:26:51 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-19 23:26:51 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-19 22:05:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-19 22:04:05 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-07-19 22:04:05 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-07-19 22:04:05 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-07-19 22:03:50 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-07-19 22:03:50 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-07-19 22:03:50 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-07-19 22:03:48 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-07-19 22:03:47 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-07-19 22:03:45 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-07-19 22:03:45 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-19 22:03:45 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-19 22:03:44 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-19 22:03:44 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-07-19 22:03:44 112640 ----a-w- C:\Windows\System32\smss.exe
2013-07-18 16:37:52 -------- d-----w- C:\Program Files (x86)\ArtGem
2013-07-17 23:29:37 -------- d-----w- C:\N360_BACKUP
2013-07-17 16:04:11 796760 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys
2013-07-17 16:04:11 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys
2013-07-17 16:04:11 433752 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys
2013-07-17 16:04:11 36952 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtspx64.sys
2013-07-17 16:04:11 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\symelam.sys
2013-07-17 16:04:11 224416 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys
2013-07-17 16:04:11 169048 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys
2013-07-17 16:04:11 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys
2013-07-17 16:03:56 -------- d-----w- C:\Windows\System32\drivers\N360x64\1404000.028
2013-07-17 11:53:00 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-07-17 11:51:38 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-17 11:51:38 -------- d-----w- C:\Program Files\Symantec
2013-07-17 11:51:38 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-07-17 11:51:10 -------- d-----w- C:\Windows\System32\drivers\N360x64
2013-07-17 11:51:09 -------- d-----w- C:\Program Files (x86)\Norton 360
2013-07-17 11:47:16 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\TuneUp Software
2013-07-17 11:44:17 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-07-17 11:35:03 -------- d-----w- C:\ProgramData\NortonInstaller
2013-07-17 11:35:03 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-07-17 01:45:03 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup 3.0
2013-07-17 01:44:30 -------- d-----w- C:\ProgramData\Norton
2013-07-17 01:36:11 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\PCCUStubInstaller
2013-07-17 01:31:20 -------- d-----w- C:\ProgramData\StarApp
2013-07-13 19:04:01 2562208 ----a-w- C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-07-13 18:55:17 -------- d-----w- C:\Program Files\Application Verifier
2013-07-13 18:55:17 -------- d-----w- C:\Program Files (x86)\Application Verifier
2013-07-13 18:55:16 -------- d-----w- C:\ProgramData\Windows App Certification Kit
2013-07-13 18:53:04 -------- d-----w- C:\Program Files (x86)\Microsoft Web Tools
2013-07-13 18:52:51 -------- d-----w- C:\Program Files\Microsoft
2013-07-13 18:52:30 -------- d-----w- C:\Program Files (x86)\IIS Express
2013-07-13 18:52:29 -------- d-----w- C:\Program Files\IIS Express
2013-07-13 18:51:56 -------- d-----w- C:\Program Files (x86)\NuGet
2013-07-13 18:51:51 -------- d-----w- C:\Program Files (x86)\Microsoft WCF Data Services
2013-07-13 18:42:14 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2013-07-13 18:34:55 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-07-13 18:33:25 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-07-12 21:50:05 8610696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-07-12 21:15:26 -------- d-----w- C:\Users\Konsowa\AppData\Local\{F37829FD-8E56-4B32-8FBE-696D34CA00F3}
2013-07-12 20:45:31 -------- d-----w- C:\Users\Konsowa\AppData\Local\{A5DC2401-8272-45BB-A258-9D9FA9C765D9}
2013-07-12 12:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 12:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-07 16:29:41 4249600 ----a-w- C:\Program Files (x86)\GUT3543.tmp
2013-07-07 16:29:41 -------- d-----w- C:\Program Files (x86)\GUM3542.tmp
2013-07-07 16:22:29 -------- d-----w- C:\Users\Konsowa\AppData\Local\{37A38914-C56D-425C-A77C-50026A17EEFB}
.
==================== Find3M ====================
.
2013-07-20 23:52:06 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-19 22:05:48 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-07-19 22:05:48 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-15 23:43:33 95247 ----a-w- C:\Windows\PixtopianBook Uninstaller.exe
2013-07-12 21:50:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-12 21:50:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 08:32:04 2274480 ----a-w- C:\Windows\System32\coin94.dll
2013-05-01 21:55:26 61304 ----a-w- C:\Users\Konsowa\g2mdlhlpx.exe
.
============= FINISH: 22:22:50.96 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,448 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
25-Jul-2013, 04:41 PM #11
Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Please download and run WVCheck.
  • Double-click WVCheck.exe.
  • As indicated by the prompt, this program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the Notepad file as a reply.
konsowa's Avatar
konsowa konsowa is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2013
25-Jul-2013, 05:03 PM #12
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-25 23:01:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.05.0 931.51GB
Running: 0zrw6lbn.exe; Driver: C:\Users\Konsowa\AppData\Local\Temp\uwlorkoc.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000123e00 7 bytes [00, A3, F3, FF, 01, AF, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000123e08 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\svchost.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
.text C:\Windows\SysWOW64\svchost.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
.text ... * 2
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 00000001003f091c
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 00000001003f0048
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001003f02ee
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001003f04b2
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001003f09fe
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 00000001003f0ae0
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 00000001003f012a
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 00000001003f0758
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 00000001003f0676
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001003f03d0
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 00000001003f0594
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 00000001003f083a
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 00000001003f020c
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 00000001003f0f52
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100420210
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100420048
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a77a9d1}
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 00000001003f0ca6
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001004203d8
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010042012c
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001004202f4
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 00000001003f0e6e
.text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010042059e
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010023091c
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100230048
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002302ee
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002304b2
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002309fe
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100230ae0
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010023012a
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100230758
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100230676
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002303d0
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100230594
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010023083a
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010023020c
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073301a22 2 bytes [30, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073301ad0 2 bytes [30, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073301b08 2 bytes [30, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073301bba 2 bytes [30, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073301bda 2 bytes [30, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100230f52
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100240210
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100240048
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a59a9d1}
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100230ca6
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002403d8
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010024012c
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002402f4
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100230e6e
.text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010024059e
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010028091c
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100280048
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002802ee
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002804b2
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002809fe
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100280ae0
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010028012a
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100280758
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100280676
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002803d0
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100280594
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010028083a
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010028020c
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073301a22 2 bytes [30, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073301ad0 2 bytes [30, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073301b08 2 bytes [30, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073301bba 2 bytes [30, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073301bda 2 bytes [30, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100280f52
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100290210
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100290048
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a5ea9d1}
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100280ca6
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002903d8
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010029012c
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002902f4
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100280e6e
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010029059e
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
.text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
.text ... * 2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010010091c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100100048
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001001002ee
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001001004b2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001001009fe
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100100ae0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010010012a
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100100758
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100100676
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001001003d0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100100594
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010010083a
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010010020c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010011059e
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100100f52
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100110210
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100110048
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a46a9d1}
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100100ca6
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001001103d8
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010011012c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001001102f4
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a46a9d1}
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001001104bc
? C:\Windows\system32\mssprxy.dll [2916] entry point in ".rdata" section 00000000675971e6
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010028091c
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100280048
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002802ee
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002804b2
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002809fe
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100280ae0
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010028012a
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100280758
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100280676
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002803d0
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100280594
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010028083a
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010028020c
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010029059e
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100280f52
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100290210
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100290048
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a5ea9d1}
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100280ca6
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002903d8
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010029012c
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002902f4
.text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010024091c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100240048
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002402ee
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002404b2
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002409fe
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100240ae0
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010024012a
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100240758
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100240676
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002403d0
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100240594
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010024083a
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010024020c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 0000000100240bc2
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100250048
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 00000001002502f4
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 7 bytes JMP 000000010025012c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100240d88
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002504bc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 0000000100250210
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002503d8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100240f50
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010028091c
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100280048
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002802ee
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002804b2
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002809fe
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100280ae0
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010028012a
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100280758
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100280676
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002803d0
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100280594
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010028083a
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010028020c
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001003104bc
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100280f52
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100310210
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100310048
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a66a9d1}
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100280ca6
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001003103d8
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010031012c
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001003102f4
.text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010038091c
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100380048
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001003802ee
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001003804b2
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001003809fe
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100380ae0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010038012a
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100380758
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100380676
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001003803d0
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100380594
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010038083a
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010038020c
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010039059e
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100380f52
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100390210
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100390048
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a6ea9d1}
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100380ca6
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001003903d8
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010039012c
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001003902f4
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100380e6e
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 0000000100090bc2
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 00000001000a0048
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100090d88
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001000a04bc
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100090f50
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
.text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
.text ... * 2
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010024091c
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100240048
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002402ee
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002404b2
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002409fe
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100240ae0
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010024012a
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100240758
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100240676
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002403d0
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100240594
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010024083a
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010024020c
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001002504bc
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100240f52
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100250210
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100250048
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a5aa9d1}
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100240ca6
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002503d8
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010025012c
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002502f4
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100240e6e
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
.text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
.text ... * 2
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010027091c
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100270048
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002702ee
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002704b2
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002709fe
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100270ae0
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010027012a
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100270758
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100270676
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002703d0
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100270594
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010027083a
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010027020c
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010028059e
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100270f52
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100280210
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100280048
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a5da9d1}
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100270ca6
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002803d8
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010028012c
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002802f4
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100270e6e
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
.text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
.text ... * 2
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010008091c
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100080048
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001000802ee
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001000804b2
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001000809fe
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100080ae0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010008012a
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100080758
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100080676
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001000803d0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100080594
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010008083a
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010008020c
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100080f52
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100090210
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100090048
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a3ea9d1}
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100080ca6
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001000903d8
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010009012c
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001000902f4
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100080e6e
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001000a04bc
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a3fa9d1}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100090e6e
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010014091c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100140048
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001001402ee
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001001404b2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001001409fe
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100140ae0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010014012a
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100140758
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100140676
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001001403d0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100140594
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010014083a
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010014020c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100140f52
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100150210
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100150048
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a4aa9d1}
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100140ca6
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001001503d8
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010015012c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001001502f4
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100140e6e
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001001504bc
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a46a9d1}
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001001104bc
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010027091c
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100270048
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002702ee
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002704b2
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002709fe
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100270ae0
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010027012a
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100270758
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100270676
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002703d0
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100270594
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010027083a
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010027020c
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001003004bc
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100270f52
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100300210
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100300048
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a65a9d1}
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100270ca6
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001003003d8
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010030012c
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001003002f4
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100270e6e
? C:\Windows\system32\mssprxy.dll [2560] entry point in ".rdata" section 00000000675971e6
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
.text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
.text ... * 2
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010028091c
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100280048
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002802ee
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002804b2
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002809fe
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100280ae0
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010028012a
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100280758
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100280676
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002803d0
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100280594
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010028083a
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010028020c
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100280f52
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100290210
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100290048
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a5ea9d1}
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100280ca6
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002903d8
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010029012c
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002902f4
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100280e6e
.text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001002904bc

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3036:4056] 000007fee3ac838c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3036:1028] 000007fee5a4c680
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2552:5660] 000007fee5a4c680
---- Processes - GMER 2.1 ----

Library C:\Users\Konsowa\AppData\Local\Temp\nsyD2C.tmp\System.dll (*** suspicious ***) @ C:\Users\Konsowa\Downloads\dds.scr [3268] 0000000002010000
Library C:\Users\Konsowa\AppData\Local\Temp\nsyD2C.tmp\Banner.dll (*** suspicious ***) @ C:\Users\Konsowa\Downloads\dds.scr [3268] 0000000003270000
Library C:\Users\Konsowa\AppData\Local\Temp\nsyD2C.tmp\nsExec.dll (*** suspicious ***) @ C:\Users\Konsowa\Downloads\dds.scr [3268] 0000000003640000
Library C:\Users\Konsowa\AppData\Local\Temp\nsyD2C.tmp\PEV.DAT (*** suspicious ***) @ C:\Users\Konsowa\AppData\Local\Temp\nsyD2C.tmp\PEV.DAT [7596] 0000000000c70000

---- EOF - GMER 2.1 ----

MGA
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-R8R9M-234F7-9J8DY
Windows Product Key Hash: w3knYSsbc+SoRkqh1A5XvvR2uJM=
Windows Product ID: 00359-113-8412213-85019
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {8CCF2DAC-73C3-4C24-B109-209434E31F88}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{8CCF2DAC-73C3-4C24-B109-209434E31F88}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9J8DY</PKey><PID>00359-113-8412213-85019</PID><PIDType>5</PIDType><SID>S-1-5-21-3920387077-942025914-700066375</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0713</Version><SMBIOSVersion major="2" minor="6"/><Date>20110510000000.000000+000</Date></BIOS><HWID>0BEC3C07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Egypt Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-113-841221-00-1033-7601.0000-0012005
Installation ID: 008665101713734981008381797960299701962622802532653501
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 9J8DY
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 7/25/2013 11:02:14 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:13:2013 09:56
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAIAAQABAAEAAAADAAAABAABAAEAln2qQ3cWVlEaXfaqWH1iPcxFBumQTXJ3coq+QS5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
konsowa's Avatar
konsowa konsowa is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2013
25-Jul-2013, 05:09 PM #13
Windows Validation Check
Version: 1.9.12.5
Log Created On: 2304_25-07-2013
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
-----------------------
Last Success Time for Update Detection: 2013-07-25 02:04:52
Last Success Time for Update Download: 2013-07-23 11:00:41
Last Success Time for Update Installation: 2013-07-22 11:02:29


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Program Files (x86)\Microsoft DirectX 9.0 SDK (Summer 2004)\Samples\C++\DirectShow\Bin\Watermark.exe
Size: 114688 bytes
Creation; 9/7/2004 8:28:10
Modification; 9/7/2004 8:28:10
MD5; 3a90542d5f881964bb60a48cf9ed88be
Matched: watermark.exe
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 21/11/2010 5:23:48
Modification; 21/11/2010 5:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 21/11/2010 5:23:48
Modification; 21/11/2010 5:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 21/11/2010 5:24:21
Modification; 21/11/2010 5:24:21
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 21/11/2010 5:23:48
Modification; 21/11/2010 5:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 2307_25-07-2013 --------
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,448 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
25-Jul-2013, 08:06 PM #14
nothing definitely wrong there, but a few suspicious entries so
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
konsowa's Avatar
konsowa konsowa is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2013
26-Jul-2013, 08:40 AM #15
ComboFix 13-07-25.02 - Konsowa 07/26/2013 14:26:28.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5241 [GMT 2:00]
Running from: c:\users\Konsowa\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files (x86)\P2Pcontrol
c:\program files (x86)\P2Pcontrol\config\nodes.dat
c:\program files (x86)\P2Pcontrol\data
c:\program files (x86)\P2Pcontrol\P2Pcontrol.url
c:\program files (x86)\P2Pcontrol\P2Pcontrol_claim.url
c:\program files (x86)\P2Pcontrol\uninst.exe
c:\users\Konsowa\AppData\Local\assembly\tmp
c:\users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Pcontrol
c:\users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Pcontrol\Claim money.lnk
c:\users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Pcontrol\P2Pcontrol website.lnk
c:\users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Pcontrol\Uninstall.lnk
c:\users\Konsowa\g2mdlhlpx.exe
c:\windows\SysWow64\DannyComObjects.dll
c:\windows\SysWow64\DannyHelper.dll
c:\windows\SysWow64\Eziriz.bin
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\UNWISE.EXE
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-06-26 to 2013-07-26 )))))))))))))))))))))))))))))))
.
.
2013-07-26 12:36 . 2013-07-26 12:36 -------- d-----w- c:\users\unitysrv\AppData\Local\temp
2013-07-26 12:36 . 2013-07-26 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-25 21:02 . 2013-07-25 21:02 -------- d-----w- C:\MGADiagToolOutput
2013-07-25 21:02 . 2013-07-25 21:02 -------- d-----w- c:\programdata\Office Genuine Advantage
2013-07-23 11:46 . 2013-07-23 12:02 -------- d-----w- c:\program files (x86)\XoftSpy
2013-07-22 11:03 . 2011-09-22 19:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
2013-07-22 11:03 . 2011-09-22 19:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-07-22 11:03 . 2011-09-22 15:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-07-21 14:46 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-21 14:46 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-21 13:22 . 2013-07-21 13:22 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-07-21 01:45 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-07-21 01:45 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-07-20 23:52 . 2013-07-20 23:52 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-20 23:31 . 2013-07-20 23:31 -------- d-----w- c:\users\Konsowa\AppData\Roaming\PC Cleaners
2013-07-20 23:31 . 2012-12-22 17:53 4728712 ----a-w- c:\windows\uninst.exe
2013-07-20 23:31 . 2013-07-20 23:33 -------- d-----w- c:\programdata\PC1Data
2013-07-20 23:31 . 2013-07-20 23:32 -------- d-----w- c:\users\Konsowa\AppData\Roaming\PCPro
2013-07-20 23:29 . 2013-07-20 23:29 -------- d-----w- c:\programdata\PC Registry Cleaner
2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\users\Konsowa\AppData\Local\Razer
2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\users\Konsowa\AppData\Roaming\Vtools
2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\program files (x86)\Vtools
2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\programdata\Razer
2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\program files (x86)\Razer
2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\program files (x86)\Secure Speed Dial
2013-07-20 01:23 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-20 01:23 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-07-20 01:23 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-07-20 01:23 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-20 01:23 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-07-20 01:23 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-07-20 01:20 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-07-20 01:20 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-07-20 01:15 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-20 01:01 . 2013-07-20 01:01 -------- d-----w- c:\users\Konsowa\AppData\Local\YavSoft
2013-07-20 01:01 . 2013-07-20 23:41 -------- d-----w- c:\users\Konsowa\AppData\Roaming\Flash Jigsaw Producer
2013-07-20 01:01 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-20 00:55 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-20 00:55 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-20 00:26 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-07-20 00:26 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-07-20 00:26 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-07-20 00:12 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-20 00:12 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-20 00:12 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-20 00:12 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-20 00:12 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-20 00:12 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-20 00:12 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-20 00:01 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-20 00:01 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-20 00:00 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-20 00:00 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 23:49 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-07-19 23:49 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-07-19 23:38 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-07-19 23:38 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-07-19 23:26 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-19 23:26 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-07-19 23:26 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-19 23:26 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-07-19 23:26 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-07-19 23:26 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-19 23:26 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-07-19 23:26 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-19 23:26 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-19 23:26 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-07-19 22:05 . 2013-07-19 22:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-19 22:04 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-07-19 22:04 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-07-19 22:04 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-07-19 22:03 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-07-19 22:03 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-07-19 22:03 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-07-19 22:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-07-19 22:03 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-07-19 22:03 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-07-19 22:03 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-07-19 22:03 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-07-19 22:03 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-19 22:03 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-07-19 22:03 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-07-18 16:37 . 2013-07-25 22:40 -------- d-----w- c:\program files (x86)\ArtGem
2013-07-17 23:29 . 2013-07-17 23:29 -------- d-----w- C:\N360_BACKUP
2013-07-17 11:53 . 2013-07-17 11:53 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-07-17 11:51 . 2013-07-17 16:04 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-17 11:51 . 2013-07-17 11:51 -------- d-----w- c:\program files\Symantec
2013-07-17 11:51 . 2013-07-17 11:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-07-17 11:51 . 2013-07-17 22:48 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-07-17 11:51 . 2013-07-17 11:51 -------- d-----w- c:\program files (x86)\Norton 360
2013-07-17 11:47 . 2013-07-17 11:47 -------- d-----w- c:\users\Konsowa\AppData\Roaming\TuneUp Software
2013-07-17 11:44 . 2013-07-17 11:44 -------- d-----w- c:\programdata\ATI
2013-07-17 11:44 . 2013-07-17 11:44 -------- d-----w- c:\program files (x86)\AMD AVT
2013-07-17 11:35 . 2013-07-17 11:35 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-07-17 01:45 . 2013-07-21 03:51 -------- d-----w- c:\program files (x86)\Norton PC Checkup 3.0
2013-07-17 01:44 . 2013-07-17 23:22 -------- d-----w- c:\programdata\Norton
2013-07-17 01:36 . 2013-07-17 01:36 -------- d-----w- c:\users\Konsowa\AppData\Roaming\PCCUStubInstaller
2013-07-17 01:31 . 2013-07-17 01:31 -------- d-----w- c:\programdata\StarApp
2013-07-13 19:04 . 2013-07-20 23:49 2562208 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-07-13 18:55 . 2013-07-13 18:55 -------- d-----w- c:\program files\Application Verifier
2013-07-13 18:55 . 2013-07-13 18:55 -------- d-----w- c:\program files (x86)\Application Verifier
2013-07-13 18:55 . 2013-07-13 18:55 -------- d-----w- c:\programdata\Windows App Certification Kit
2013-07-13 18:53 . 2013-07-13 18:53 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
2013-07-13 18:52 . 2013-07-13 18:52 -------- d-----w- c:\program files\Microsoft
2013-07-13 18:52 . 2013-07-13 18:52 -------- d-----w- c:\program files (x86)\IIS Express
2013-07-13 18:52 . 2013-07-13 18:52 -------- d-----w- c:\program files\IIS Express
2013-07-13 18:51 . 2013-07-13 18:51 -------- d-----w- c:\program files (x86)\NuGet
2013-07-13 18:51 . 2013-07-13 18:51 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services
2013-07-13 18:42 . 2013-07-13 18:42 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2013-07-13 18:34 . 2013-07-13 19:02 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2013-07-13 18:33 . 2013-07-13 18:33 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-07-12 21:50 . 2013-07-12 21:50 8610696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-07-07 16:29 . 2013-07-07 16:31 4249600 ----a-w- c:\program files (x86)\GUT3543.tmp
2013-07-07 16:29 . 2013-07-07 16:29 -------- d-----w- c:\program files (x86)\GUM3542.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 00:04 . 2011-11-21 09:02 2485920 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-07-19 22:05 . 2013-03-09 08:20 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-19 22:05 . 2012-01-11 15:47 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-15 23:43 . 2012-01-20 16:47 95247 ----a-w- c:\windows\PixtopianBook Uninstaller.exe
2013-07-12 21:50 . 2012-04-01 14:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-12 21:50 . 2011-12-15 18:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-23 22:41 . 2011-11-18 11:11 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-05-13 21:24 . 2012-06-14 22:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 08:32 . 2013-05-02 08:32 2274480 ----a-w- c:\windows\system32\coin94.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-07-28 393216]
"Skype"="c:\program files (x86)\Skype\Phone\skype.exe" [2013-07-19 18642024]
"cdloader"="c:\users\Konsowa\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"RL Uninstaller"="del" [X]
.
c:\users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2013-5-13 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNA TIVE\drivers\EagleX64.sys [x]
R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRI VERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbe numfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Gun;Gun;d:\softnyxgame\GunBoundIS\Gun64.sys;d:\softnyxgame\GunBoundIS\Gun64 .sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\ windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sy s;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys; c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 KeDetective131;KeDetective131;c:\windows\system32\Drivers\KeDetective131.sy s;c:\windows\SYSNATIVE\Drivers\KeDetective131.sys [x]
R3 KIKIDRIVER;KIKIDRIVER;c:\users\Konsowa\Desktop\Kiki Engine 1.41\kiki.sys;c:\users\Konsowa\Desktop\Kiki Engine 1.41\kiki.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIV ERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Revolution1;Revolution1;c:\users\Konsowa\AppData\Local\Temp\Rar$EX04.512\SH AK3.sys;c:\users\Konsowa\AppData\Local\Temp\Rar$EX04.512\SHAK3.sys [x]
R3 SysCom1;SysCom1;c:\users\Konsowa\AppData\Local\Temp\Rar$EX23.992\Ghost Killer Girl\SoRa.sys;c:\users\Konsowa\AppData\Local\Temp\Rar$EX23.992\Ghost Killer Girl\SoRa.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers \TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drive rs\usbaapl64.sys [x]
R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys;c:\windows\SYSNATIVE\DRIVER S\tinspusb.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 wolf;wolf;c:\game\SoftnyxGame\WolfTeamIS\wolf64.sys;c:\game\SoftnyxGame\Wol fTeamIS\wolf64.sys [x]
R3 X6va005;X6va005;c:\users\Konsowa\AppData\Local\Temp\005104D.tmp;c:\users\Ko nsowa\AppData\Local\Temp\005104D.tmp [x]
R3 X6va008;X6va008;c:\users\Konsowa\AppData\Local\Temp\008561.tmp;c:\users\Kon sowa\AppData\Local\Temp\008561.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Dri vers\X6va009 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Dri vers\X6va012 [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\ xsherlock.xem [x]
R3 xspirit;xspirit;c:\windows\xspirit.sys;c:\windows\xspirit.sys [x]
R4 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe;c:\xampplite\apache\b in\httpd.exe [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
R4 Mobinil USB Modem. RunOuc;Mobinil USB Modem. OUC;c:\program files (x86)\Mobinil USB Modem\UpdateDog\ouc.exe;c:\program files (x86)\Mobinil USB Modem\UpdateDog\ouc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 PhontonDashboardService;Photon dashboard service;c:\users\Konsowa\Documents\Photon\deploy\bin_Tools\dashboard\Photon Dashboard.exe;c:\users\Konsowa\Documents\Photon\deploy\bin_Tools\dashboard\ PhotonDashboard.exe [x]
R4 Photon Socket Server: Default;Photon Socket Server: Default;c:\users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocketServ er.exe;c:\users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocketServe r.exe [x]
R4 Photon Socket Server: LoadBalancing;Photon Socket Server: LoadBalancing;c:\users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSock etServer.exe;c:\users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocke tServer.exe [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVER S\RsFx0105.sys [x]
R4 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\window s\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\ windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\win dows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRI VERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130725.001\IDSvia64.sys;c :\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130725.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windo ws\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windo ws\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIV ERS\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSN ATIVE\drivers\cpuz135_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\ HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf .sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci .sys [x]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\S YSNATIVE\DRIVERS\appliand.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVE RS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVE RS\asmtxhci.sys [x]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVER S\athrxusb.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drive rs\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS \vrtaucbl.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenu m.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVER S\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\ DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSN ATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\S YSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATI VE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: Free YouTube Download - c:\users\Konsowa\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.ht m
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: Interfaces\{1CFCBFF4-A3BE-4BCD-B59C-BC570DDDC709}: NameServer = 213.131.65.20 213.131.66.246
TCP: Interfaces\{44BAA6BC-7532-4FA6-9738-AB5E49198948}: NameServer = 213.131.65.20 213.131.66.246
TCP: Interfaces\{D99268AF-4CBF-4C65-9C2B-146A58A9BB5C}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\67zcrcqj.default-1374416997754\
FF - ExtSQL: 2013-07-19 23:48; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-20 04:14; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn
FF - ExtSQL: 2013-07-21 03:34; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BlackBerry_Desktop - c:\program files (x86)\Research In Motion\BlackBerry Desktop\InstallerUtils\InstallerUtils.exe
AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-P2Pcontrol - c:\program files (x86)\P2Pcontrol\uninst.exe
AddRemove-SuddenAttackNA - c:\programdata\NexonUS\NGM\NGM.exe
AddRemove-NCsoft-Lineage2 - c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
"ImagePath"="\"c:\users\Konsowa\Documents\Photon\deploy\bin_Tools\dashboard \PhotonDashboard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Photon Socket Server: Default]
"ImagePath"="c:\users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocke tServer.exe /service Default"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Photon Socket Server: LoadBalancing]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WINIO]
"ImagePath"="8\18"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Konsowa\AppData\Local\Temp\005104D.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\Konsowa\AppData\Local\Temp\008561.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3920387077-942025914-700066375-1000\Software\SecuROM\License information*]
"datasecu"=hex:58,e4,30,e6,f1,53,79,fb,7c,c0,37,bd,57,9f,3d,4e,4f,d4,ab,96, 89,
62,d3,47,47,d7,c2,5f,57,18,c7,59,3d,20,fd,d4,2a,95,52,0d,aa,7f,f7,e8,69,fc, \
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_USERS\S-1-5-21-3920387077-942025914-700066375-1000_Classes\Wow6432Node\CLSID\{4b8f6ff0-597d-4d60-ad54-3ebcf90d5e38}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000039
"Therad"=dword:00000010
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f, 5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68, \
.
[HKEY_USERS\S-1-5-21-3920387077-942025914-700066375-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a5,6f,76,8e,64,00,bc,54,44,25,d7,6e,60,49,d6,a1,8d,47,77,c7 ,c6,
2d,e2,8f,8f,9c,bd,7d,5e,da,1a,79,9f,a5,4d,d1,6e,12,c6,46,00,00,00,00,00,00, \
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-26 14:38:55
ComboFix-quarantined-files.txt 2013-07-26 12:38
.
Pre-Run: 114,272,223,232 bytes free
Post-Run: 114,100,084,736 bytes free
.
- - End Of File - - 574186AE220EC011F5C877E27D8ECB5C
D41D8CD98F00B204E9800998ECF8427E
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑