1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot Remove Adware PLEASE HELP!

Discussion in 'Virus & Other Malware Removal' started by rahuls1392, Mar 7, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. rahuls1392

    rahuls1392 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    4
    Hello

    I currently am having some adware issues. I keep getting popups that randomly come up no matter what website I'm on. I'm pretty sure it has to do with a program I uninstalled called FirstRowSport Desktop App. The ads I get are from RedOrbit or download4free.org and some other random sites. Please HELP because they are a real pain! Here are my logs:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:59:38 PM, on 3/6/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [autoauto] c.bat
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18A430X505PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Rahul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [ChromeFrameHelper] "C:\Users\Rahul\AppData\Local\Google\Chrome\Application\25.0.1364.152\chrome_frame_helper.exe" --startup
    O4 - Startup: Dropbox.lnk = Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Rahul\AppData\Local\Google\Chrome\Application\25.0.1364.152\npchrome_frame.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15883 bytes







    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
    Run by Rahul at 23:00:57 on 2013-03-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3145 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Windows\System32\StikyNot.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\25.0.1364.152\chrome_frame_helper.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\splwow64.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.espn.com/
    uProxyOverride = localhost;127.0.0.1;<local>
    uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18A430X505PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
    uRun: [Google Update] "C:\Users\Rahul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [ChromeFrameHelper] "C:\Users\Rahul\AppData\Local\Google\Chrome\Application\25.0.1364.152\chrome_frame_helper.exe" --startup
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [autoauto] c.bat
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Rahul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617}\0557E6A61626960235771676 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617}\25168657C62E08993702960586F6E656 : DHCPNameServer = 172.26.38.1 172.26.38.2
    TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617}\3547574656E64737D25535369656E6365637 : DHCPNameServer = 10.1.10.222 10.1.10.202
    TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617}\73B4F4B413 : DHCPNameServer = 192.168.1.1 162.150.8.16
    TCP: Interfaces\{2BF940FA-41EB-4839-A78B-2E2A93BC3617}\7457563747D25535369656E6365637 : DHCPNameServer = 10.128.128.128
    TCP: Interfaces\{6BC704D3-C52F-4583-8471-A19B14B93D76} : DHCPNameServer = 172.26.38.1 172.26.38.2
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Rahul\AppData\Local\Google\Chrome\Application\25.0.1364.152\npchrome_frame.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-12 283200]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-12-11 89600]
    R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-14 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-14 2375168]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-14 2656280]
    R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
    R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-7-30 32880]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-18 77936]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 iscFlash;iscFlash;C:\SWSetup\sp60704\iscflashx64.sys [2013-3-4 49216]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-14 335464]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-6 1255736]
    S4 KCTRP;KCTRP;C:\Program Files\ColdTurkey\kctrp_srv.exe [2012-4-4 40960]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-03-06 06:14:22 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4810774-2651-400B-A6B4-4973E6D278D3}\mpengine.dll
    2013-03-05 11:07:17 9162192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-03-03 00:33:05 -------- d-----w- C:\Program Files\iPod
    2013-03-03 00:33:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-03-03 00:33:04 -------- d-----w- C:\Program Files\iTunes
    2013-03-03 00:33:04 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-03-02 22:50:09 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-27 00:03:59 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-02-17 07:21:43 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CAE53D3C-E7ED-481D-A05C-BB304366B6A5}\gapaengine.dll
    2013-02-17 07:20:27 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2013-02-17 07:20:21 -------- d-----w- C:\Program Files\Microsoft Security Client
    2013-02-17 05:16:27 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-02-17 05:16:14 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2013-02-17 05:16:05 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2013-02-17 05:15:57 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-02-16 23:32:05 -------- d-----w- C:\Users\Rahul\AppData\Roaming\Malwarebytes
    2013-02-16 23:31:57 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2013-02-14 18:04:26 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 18:04:26 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 00:17:16 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-02-13 00:17:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-13 00:17:15 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-02-13 00:17:07 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-13 00:17:06 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-02-13 00:17:06 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-02-13 00:17:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-02-13 00:17:06 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-02-13 00:17:06 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-02-13 00:17:05 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-02-13 00:17:03 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-13 00:17:03 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-02-12 22:53:30 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2013-02-12 22:53:27 -------- d-----w- C:\Users\Rahul\AppData\Roaming\DAEMON Tools Pro
    2013-02-12 22:53:24 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
    2013-02-12 22:46:47 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
    2013-02-11 23:40:12 -------- d-----w- C:\Users\Rahul\AppData\Local\{88978023-17CE-4A95-82EA-F268F8CD3190}
    2013-02-11 23:09:40 -------- d-----w- C:\a
    .
    ==================== Find3M ====================
    .
    2013-03-02 22:49:58 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-03-02 22:49:57 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-02-26 22:00:09 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-26 22:00:09 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-12-20 19:10:12 741 ----a-w- C:\Windows\SysWow64\lod1.vbs
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-13 18:50:38 6112864 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2012-12-13 18:50:36 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    .
    ============= FINISH: 23:03:48.29 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/3/2011 11:21:23 AM
    System Uptime: 3/5/2013 10:37:12 AM (37 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1650
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU1 | 2277/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 582 GiB total, 246.768 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.547 GiB free.
    E: is CDROM ()
    F: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP195: 2/26/2013 6:38:29 PM - Windows Update
    RP196: 2/26/2013 7:03:47 PM - Windows Update
    RP197: 3/1/2013 9:53:59 PM - Windows Update
    RP198: 3/2/2013 5:48:44 PM - Removed Java(TM) 6 Update 39
    RP199: 3/2/2013 5:49:38 PM - Installed Java 7 Update 15
    RP200: 3/3/2013 10:08:33 PM - Removed VLC Amigo Setup
    RP201: 3/4/2013 12:06:12 PM - Removed Plex Media Server
    RP202: 3/4/2013 3:18:54 PM - HPSF Applying updates
    RP203: 3/4/2013 3:18:54 PM - HPSF Applying updates
    RP204: 3/4/2013 9:52:47 PM - Removed Halo 2 for Windows Vista
    RP205: 3/5/2013 6:06:52 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.6)
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    ALPS Touch Pad Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    AuthenTec TrueAPI
    Bejeweled 2 Deluxe
    Bejeweled 3
    Blackhawk Striker 2
    Blasterball 3
    Bonjour
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    Cold Turkey version 0.6
    D3DX10
    DAEMON Tools Pro
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Dropbox
    Energy Star Digital Logo
    Farm Frenzy
    FATE - The Traitor Soul
    Google Chrome
    Google Chrome Frame
    Hewlett-Packard ACLM.NET v1.2.1.1
    HP 3D DriveGuard
    HP Client Services
    HP CoolSense
    HP Customer Experience Enhancements
    HP Deskjet 3050A J611 series Basic Device Software
    HP Deskjet 3050A J611 series Help
    HP Deskjet 3050A J611 series Product Improvement Study
    HP Documentation
    HP Games
    HP MediaSmart Webcam
    HP On Screen Display
    HP Power Manager
    HP Product Detection
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP SimplePass 2011
    HP Software Framework
    HP Support Assistant
    HP Update
    HPDiagnosticAlert
    iCloud
    IDT Audio
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel(R) Wireless Display
    iTunes
    Java 7 Update 15
    Java Auto Updater
    Java(TM) 6 Update 24 (64-bit)
    Junk Mail filter update
    Mah Jong Medley
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Mathematics (64-bit)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars PAC-MAN
    NVIDIA PhysX
    Penguins!
    Plants vs. Zombies - Game of the Year
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek PCIE Card Reader
    RealUpgrade 1.1
    Recovery Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Shockwave
    Skype™ 5.10
    Slingo Supreme
    System Requirements Lab CYRI
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    Validity WBF DDK
    Virtual Villagers 4 - The Tree of Life
    VLC media player 2.0.5
    VLC Setup Helper
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinZip 15.0
    Zuma Deluxe
    .
    ==== End Of File ===========================






    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-03-07 01:19:33
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596.17GB
    Running: gmer.exe; Driver: C:\Users\Rahul\AppData\Local\Temp\pwlorpog.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
    .text ... * 9
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Roaming\Dropbox\bin\Dropbox.exe[3792] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
    .text ... * 9
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
    ? C:\Windows\system32\mssprxy.dll [2400] entry point in ".rdata" section 00000000745471e6
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0x9cbe28; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0x9cbe68; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0x9cbda8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0x9cbd28; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0x9cbf28; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0x9cbf68; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0x9cbee8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0x9cbea8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0x9cbc68; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0x9cbca8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0x9cbc28; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0x9cbde8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0x9cbd68; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0x9cbce8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
    .text ... * 9
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0x520a28; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0x520a68; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0x5209a8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0x520928; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0x520b28; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0x520b68; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0x520ae8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0x520aa8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0x520868; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0x5208a8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0x520828; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0x5209e8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0x520968; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0x5208e8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
    .text ... * 9
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[6900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077def991 7 bytes {MOV EDX, 0xa4e228; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077defbd5 7 bytes {MOV EDX, 0xa4e268; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077defc05 7 bytes {MOV EDX, 0xa4e1a8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077defc1d 7 bytes {MOV EDX, 0xa4e128; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077defc35 7 bytes {MOV EDX, 0xa4e328; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077defc65 7 bytes {MOV EDX, 0xa4e368; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077defce5 7 bytes {MOV EDX, 0xa4e2e8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077defcfd 7 bytes {MOV EDX, 0xa4e2a8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077defd49 7 bytes {MOV EDX, 0xa4e068; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077defe41 7 bytes {MOV EDX, 0xa4e0a8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077df0099 7 bytes {MOV EDX, 0xa4e028; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077df10a5 7 bytes {MOV EDX, 0xa4e1e8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077df111d 7 bytes {MOV EDX, 0xa4e168; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077df1321 7 bytes {MOV EDX, 0xa4e0e8; JMP RDX}
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
    .text ... * 9
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
    .text ... * 9
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077da1401 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077da1419 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077da1431 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077da144a 2 bytes [DA, 77]
    .text ... * 9
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077da14dd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077da14f5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077da150d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077da1525 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077da153d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077da1555 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077da156d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077da1585 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077da159d 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077da15b5 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077da15cd 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077da16b2 2 bytes [DA, 77]
    .text C:\Users\Rahul\AppData\Local\Google\Chrome\Application\chrome.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077da16bd 2 bytes [DA, 77]

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE [2376:6692] 00000000753246fa
    Thread C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE [2376:6760] 000000005b5dc594
    ---- Processes - GMER 2.0 ----

    Library C:\Program (*** suspicious ***) @ C:\Windows\Explorer.EXE [3476] 000007fefb690000
    Library C:\Program (*** suspicious ***) @ C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [6728] 0000000071990000

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 21514

    ---- Files - GMER 2.0 ----

    File C:\Users\Rahul\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001712 0 bytes
    File C:\Users\Rahul\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001713 0 bytes

    ---- EOF - GMER 2.0 ----


    Thanks in advance!
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  3. rahuls1392

    rahuls1392 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    4
    # AdwCleaner v2.114 - Logfile created 03/07/2013 at 16:24:53
    # Updated 05/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Rahul - RAHULSPC
    # Boot Mode : Normal
    # Running from : C:\Users\Rahul\Desktop\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\user.js
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\Users\Rahul\AppData\Local\Babylon
    Folder Found : C:\Users\Rahul\AppData\Local\Conduit
    Folder Found : C:\Users\Rahul\AppData\Local\Temp\BabylonToolbar
    Folder Found : C:\Users\Rahul\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Rahul\AppData\Roaming\Babylon
    Folder Found : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\extensions\[email protected]
    Folder Found : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\FCTB

    ***** [Registry] *****

    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKU\S-1-5-21-3381474868-4023708455-3436545268-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v [Unable to get version]

    File : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\prefs.js

    Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109035&babsrc=HP_ss&mntrId=3[...]
    Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109035");
    Found : user_pref("extensions.BabylonToolbar_i.hardId", "365d51760000000000002c4138121a7a");
    Found : user_pref("extensions.BabylonToolbar_i.id", "365d51760000000000002c4138121a7a");
    Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15465");
    Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:04:34");
    Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Found : user_pref("extensions.crossriderapp498.498.InstallationThankYouPage", true);
    Found : user_pref("extensions.crossriderapp498.498.affid", "0");
    Found : user_pref("extensions.crossriderapp498.498.backgroundjs", "\n/**************************************[...]
    Found : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:[...]
    Found : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1318887292");
    Found : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:0[...]
    Found : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22defa[...]
    Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.expiration", "Mon Oct 24 2011 17:35:52 GM[...]
    Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.value", "%7B%22geoplugin_city%22%3A%22Tom[...]
    Found : user_pref("extensions.crossriderapp498.498.description", "RewardsArcade is a platform that allows us[...]
    Found : user_pref("extensions.crossriderapp498.498.domain", "www.rewardsarcade.com");
    Found : user_pref("extensions.crossriderapp498.498.emailsig", "");
    Found : user_pref("extensions.crossriderapp498.498.exposesites", "");
    Found : user_pref("extensions.crossriderapp498.498.fbremoteurl", "");
    Found : user_pref("extensions.crossriderapp498.498.group", 0);
    Found : user_pref("extensions.crossriderapp498.498.homepage", "");
    Found : user_pref("extensions.crossriderapp498.498.iframe", false);
    Found : user_pref("extensions.crossriderapp498.498.js", "\n\n(function($) { \n\n $.geoplugin = function(o[...]
    Found : user_pref("extensions.crossriderapp498.498.publisher", "215 Apps");
    Found : user_pref("extensions.crossriderapp498.498.thankyou", "hxxp://www.rewardsarcade.com/r.php");
    Found : user_pref("extensions.crossriderapp498.498.ver", 36);
    Found : user_pref("extensions.crossriderapp498.apps", "498");
    Found : user_pref("extensions.crossriderapp498.bic", "13313cfc5fcafc4ec894f37e3ccdaa91");
    Found : user_pref("extensions.crossriderapp498.cid", 498);
    Found : user_pref("extensions.crossriderapp498.hadappinstalled", true);
    Found : user_pref("extensions.crossriderapp498.installationdate", 1318887344);
    Found : user_pref("extensions.crossriderapp498.jsver", 3);
    Found : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.customNewTab", false);
    Found : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.processAddrBar", false);
    Found : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.user_id", "52174561");
    Found : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.disablecuidinject", "1");
    Found : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.lastcheck", "Mon%20Oct%2017%202011%2017%3A[...]
    Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109035&babsrc=KW_ss&mntrId=365d5176000000[...]

    -\\ Google Chrome v25.0.1364.152

    File : C:\Users\Rahul\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [7583 octets] - [07/03/2013 16:24:53]

    ########## EOF - C:\AdwCleaner[R1].txt - [7643 octets] ##########
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    tell us if all the problems have been solved or if you still have any
     
  5. rahuls1392

    rahuls1392 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    4
    # AdwCleaner v2.114 - Logfile created 03/08/2013 at 06:50:42
    # Updated 05/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Rahul - RAHULSPC
    # Boot Mode : Normal
    # Running from : C:\Users\Rahul\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\Users\Rahul\AppData\Local\Babylon
    Folder Deleted : C:\Users\Rahul\AppData\Local\Conduit
    Folder Deleted : C:\Users\Rahul\AppData\Local\Temp\BabylonToolbar
    Folder Deleted : C:\Users\Rahul\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Rahul\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\extensions\[email protected]
    Folder Deleted : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\FCTB

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v [Unable to get version]

    File : C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\prefs.js

    C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\cy3h5vjl.default\user.js ... Deleted !

    Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109035&babsrc=HP_ss&mntrId=3[...]
    Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109035");
    Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "365d51760000000000002c4138121a7a");
    Deleted : user_pref("extensions.BabylonToolbar_i.id", "365d51760000000000002c4138121a7a");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15465");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:04:34");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Deleted : user_pref("extensions.crossriderapp498.498.InstallationThankYouPage", true);
    Deleted : user_pref("extensions.crossriderapp498.498.affid", "0");
    Deleted : user_pref("extensions.crossriderapp498.498.backgroundjs", "\n/**************************************[...]
    Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:[...]
    Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1318887292");
    Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:0[...]
    Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22defa[...]
    Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.expiration", "Mon Oct 24 2011 17:35:52 GM[...]
    Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.value", "%7B%22geoplugin_city%22%3A%22Tom[...]
    Deleted : user_pref("extensions.crossriderapp498.498.description", "RewardsArcade is a platform that allows us[...]
    Deleted : user_pref("extensions.crossriderapp498.498.domain", "www.rewardsarcade.com");
    Deleted : user_pref("extensions.crossriderapp498.498.emailsig", "");
    Deleted : user_pref("extensions.crossriderapp498.498.exposesites", "");
    Deleted : user_pref("extensions.crossriderapp498.498.fbremoteurl", "");
    Deleted : user_pref("extensions.crossriderapp498.498.group", 0);
    Deleted : user_pref("extensions.crossriderapp498.498.homepage", "");
    Deleted : user_pref("extensions.crossriderapp498.498.iframe", false);
    Deleted : user_pref("extensions.crossriderapp498.498.js", "\n\n(function($) { \n\n $.geoplugin = function(o[...]
    Deleted : user_pref("extensions.crossriderapp498.498.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp498.498.thankyou", "hxxp://www.rewardsarcade.com/r.php");
    Deleted : user_pref("extensions.crossriderapp498.498.ver", 36);
    Deleted : user_pref("extensions.crossriderapp498.apps", "498");
    Deleted : user_pref("extensions.crossriderapp498.bic", "13313cfc5fcafc4ec894f37e3ccdaa91");
    Deleted : user_pref("extensions.crossriderapp498.cid", 498);
    Deleted : user_pref("extensions.crossriderapp498.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp498.installationdate", 1318887344);
    Deleted : user_pref("extensions.crossriderapp498.jsver", 3);
    Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.customNewTab", false);
    Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.processAddrBar", false);
    Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.user_id", "52174561");
    Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.disablecuidinject", "1");
    Deleted : user_pref("freecauseb9dbe2c0031f4cad911af4a7381d79c0.vars.lastcheck", "Mon%20Oct%2017%202011%2017%3A[...]
    Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109035&babsrc=KW_ss&mntrId=365d5176000000[...]

    -\\ Google Chrome v25.0.1364.152

    File : C:\Users\Rahul\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [7708 octets] - [07/03/2013 16:24:53]
    AdwCleaner[S1].txt - [7762 octets] - [08/03/2013 06:50:42]

    ########## EOF - C:\AdwCleaner[S1].txt - [7822 octets] ##########






    Thanks for the help!
    Unfortunately, this did not solve my problem on Chrome. I am still getting popups randomly.
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    The only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
    first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
    Then reboot & reinstall chrome
     
  7. rahuls1392

    rahuls1392 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    4
    Thanks! This seems to have worked. Is there any way I can make sure that there are no more reminants of the program on my computer? Just to be sure.
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    that is all we can do
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1092143