1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Svchost trojan in appdata/local/temp

Discussion in 'Virus & Other Malware Removal' started by XmarinusX, Jan 5, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. XmarinusX

    XmarinusX Thread Starter

    Joined:
    Jan 4, 2013
    Messages:
    10
    Hello,
    Yesterday I did a scan with my virus scanner (Esset NOD32) and it said I´ve got a trojan in AppData/local/temp called svchost1084060474670986440.jar So I downloaded the program Malwarebytes Anti-Malware and did a quick scan. And also that said that there trojan in svchost. But it hasn´t done good removing it, nor did NOD32.

    You can see my log from MalwareBytes below:

    System specs:
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz, Intel64 Family 6 Model 37 Stepping 5
    Processor Count: 4
    RAM: 8183 Mb
    Graphics Card: AMD Radeon HD 6600 Series, 512 Mb
    Hard Drives: C: Total - 911780 MB, Free - 513025 MB; D: Total - 40959 MB, Free - 21560 MB;
    Motherboard: MEDIONPC, MS-7708
    Antivirus: ESET NOD32 Antivirus 5.2, Updated and Enabled

    MalwareBytes log:

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.04.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Marijn :: MARIJN-MEDION [administrator]

    Protection: Enabled

    5-1-2013 1:10:33
    mbam-log-2013-01-05 (01-10-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213283
    Time elapsed: 3 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Backdoor.Bot) -> Data: C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/Marijn/AppData/Local/Temp/svchost1084060474670986440.jar" -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    I hope so that someone can help me removing this trojan!
    Thanks in advance!
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    follow advice here and post the logs those programs make
     
  3. XmarinusX

    XmarinusX Thread Starter

    Joined:
    Jan 4, 2013
    Messages:
    10
    Thanks for the quick response!!

    HijackThis logfile:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:28:04, on 5-1-2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Marijn\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2865317
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: uTorrentBar_NL - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [svchost] C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/Marijn/AppData/Local/Temp/svchost1084060474670986440.jar"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14152 bytes

    dds.txt:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Marijn at 13:31:46 on 2013-01-05
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.8183.5799 [GMT 1:00]
    .
    AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2865317
    uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [AdobeBridge] <no file>
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [ThrustTSR] C:\Program Files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    StartupFolder: C:\Users\Marijn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZILL~1.LNK - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    TCP: NameServer = 192.168.2.254
    TCP: Interfaces\{4AAB77ED-6482-46FB-AFBE-5DB0DE78E73B} : DHCPNameServer = 192.168.2.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Marijn\AppData\Roaming\Mozilla\Firefox\Profiles\x1o40a1o.default\
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-12-21 13:52; [email protected]otcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-21 56208]
    R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-9 203776]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-27 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-5 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-5 682344]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-5 24176]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-20 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-20 181248]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-27 412776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
    S3 imhidusb;Immersion's HID USB Driver;C:\Windows\System32\drivers\imhidusb.sys [2012-10-27 23040]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-5 19456]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
    S3 SaiHFF04;SaiHFF04;C:\Windows\System32\drivers\SaiHFF04.sys [2012-11-5 171144]
    S3 SaiIFF04;Immersion's HID USB Driver (FF04);C:\Windows\System32\drivers\SaiIFF04.sys [2012-11-5 20608]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-5 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-9-17 14544]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-05 00:09:46 -------- d-----w- C:\Users\Marijn\AppData\Roaming\Malwarebytes
    2013-01-05 00:09:35 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-05 00:09:34 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-01-05 00:09:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-04 23:13:22 -------- d-----w- C:\Users\Marijn\AppData\Local\ESET
    2013-01-04 20:31:52 -------- d-----w- C:\Users\Marijn\AppData\Local\Colin_Vella
    2013-01-04 20:31:35 -------- d-----w- C:\Program Files (x86)\tIDE
    2013-01-04 12:06:24 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8AEC997-BC4B-4D3F-8B8C-3F18B6D507C6}\offreg.dll
    2013-01-04 11:48:17 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8AEC997-BC4B-4D3F-8B8C-3F18B6D507C6}\mpengine.dll
    2012-12-30 19:17:16 -------- d-----w- C:\Users\Marijn\AppData\Local\Flash Builder
    2012-12-27 21:22:39 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
    2012-12-27 21:02:50 -------- d-----w- C:\Program Files (x86)\Audacity
    2012-12-26 21:54:24 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
    2012-12-26 21:54:23 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
    2012-12-26 21:54:23 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
    2012-12-26 21:54:22 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
    2012-12-26 21:54:21 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
    2012-12-26 21:53:38 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
    2012-12-26 12:11:20 -------- d-----w- C:\Program Files (x86)\Tiled
    2012-12-25 14:33:07 -------- d-----w- C:\Users\Marijn\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-12-25 13:17:34 -------- d-----w- C:\Program Files (x86)\Common Files\SourceTec
    2012-12-25 13:17:29 -------- d-----w- C:\Program Files (x86)\SourceTec
    2012-12-25 12:45:43 -------- d-----w- C:\Users\Marijn\AppData\Local\Macromedia
    2012-12-25 12:45:26 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-25 12:45:26 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-25 12:30:17 -------- d-----w- C:\Users\Marijn\AppData\Local\Mozilla
    2012-12-21 21:13:52 -------- d-----w- C:\Program Files (x86)\WinSCP
    2012-12-21 13:05:19 -------- d-----w- C:\ProgramData\ALM
    2012-12-21 12:58:27 -------- d-----w- C:\Users\Marijn\Adobe Flash Builder 4.6
    2012-12-21 12:47:18 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
    2012-12-21 12:47:18 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
    2012-12-21 12:47:18 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
    2012-12-21 12:47:18 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
    2012-12-21 12:47:18 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2012-12-21 12:47:14 -------- d-----w- C:\Program Files (x86)\My Company Name
    2012-12-21 08:49:49 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 08:49:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 08:49:48 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 08:49:48 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 15:26:51 -------- d-----w- C:\Users\Marijn\AppData\Local\Apple Computer
    2012-12-16 15:26:47 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-12-16 15:26:10 -------- d-----w- C:\Program Files\iPod
    2012-12-16 15:26:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-16 15:26:08 -------- d-----w- C:\Program Files\iTunes
    2012-12-16 15:26:08 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-12-16 15:24:39 -------- d-----w- C:\Users\Marijn\AppData\Local\Apple
    2012-12-16 15:23:45 -------- d-----w- C:\Program Files\Bonjour
    2012-12-16 15:23:45 -------- d-----w- C:\Program Files (x86)\Bonjour
    2012-12-12 13:55:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-12 13:55:12 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-12-12 13:54:39 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-12 13:54:01 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-12-12 13:54:00 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-12-12 13:54:00 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-12-07 20:01:13 -------- d-----w- C:\Users\Marijn\AppData\Local\Adobe
    .
    ==================== Find3M ====================
    .
    2012-11-24 18:24:10 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-24 18:24:00 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-11-24 18:24:00 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-11-21 15:21:49 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
    2012-11-15 20:58:50 407047 ----a-w- C:\Windows\SysWow64\mioengine.exe
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-04 19:15:23 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
    2012-11-04 16:31:57 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-11-04 16:31:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-27 19:34:37 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-10-27 19:34:30 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-10-27 19:34:30 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-10-27 17:28:18 0 ----a-w- C:\Windows\ativpsrm.bin
    2012-10-27 12:41:56 268435456 --sha-w- C:\swapfile.sys
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    .
    ============= FINISH: 13:32:17,78 ===============

    attach.txt:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 27-10-2012 19:22:21
    System Uptime: 5-1-2013 12:30:55 (1 hours ago)
    .
    Motherboard: MEDIONPC | | MS-7708
    Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz | CPU 1 | 3200/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 890 GiB total, 501,072 GiB free.
    D: is FIXED (NTFS) - 40 GiB total, 21,055 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
    Device ID: USB\VID_13D3&PID_3306\00E04C000001
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
    PNP Device ID: USB\VID_13D3&PID_3306\00E04C000001
    Service: RTL8192su
    .
    ==== System Restore Points ===================
    .
    RP55: 4-1-2013 21:31:02 - Installed tIDE v2.0.6
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Creative Suite 6 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Reader XI - Nederlands
    Adobe Widget Browser
    Age of Empires III
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    µTorrent
    Audacity 2.0.2
    bl
    Bonjour
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 4.0
    Canon MP495 series MP Drivers
    Canon My Printer
    Canon Solution Menu EX
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Norwegian
    CCC Help Spanish
    CCC Help Swedish
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    ESET NOD32 Antivirus
    Euro Truck Simulator 2
    F1 2012
    Farming Simulator 2013
    FileZilla Client 3.6.0.2
    Gebruikersregistratie voor Canon MP495 series
    Google Chrome
    Google Update Helper
    HandBrake 0.9.8
    Intel(R) Rapid Storage Technology
    iTunes
    Java 7 Update 9
    Java 7 Update 9 (64-bit)
    Java Auto Updater
    Java(TM) SE Development Kit 7 (64-bit)
    LAME v3.99.3 (for Windows)
    League of Legends
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (Dutch) 2010
    Microsoft Office Excel MUI (Dutch) 2010
    Microsoft Office Groove MUI (Dutch) 2010
    Microsoft Office InfoPath MUI (Dutch) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (Dutch) 2010
    Microsoft Office Outlook MUI (Dutch) 2010
    Microsoft Office PowerPoint MUI (Dutch) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proofing (Dutch) 2010
    Microsoft Office Publisher MUI (Dutch) 2010
    Microsoft Office Shared 32-bit MUI (Dutch) 2010
    Microsoft Office Shared MUI (Dutch) 2010
    Microsoft Office Word MUI (Dutch) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 17.0.1 (x86 nl)
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0 (x86 nl)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need for Speed Most Wanted
    Need For Speed poursuite infernale 2
    Notepad++
    Ogmo Editor
    Pando Media Booster
    PDF Settings CS6
    ph
    Razer Game Booster
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 64-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
    Skype Click to Call
    Skype™ 6.0
    Sothink SWF Decompiler
    Sothink SWF Editor version 1.0
    Thrustmapper
    Thrustmaster FFB Wheel driver
    Thrustmaster Force Feedback Driver
    tIDE v2.0.6
    Tiled - Tiled Map Editor
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
    uTorrentBar_NL Toolbar
    Windows Driver Package - Guillemot (SaiHFF04) MEDIA (05/01/2007 6.0.4.1)
    WinRAR 4.00 (64-bit)
    WinSCP 5.1.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5-1-2013 12:32:19, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    4-1-2013 20:46:02, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================

    ark.txt:
    GMER 2.0.18327 - http://www.gmer.net
    Rootkit scan 2013-01-05 13:46:09
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JC4O 931,51GB
    Running: sjq9s0yu.exe; Driver: C:\Users\Marijn\AppData\Local\Temp\fglcifoc.sys


    ---- Kernel code sections - GMER 2.0 ----

    .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88004828d64 12 bytes [48, B8, A0, 72, 27, 0A, 80, ...]

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000749d87b1 4 bytes [C2, 04, 00, 00]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2080] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000749d87b1 5 bytes [33, C0, C2, 04, 00]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    ? C:\Windows\system32\mssprxy.dll [2468] entry point in ".rdata" section 0000000073ce71e6
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 82, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 82, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 81, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 81, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 83, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 83, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 82, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 82, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 80, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 80, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 80, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 81, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 81, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 80, B2, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 12, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 12, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 11, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 11, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 13, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 13, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 12, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 12, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 10, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 10, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 10, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 11, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 11, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 10, FD, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 8E, 31, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 8E, 31, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 2 bytes [BA, A8]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 2 bytes [BA, 28]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 8F, 31, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 8F, 31, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 8E, 31, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 8E, 31, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 8C, 31, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 8C, 31, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 8C, 31, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 2 bytes [BA, E8]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 2 bytes [BA, 68]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 8C, 31, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 6E, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 6E, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 6D, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 6D, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 6F, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 6F, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 6E, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 6E, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 6C, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 6C, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 6C, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 6D, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 6D, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 6C, 6F, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, EE, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, EE, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, ED, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, ED, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, EF, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, EF, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, EE, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, EE, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, EC, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, EC, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, EC, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, ED, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, ED, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, EC, 00, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 1A, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 1A, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 19, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 19, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 1B, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 1B, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 1A, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 1A, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 18, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 18, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 18, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 19, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 19, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 18, D9, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 2E, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 2E, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 2D, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 2D, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 2F, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 2F, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 2E, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 2E, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 2C, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 2C, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 2C, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 2D, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 2D, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 2C, 01, 01, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 7 bytes [BA, 28, 66, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 7 bytes [BA, 68, 66, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 7 bytes [BA, A8, 65, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 7 bytes [BA, 28, 65, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 7 bytes [BA, 28, 67, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 7 bytes [BA, 68, 67, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 7 bytes [BA, E8, 66, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 7 bytes [BA, A8, 66, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 7 bytes [BA, 68, 64, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 7 bytes [BA, A8, 64, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 7 bytes [BA, 28, 64, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 7 bytes [BA, E8, 65, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 7 bytes [BA, 68, 65, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 7 bytes [BA, E8, 64, A0, 00, FF, E2]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761b1401 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761b1419 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761b1431 2 bytes [1B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761b14dd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761b14f5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761b150d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761b1525 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761b153d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761b1555 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761b156d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761b1585 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761b159d 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761b15b5 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761b15cd 2 bytes [1B, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761b16b2 2 bytes [1B, 76]

    ---- Devices - GMER 2.0 ----

    Device \FileSystem\Ntfs \Ntfs fffffa80076282c0
    Device \Driver\USBSTOR \Device\0000007e fffffa800a9f02c0
    Device \Driver\usbehci \Device\USBPDO-1 fffffa800a2bb2c0
    Device \Driver\cdrom \Device\CdRom0 fffffa8009ebc2c0
    Device \Driver\USBSTOR \Device\0000007b fffffa800a9f02c0
    Device \Driver\usbehci \Device\USBFDO-0 fffffa800a2bb2c0
    Device \Driver\USBSTOR \Device\0000007c fffffa800a9f02c0
    Device \Driver\usbehci \Device\USBFDO-1 fffffa800a2bb2c0
    Device \Driver\USBSTOR \Device\0000007d fffffa800a9f02c0
    Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800a0872c0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{4AAB77ED-6482-46FB-AFBE-5DB0DE78E73B} fffffa800a0872c0
    Device \Driver\usbehci \Device\USBPDO-0 fffffa800a2bb2c0

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3760] 0000000069746f0a
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3836] 0000000069e79b9b
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3132] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4020] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3752] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:896] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:1004] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:1016] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:716] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3556] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3244] 0000000076fd2e25
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4940] 00000000735827e1
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4960] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4584] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4744] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4748] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4356] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4420] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3740] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4592] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3408] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4688] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:2804] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4040] 0000000072e827c1
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3520] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:5224] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:808] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:5616] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:3036] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:5292] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:5132] 0000000076fd3e45
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:4740] 0000000073a2c724
    Thread C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3696:6036] 0000000072b262ee
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3852:5360] 000007fefb772a7c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:2932] 000007feef39cc10
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:5004] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:3624] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4284] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4368] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4444] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4676] 000007feef36f718
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:3956] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:1588] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:5016] 000007feef25143c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4876] 000007feef896050
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:5896] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:4320] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840:3232] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5464] 000007feef39cc10
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5472] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5636] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5536] 000007feef36f718
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5208] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5388] 000007feef896050
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5440] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5784] 000007fefb772a7c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5720] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5708] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5576] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5220] 000007feef25143c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5256] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:3924] 0000000060c96c88
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:3568] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5128] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5196] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:4912] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:5632] 000007feef25b564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856:2252] 000007fefe970168
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3852] 000007fee7a90000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4840] 000007fef5970000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [856] 000007fefe950000
    Library ? (*** suspicious ***) @ C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5996] 000007feeca70000
    Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [4000] 000007fefbc80000

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x96 0x14 0xD6 0x61 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\1[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xB1 0x76 0xE3 0xE2 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x2F 0x47 0x1E 0x3A ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x09 0x4E 0x37 0x76 ...

    ---- EOF - GMER 2.0 ----
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  5. XmarinusX

    XmarinusX Thread Starter

    Joined:
    Jan 4, 2013
    Messages:
    10
    Thank you so much for helping me! Below you can find the log file. But i want to say something first. Earlier today i shut down my pc. When I came back i saw my pc wasn't shut down so I turned on my monitor and saw a BlueScreen with code: "0x0000009F".

    Log file: (It may include some Dutch words, sorry for that)
    ComboFix 13-01-05.01 - Marijn 05-01-2013 19:03:51.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.8183.6483 [GMT 1:00]
    Gestart vanuit: c:\users\Marijn\Desktop\blabla.exe
    AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\7Loader.TAG
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-12-05 to 2013-01-05 ))))))))))))))))))))))))))))))
    .
    .
    2013-01-05 18:09 . 2013-01-05 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-05 18:05 . 2013-01-05 18:05 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8AEC997-BC4B-4D3F-8B8C-3F18B6D507C6}\offreg.dll
    2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\users\Marijn\AppData\Roaming\Malwarebytes
    2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-05 00:09 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-04 23:13 . 2013-01-04 23:13 -------- d-----w- c:\users\Marijn\AppData\Local\ESET
    2013-01-04 20:31 . 2013-01-04 20:31 -------- d-----w- c:\users\Marijn\AppData\Local\Colin_Vella
    2013-01-04 20:31 . 2013-01-04 20:31 -------- d-----w- c:\program files (x86)\tIDE
    2013-01-04 11:48 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8AEC997-BC4B-4D3F-8B8C-3F18B6D507C6}\mpengine.dll
    2012-12-30 19:17 . 2012-12-30 19:17 -------- d-----w- c:\users\Marijn\AppData\Local\Flash Builder
    2012-12-27 21:22 . 2012-12-27 21:22 -------- d-----w- c:\program files (x86)\Lame For Audacity
    2012-12-27 21:03 . 2012-12-27 22:36 -------- d-----w- c:\users\Marijn\AppData\Roaming\Audacity
    2012-12-27 21:02 . 2012-12-27 21:02 -------- d-----w- c:\program files (x86)\Audacity
    2012-12-26 21:54 . 2010-02-04 09:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
    2012-12-26 21:54 . 2010-02-04 09:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
    2012-12-26 21:54 . 2010-02-04 09:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
    2012-12-26 21:54 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
    2012-12-26 21:54 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
    2012-12-26 21:53 . 2012-12-26 21:53 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2012-12-26 12:11 . 2012-12-26 12:11 -------- d-----w- c:\program files (x86)\Tiled
    2012-12-25 14:33 . 2012-12-25 14:33 -------- d-----w- c:\users\Marijn\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-12-25 13:17 . 2012-12-25 13:17 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
    2012-12-25 13:17 . 2012-12-25 13:17 -------- d-----w- c:\program files (x86)\SourceTec
    2012-12-25 12:45 . 2012-12-25 12:45 -------- d-----w- c:\users\Marijn\AppData\Local\Macromedia
    2012-12-25 12:45 . 2012-12-25 13:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-25 12:45 . 2012-12-25 13:20 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-25 12:30 . 2012-12-25 12:30 -------- d-----w- c:\users\Marijn\AppData\Local\Mozilla
    2012-12-25 12:29 . 2012-12-25 12:29 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2012-12-21 21:13 . 2012-12-21 21:13 -------- d-----w- c:\program files (x86)\WinSCP
    2012-12-21 13:05 . 2012-12-21 13:05 -------- d-----w- c:\windows\system32\Macromed
    2012-12-21 13:05 . 2012-12-21 13:05 -------- d-----w- c:\programdata\ALM
    2012-12-21 12:58 . 2012-12-21 12:58 -------- d-----w- c:\users\Marijn\Adobe Flash Builder 4.6
    2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
    2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
    2012-12-21 12:47 . 2011-11-03 02:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
    2012-12-21 12:47 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2012-12-21 12:47 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\My Company Name
    2012-12-21 12:42 . 2012-12-27 20:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2012-12-21 12:39 . 2012-12-21 12:39 -------- d-----w- c:\windows\SysWow64\Macromed
    2012-12-21 08:49 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 08:49 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-21 08:49 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 08:49 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 15:26 . 2013-01-04 20:30 -------- d-----w- c:\users\Marijn\AppData\Roaming\Apple Computer
    2012-12-16 15:26 . 2012-12-16 15:26 -------- d-----w- c:\users\Marijn\AppData\Local\Apple Computer
    2012-12-16 15:23 . 2012-12-16 15:24 -------- d-----w- c:\programdata\Apple
    2012-12-14 22:42 . 2012-12-21 13:13 -------- d-----w- c:\program files\Adobe
    2012-12-12 16:31 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-12-12 16:31 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-12-12 13:55 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-12 13:55 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-12-12 13:54 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2012-12-12 13:54 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
    2012-12-12 13:54 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-12-12 13:54 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
    2012-12-12 13:54 . 2012-10-04 15:21 338432 ----a-w- c:\windows\system32\conhost.exe
    2012-12-07 20:01 . 2013-01-05 01:00 -------- d-----w- c:\users\Marijn\AppData\Local\Adobe
    2012-12-07 20:00 . 2012-12-07 20:00 -------- d-----w- c:\programdata\McAfee
    2012-12-07 20:00 . 2012-12-21 13:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 16:33 . 2012-11-04 16:36 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-11-24 18:24 . 2012-11-24 18:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-24 18:24 . 2012-11-24 18:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-11-24 18:24 . 2012-11-24 18:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-21 15:21 . 2012-10-27 22:13 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-11-15 20:58 . 2012-11-15 20:59 407047 ----a-w- c:\windows\SysWow64\mioengine.exe
    2012-11-04 19:15 . 2012-11-04 19:16 8192 ----a-w- c:\windows\SysWow64\srvany.exe
    2012-11-04 16:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-11-04 16:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-10-28 21:39 . 2012-10-28 21:39 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-10-28 21:39 . 2012-10-28 21:39 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-10-28 21:39 . 2012-10-28 21:39 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-10-28 21:39 . 2012-10-28 21:39 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-10-28 21:39 . 2012-10-28 21:39 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-10-28 21:39 . 2012-10-28 21:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-10-28 21:39 . 2012-10-28 21:39 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-10-28 21:39 . 2012-10-28 21:39 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-10-28 21:39 . 2012-10-28 21:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-10-28 21:39 . 2012-10-28 21:39 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-10-28 21:39 . 2012-10-28 21:39 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-10-28 21:39 . 2012-10-28 21:39 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-10-28 21:39 . 2012-10-28 21:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-10-28 21:39 . 2012-10-28 21:39 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-10-28 21:39 . 2012-10-28 21:39 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-10-28 21:39 . 2012-10-28 21:39 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-10-28 21:39 . 2012-10-28 21:39 65024 ----a-w- c:\windows\system32\pngfilt.dll
    2012-10-28 21:39 . 2012-10-28 21:39 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-10-28 21:39 . 2012-10-28 21:39 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-10-28 21:39 . 2012-10-28 21:39 267776 ----a-w- c:\windows\system32\ieaksie.dll
    2012-10-28 21:39 . 2012-10-28 21:39 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-10-28 21:39 . 2012-10-28 21:39 197120 ----a-w- c:\windows\system32\msrating.dll
    2012-10-28 21:39 . 2012-10-28 21:39 163840 ----a-w- c:\windows\system32\ieakui.dll
    2012-10-28 21:39 . 2012-10-28 21:39 149504 ----a-w- c:\windows\system32\occache.dll
    2012-10-28 21:39 . 2012-10-28 21:39 145920 ----a-w- c:\windows\system32\iepeers.dll
    2012-10-28 21:39 . 2012-10-28 21:39 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-10-28 21:39 . 2012-10-28 21:39 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-10-28 21:39 . 2012-10-28 21:39 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-10-28 21:39 . 2012-10-28 21:39 10752 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-10-28 21:39 . 2012-10-28 21:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-10-28 21:39 . 2012-10-28 21:39 89088 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-10-28 21:39 . 2012-10-28 21:39 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-10-28 21:39 . 2012-10-28 21:39 82432 ----a-w- c:\windows\system32\icardie.dll
    2012-10-28 21:39 . 2012-10-28 21:39 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-10-28 21:39 . 2012-10-28 21:39 534528 ----a-w- c:\windows\system32\ieapfltr.dll
    2012-10-28 21:39 . 2012-10-28 21:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-10-28 21:39 . 2012-10-28 21:39 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2012-10-28 21:39 . 2012-10-28 21:39 448512 ----a-w- c:\windows\system32\html.iec
    2012-10-28 21:39 . 2012-10-28 21:39 403248 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-10-28 21:39 . 2012-10-28 21:39 39936 ----a-w- c:\windows\system32\iernonce.dll
    2012-10-28 21:39 . 2012-10-28 21:39 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
    2012-10-28 21:39 . 2012-10-28 21:39 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-10-28 21:39 . 2012-10-28 21:39 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2012-10-28 21:39 . 2012-10-28 21:39 249344 ----a-w- c:\windows\system32\webcheck.dll
    2012-10-28 21:39 . 2012-10-28 21:39 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-10-28 21:39 . 2012-10-28 21:39 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-10-28 21:39 . 2012-10-28 21:39 160256 ----a-w- c:\windows\system32\ieakeng.dll
    2012-10-28 21:39 . 2012-10-28 21:39 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-10-28 21:39 . 2012-10-28 21:39 103936 ----a-w- c:\windows\system32\inseng.dll
    2012-10-27 19:34 . 2012-10-27 19:34 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-10-27 19:34 . 2012-10-27 19:34 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-10-27 19:34 . 2012-10-27 19:34 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-10-27 19:34 . 2012-10-27 19:34 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-27 19:34 . 2012-10-27 19:34 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-27 19:34 . 2012-10-27 19:34 188904 ----a-w- c:\windows\system32\java.exe
    2012-10-16 08:38 . 2012-11-28 13:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 13:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 13:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-09 18:17 . 2012-11-14 14:31 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-14 14:31 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-14 14:31 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-14 14:31 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-27 3093624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-08 336384]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-12-20 113288]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "ThrustTSR"="c:\program files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe" [2003-04-10 217088]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
    .
    c:\users\Marijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2012-11-24 388576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
    R3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\DRIVERS\imhidusb.sys [2007-04-19 23040]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
    R3 SaiHFF04;SaiHFF04;c:\windows\system32\DRIVERS\SaiHFF04.sys [2007-05-01 171144]
    R3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\DRIVERS\SaiIFF04.sys [2007-05-01 20608]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-28 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-09-17 14544]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-20 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-20 181248]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-01-05 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS\AutoKMS.exe [2012-11-04 19:17]
    .
    2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27 17:59]
    .
    2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27 17:59]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2865317
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    TCP: DhcpNameServer = 192.168.2.254
    FF - ProfilePath - c:\users\Marijn\AppData\Roaming\Mozilla\Firefox\Profiles\x1o40a1o.default\
    FF - ExtSQL: 2012-12-21 13:52; [email protected]otcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2013-01-05 19:11:42
    ComboFix-quarantined-files.txt 2013-01-05 18:11
    .
    Pre-Run: 537.814.921.216 bytes free
    Post-Run: 538.498.772.992 bytes free
    .
    - - End Of File - - 7A140D4C1B55604CD24A7C00A43825DA
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    why are you running an activation crack for Microsoft office
    the only reason for that , is if you have a pirated version of office


    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.
     
  7. XmarinusX

    XmarinusX Thread Starter

    Joined:
    Jan 4, 2013
    Messages:
    10
    I don't know why you want to see this information, but here it is:
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
    Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
    Windows Product ID: 00426-OEM-8992662-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {4BC577ED-8032-4695-928B-5314BF824B0C}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{4BC577ED-8032-4695-928B-5314BF824B0C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3857263191-3000258016-3534045705</SID><SYSTEM><Manufacturer>MEDIONPC</Manufacturer><Model>MS-7708</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>A7708MLN.105</Version><SMBIOSVersion major="2" minor="6"/><Date>20100921000000.000000+000</Date></BIOS><HWID>3C3B3807018400FC</HWID><UserLCID>0413</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600006-02-1043-7600.0000-3012012
    Installation ID: 008745665462446854407490535301419931757671612992133324
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: HYRR2
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 6-1-2013 12:21:01

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 10:29:2012 18:07
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LAAAAAEAAQABAAEAAAACAAAAAQABAAEAln0moT7fXihs1KSRYj1Y/BKrXF0=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC 092110 APIC0922
    FACP 092110 FACP0922
    HPET 092110 OEMHPET
    MCFG 092110 OEMMCFG
    SLIC _ASUS_ Notebook
    OEMB 092110 OEMB0922
    GSCI 092110 GMCHSCI
    SSDT DpgPmm CpuPm
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    I asked because you have an illegal crack that activates a pirated version of Microsoft office and want to check if you have a knowingly illegal version of windows as well

    Did you install the crack yourself.
    we will remove the crack & you will have to buy a legal version of office to get it working on your computer. I am surprised the antivirus didn't warn about it. Nod normally does on this one

    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
     

    Attached Files:

  9. XmarinusX

    XmarinusX Thread Starter

    Joined:
    Jan 4, 2013
    Messages:
    10
    Actually my virus scanner did report this. But I didn't saw it untill the scan where the trojan in was, so I gave the trojan a higher priority. I didn't know the AutoKMS was from the crack for Microsoft Office, and I apologize for using a pirated version of Microsoft Office. I'm only 14 years old and coudn't afford a legal version of it. But it should be removed now. Was this an actual virus or wasn't it able to take any damage to my system?

    Here is the log:

    ComboFix 13-01-05.01 - Marijn 06-01-2013 23:21:20.2.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.8183.6117 [GMT 1:00]
    Gestart vanuit: c:\users\Marijn\Desktop\blabla.exe
    gebruikte Opdracht switches :: c:\users\Marijn\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    FILE ::
    "c:\windows\Tasks\AutoKMS.job"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\AutoKMS
    c:\windows\AutoKMS\AutoKMS.exe
    c:\windows\AutoKMS\AutoKMS.ini
    c:\windows\AutoKMS\AutoKMS.log
    c:\windows\Tasks\AutoKMS.job
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_KMService
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))
    .
    .
    2013-01-06 22:28 . 2013-01-06 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-06 11:21 . 2013-01-06 11:21 -------- d-----w- C:\MGADiagToolOutput
    2013-01-06 11:20 . 2013-01-06 11:20 -------- d-----w- c:\programdata\Office Genuine Advantage
    2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\users\Marijn\AppData\Roaming\Malwarebytes
    2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-05 00:09 . 2013-01-05 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-05 00:09 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-04 23:13 . 2013-01-04 23:13 -------- d-----w- c:\users\Marijn\AppData\Local\ESET
    2013-01-04 20:31 . 2013-01-04 20:31 -------- d-----w- c:\users\Marijn\AppData\Local\Colin_Vella
    2013-01-04 20:31 . 2013-01-04 20:31 -------- d-----w- c:\program files (x86)\tIDE
    2013-01-04 11:48 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8AEC997-BC4B-4D3F-8B8C-3F18B6D507C6}\mpengine.dll
    2012-12-30 19:17 . 2012-12-30 19:17 -------- d-----w- c:\users\Marijn\AppData\Local\Flash Builder
    2012-12-27 21:22 . 2012-12-27 21:22 -------- d-----w- c:\program files (x86)\Lame For Audacity
    2012-12-27 21:03 . 2012-12-27 22:36 -------- d-----w- c:\users\Marijn\AppData\Roaming\Audacity
    2012-12-27 21:02 . 2012-12-27 21:02 -------- d-----w- c:\program files (x86)\Audacity
    2012-12-26 21:54 . 2010-02-04 09:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
    2012-12-26 21:54 . 2010-02-04 09:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
    2012-12-26 21:54 . 2010-02-04 09:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
    2012-12-26 21:54 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
    2012-12-26 21:54 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
    2012-12-26 21:53 . 2012-12-26 21:53 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2012-12-26 12:11 . 2012-12-26 12:11 -------- d-----w- c:\program files (x86)\Tiled
    2012-12-25 14:33 . 2012-12-25 14:33 -------- d-----w- c:\users\Marijn\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-12-25 13:17 . 2012-12-25 13:17 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
    2012-12-25 13:17 . 2012-12-25 13:17 -------- d-----w- c:\program files (x86)\SourceTec
    2012-12-25 12:45 . 2012-12-25 12:45 -------- d-----w- c:\users\Marijn\AppData\Local\Macromedia
    2012-12-25 12:45 . 2012-12-25 13:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-25 12:45 . 2012-12-25 13:20 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-25 12:30 . 2012-12-25 12:30 -------- d-----w- c:\users\Marijn\AppData\Local\Mozilla
    2012-12-25 12:29 . 2012-12-25 12:29 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2012-12-21 21:13 . 2012-12-21 21:13 -------- d-----w- c:\program files (x86)\WinSCP
    2012-12-21 13:05 . 2012-12-21 13:05 -------- d-----w- c:\windows\system32\Macromed
    2012-12-21 13:05 . 2012-12-21 13:05 -------- d-----w- c:\programdata\ALM
    2012-12-21 12:58 . 2012-12-21 12:58 -------- d-----w- c:\users\Marijn\Adobe Flash Builder 4.6
    2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
    2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
    2012-12-21 12:47 . 2011-11-03 02:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
    2012-12-21 12:47 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2012-12-21 12:47 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\program files (x86)\My Company Name
    2012-12-21 12:42 . 2012-12-27 20:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2012-12-21 12:39 . 2012-12-21 12:39 -------- d-----w- c:\windows\SysWow64\Macromed
    2012-12-21 08:49 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 08:49 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-21 08:49 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 08:49 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 15:26 . 2013-01-04 20:30 -------- d-----w- c:\users\Marijn\AppData\Roaming\Apple Computer
    2012-12-16 15:26 . 2012-12-16 15:26 -------- d-----w- c:\users\Marijn\AppData\Local\Apple Computer
    2012-12-16 15:23 . 2012-12-16 15:24 -------- d-----w- c:\programdata\Apple
    2012-12-14 22:42 . 2012-12-21 13:13 -------- d-----w- c:\program files\Adobe
    2012-12-12 16:31 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-12-12 16:31 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-12-12 13:55 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-12 13:55 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-12-12 13:54 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2012-12-12 13:54 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
    2012-12-12 13:54 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-12-12 13:54 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
    2012-12-12 13:54 . 2012-10-04 15:21 338432 ----a-w- c:\windows\system32\conhost.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 16:33 . 2012-11-04 16:36 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-11-24 18:24 . 2012-11-24 18:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-24 18:24 . 2012-11-24 18:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-11-24 18:24 . 2012-11-24 18:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-21 15:21 . 2012-10-27 22:13 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-11-15 20:58 . 2012-11-15 20:59 407047 ----a-w- c:\windows\SysWow64\mioengine.exe
    2012-11-04 19:15 . 2012-11-04 19:16 8192 ----a-w- c:\windows\SysWow64\srvany.exe
    2012-11-04 16:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-11-04 16:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-10-28 21:39 . 2012-10-28 21:39 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-10-28 21:39 . 2012-10-28 21:39 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-10-28 21:39 . 2012-10-28 21:39 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-10-28 21:39 . 2012-10-28 21:39 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-10-28 21:39 . 2012-10-28 21:39 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-10-28 21:39 . 2012-10-28 21:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-10-28 21:39 . 2012-10-28 21:39 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-10-28 21:39 . 2012-10-28 21:39 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-10-28 21:39 . 2012-10-28 21:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-10-28 21:39 . 2012-10-28 21:39 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-10-28 21:39 . 2012-10-28 21:39 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-10-28 21:39 . 2012-10-28 21:39 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-10-28 21:39 . 2012-10-28 21:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-10-28 21:39 . 2012-10-28 21:39 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-10-28 21:39 . 2012-10-28 21:39 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-10-28 21:39 . 2012-10-28 21:39 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-10-28 21:39 . 2012-10-28 21:39 65024 ----a-w- c:\windows\system32\pngfilt.dll
    2012-10-28 21:39 . 2012-10-28 21:39 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-10-28 21:39 . 2012-10-28 21:39 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-10-28 21:39 . 2012-10-28 21:39 267776 ----a-w- c:\windows\system32\ieaksie.dll
    2012-10-28 21:39 . 2012-10-28 21:39 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-10-28 21:39 . 2012-10-28 21:39 197120 ----a-w- c:\windows\system32\msrating.dll
    2012-10-28 21:39 . 2012-10-28 21:39 163840 ----a-w- c:\windows\system32\ieakui.dll
    2012-10-28 21:39 . 2012-10-28 21:39 149504 ----a-w- c:\windows\system32\occache.dll
    2012-10-28 21:39 . 2012-10-28 21:39 145920 ----a-w- c:\windows\system32\iepeers.dll
    2012-10-28 21:39 . 2012-10-28 21:39 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-10-28 21:39 . 2012-10-28 21:39 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-10-28 21:39 . 2012-10-28 21:39 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-10-28 21:39 . 2012-10-28 21:39 10752 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-10-28 21:39 . 2012-10-28 21:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-10-28 21:39 . 2012-10-28 21:39 89088 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-10-28 21:39 . 2012-10-28 21:39 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-10-28 21:39 . 2012-10-28 21:39 82432 ----a-w- c:\windows\system32\icardie.dll
    2012-10-28 21:39 . 2012-10-28 21:39 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-10-28 21:39 . 2012-10-28 21:39 534528 ----a-w- c:\windows\system32\ieapfltr.dll
    2012-10-28 21:39 . 2012-10-28 21:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-10-28 21:39 . 2012-10-28 21:39 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2012-10-28 21:39 . 2012-10-28 21:39 448512 ----a-w- c:\windows\system32\html.iec
    2012-10-28 21:39 . 2012-10-28 21:39 403248 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-10-28 21:39 . 2012-10-28 21:39 39936 ----a-w- c:\windows\system32\iernonce.dll
    2012-10-28 21:39 . 2012-10-28 21:39 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
    2012-10-28 21:39 . 2012-10-28 21:39 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-10-28 21:39 . 2012-10-28 21:39 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2012-10-28 21:39 . 2012-10-28 21:39 249344 ----a-w- c:\windows\system32\webcheck.dll
    2012-10-28 21:39 . 2012-10-28 21:39 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-10-28 21:39 . 2012-10-28 21:39 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-10-28 21:39 . 2012-10-28 21:39 160256 ----a-w- c:\windows\system32\ieakeng.dll
    2012-10-28 21:39 . 2012-10-28 21:39 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-10-28 21:39 . 2012-10-28 21:39 103936 ----a-w- c:\windows\system32\inseng.dll
    2012-10-27 19:34 . 2012-10-27 19:34 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-10-27 19:34 . 2012-10-27 19:34 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-10-27 19:34 . 2012-10-27 19:34 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-10-27 19:34 . 2012-10-27 19:34 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-27 19:34 . 2012-10-27 19:34 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-27 19:34 . 2012-10-27 19:34 188904 ----a-w- c:\windows\system32\java.exe
    2012-10-16 08:38 . 2012-11-28 13:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 13:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 13:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-09 18:17 . 2012-11-14 14:31 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-14 14:31 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-14 14:31 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-14 14:31 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files (x86)\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-27 3093624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-08 336384]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-12-20 113288]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "ThrustTSR"="c:\program files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe" [2003-04-10 217088]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
    .
    c:\users\Marijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2012-11-24 388576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
    R3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\DRIVERS\imhidusb.sys [2007-04-19 23040]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
    R3 SaiHFF04;SaiHFF04;c:\windows\system32\DRIVERS\SaiHFF04.sys [2007-05-01 171144]
    R3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\DRIVERS\SaiIFF04.sys [2007-05-01 20608]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-28 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-09-17 14544]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-20 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-20 181248]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27 17:59]
    .
    2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27 17:59]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2865317
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    TCP: DhcpNameServer = 192.168.2.254
    FF - ProfilePath - c:\users\Marijn\AppData\Roaming\Mozilla\Firefox\Profiles\x1o40a1o.default\
    FF - ExtSQL: 2012-12-21 13:52; [email protected]otcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\Internet Explorer\IELowutil.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-01-06 23:35:31 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-01-06 22:35
    ComboFix2.txt 2013-01-05 18:11
    .
    Pre-Run: 538.469.359.616 bytes free
    Post-Run: 538.277.576.704 bytes free
    .
    - - End Of File - - 8BDBAD798897C4DC5E92505CBECFCBA8
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    are you still getting any virus alerts or warning now
    it all looks clear from the logs
     
  11. XmarinusX

    XmarinusX Thread Starter

    Joined:
    Jan 4, 2013
    Messages:
    10
    Thank you so much for all your help! Yesterday I did a quick scan with malwarebytes and nothing was found. Today I'll do a full scan with malwarebytes and with my virus scanner and I'll post if it's all clean.
     
  12. XmarinusX

    XmarinusX Thread Starter

    Joined:
    Jan 4, 2013
    Messages:
    10
    When the scan of malwarebytes was done it reported an other trojan (trojan.swrort) as you can see in the log below. I used malwarebytes to clean it up and did a new scan when it was done. When that scan was done it said that no files where detected. My virus scanner didn't report anything either. Is my pc clean now?

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.06.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Marijn :: MARIJN-MEDION [administrator]

    Protection: Enabled

    7-1-2013 0:22:21
    mbam-log-2013-01-07 (00-22-21).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 541270
    Time elapsed: 1 hour(s), 19 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\dev\progs\Apache\bin\ab.exe (Trojan.Swrort) -> Quarantined and deleted successfully.

    (end)
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    That MBAM detection was almost certainly a false alarm and is a genuine file in that location, albeit not usually needed or run by a user


    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  14. XmarinusX

    XmarinusX Thread Starter

    Joined:
    Jan 4, 2013
    Messages:
    10
    I did everything you said above. But the other programs (HijackThis, dds, GMER and MAGDiag) can I just delete them from my desktop or do I have to use an other way to remove them?
    Another time thanks for all your help!!
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    just delete
    dds, GMER and MAGDiag
    Hijackthis should have an entry in program features ( uninstall programs )
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083829

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice