1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Too many processes and too much physical memory being used

Discussion in 'Virus & Other Malware Removal' started by konsowa, Jul 20, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. konsowa

    konsowa Thread Starter

    Joined:
    Jul 20, 2013
    Messages:
    10
    Hello, lately my computer seems to be getting slower with over 100 processes on avg and about 90% of the memory being used, how can i solve this problem? is this pc infected?


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 3:06:29 AM, on 7/21/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16470)

    FIREFOX: 22.0 (en-US)
    Boot mode: Normal

    Running processes:
    C:\Users\Konsowa\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Users\Konsowa\AppData\Local\Akamai\netsession_win.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\BrowserCompanion\BCHelper.exe
    C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\Razer\Razer Game Booster\gbtray.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Konsowa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Users\Konsowa\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alnaddy.com/?afltid=wbpk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL
    O2 - BHO: Alnaddy.com Helper Object - {55928DD2-8878-4275-AAB3-B3A09A67A1EB} - C:\Program Files (x86)\Alnaddy.com\alnaddyToolbar\1.6.9.16\bh\alnaddyToolbar.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    O3 - Toolbar: Alnaddy.com Toolbar - {CD3AED25-23AB-4543-B915-159449C37197} - C:\Program Files (x86)\Alnaddy.com\alnaddyToolbar\1.6.9.16\alnaddyToolbarTlbr.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Konsowa\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: UltraMon.lnk = ?
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Konsowa\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1CFCBFF4-A3BE-4BCD-B59C-BC570DDDC709}: NameServer = 213.131.65.20 213.131.66.246
    O17 - HKLM\System\CCS\Services\Tcpip\..\{44BAA6BC-7532-4FA6-9738-AB5E49198948}: NameServer = 213.131.65.20 213.131.66.246
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C2FA0FE3-82C5-4AFD-8D28-4B1DF6B14762}: NameServer =
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D99268AF-4CBF-4C65-9C2B-146A58A9BB5C}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
    O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
    O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\users\konsowa\desktop\newfol~1\bin\detour.dll c:\progra~2\browse~2\sprote~1.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: DTSAudioService - DTS - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\filezillaftp\filezillaserver.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
    O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mobinil USB Modem. OUC (Mobinil USB Modem. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobinil USB Modem\UpdateDog\ouc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MySQL - MySQL AB - C:\xampplite\mysql\bin\mysqld.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

    --
    End of file - 15509 bytes
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,877
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  3. konsowa

    konsowa Thread Starter

    Joined:
    Jul 20, 2013
    Messages:
    10
    # AdwCleaner v2.306 - Logfile created 07/21/2013 at 16:05:08
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Konsowa - KONSOWAZ-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Konsowa\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Found : C:\user.js
    File Found : C:\Users\Konsowa\AppData\Local\funmoods-speeddial_sf.crx
    File Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
    File Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
    Folder Found : C:\Program Files (x86)\BrowserCompanion
    Folder Found : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
    Folder Found : C:\Program Files (x86)\Funmoods
    Folder Found : C:\ProgramData\~0
    Folder Found : C:\ProgramData\APN
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\ProgramData\BrouwsEe2save
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrouwsEe2save
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\Konsowa\AppData\Local\APN
    Folder Found : C:\Users\Konsowa\AppData\Local\Babylon
    Folder Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Folder Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Folder Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Found : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Found : C:\Users\Konsowa\AppData\Local\PackageAware
    Folder Found : C:\Users\Konsowa\AppData\LocalLow\bbrs_002.tb
    Folder Found : C:\Users\Konsowa\AppData\Roaming\Babylon
    Folder Found : C:\Users\Konsowa\AppData\Roaming\dvdvideosoftiehelpers
    Folder Found : C:\Users\Konsowa\AppData\Roaming\Funmoods
    Folder Found : C:\Users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
    Folder Found : C:\Users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\r16l93jp.default\extensions\[email protected]
    Folder Found : C:\Users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\r16l93jp.default\jetpack

    ***** [Registry] *****

    Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~2\sprote~1.dll
    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\AppDataLow\SProtector
    Key Found : HKCU\Software\Blabbers
    Key Found : HKCU\Software\BrowserCompanion
    Key Found : HKCU\Software\Funmoods
    Key Found : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Found : HKCU\Software\Headlight
    Key Found : HKCU\Software\IGearSettings
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\Software\BrowserCompanion
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
    Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
    Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
    Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
    Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
    Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
    Key Found : HKLM\Software\InstallCore
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Found : HKLM\Software\SP Global
    Key Found : HKLM\Software\SProtector
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Found : HKLM\SOFTWARE\Tarma Installer
    Key Found : HKU\S-1-5-21-3920387077-942025914-700066375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Registry is clean.

    -\\ Mozilla Firefox v22.0 (en-US)

    File : C:\Users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\r16l93jp.default\prefs.js

    Found : user_pref("aol_toolbar.default.homepage.check", false);
    Found : user_pref("aol_toolbar.default.search.check", false);
    Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Found : user_pref("extensions.515f183f72d12.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && [...]
    Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
    Found : user_pref("extensions.BabylonToolbar_i.hardId", "a8a9fa2c000000000000002586e8aa62");
    Found : user_pref("extensions.BabylonToolbar_i.id", "a8a9fa2c000000000000002586e8aa62");
    Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15450");
    Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
    Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1713:33:11");
    Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Found : user_pref("[email protected]", true);
    Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    Found : user_pref("sweetim.toolbar.searchguard.enable", "");

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Found [l.1] : urls_to_restore_on_startup ={"backup":{"session":{["hxxp://www.google.com","hxxp://searchfunmoods.com/?f=1&a=nv2&cd=2XzuyEtN2Y1L1QzutCyE0D0A0EzyyCzz0CyDtC0F0F0AtB0CtN0D0Tzu0CyEyCtCtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=1263485266&ir=","hxxp://www.alnaddy.com/?afltid=wbpk"]}},"browser":{"clear_data":{"browsing_history":false,"cookies":false,"download_history":false,"form_data":false,"time_period":0},"clear_lso_data_enabled":true,"last_known_google_url":"hxxps://www.google.com.eg/","last_prompted_google_url":"hxxps://www.google.com.eg/","pepper_flash_settings_enabled":true,"window_placement":{"bottom":691,"left":890,"maximized":true,"right":1735,"top":0,"work_area_bottom":1040,"work_area_left":0,"work_area_right":1920,"work_area_top":0}},"cloud_print":{"email":""},"countryid_at_install":21843,"default_apps_install_state":2,"devtools":{"split_location":330},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"last_check":"13013905091192895","next_check":"13013967123880581"},"blacklistupdate":{"lastpingday":"13013938794938299","version":"0.0.0.148"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"last_chrome_version":"26.0.1410.64","settings":{"aakhlmakppmkkmfkoibponkmmpgpmjgl":{"blacklist":true},"aandpgohbohmlknpjbblpmoladhoochg":{"blacklist":true},"aangdcfipmfploijfkoonkajgpdkfmbm":{"blacklist":true},"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"abfclfmhaemoockhhinpplncjehfpdbd":{"blacklist":true},"abidmaanmbfeddegmapgpjhdmgjaloen":{"blacklist":true},"acchaoeabgiclhngknbkegekbfphgndl":{"blacklist":true},"acmpfcamncegnhjdeiodgilikjafcamg":{"blacklist":true},"acomnmbomlajgjbcijkflekoojdfcldj":{"blacklist":true},"aconhjfogglfnkjhkjipaifepjklolog":{"blacklist":true},"aebfkgcamgnimcbnbiopgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"aglmapjbjphdidmnileogpjkgpdoliep":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"agodbcffjkjcnceklapkjfcmkfepmbgm":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"h","creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13009649069582994","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://chrome.google.com/webstore"},"urls":["hxxps://chrome.google.com/webstore"]},"description":"Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Chrome Web Store","permissions":["appNotifications","webstorePrivate","management"],"version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.43\\resources\\web_store","was_installed_by_default":false},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist":true},"aieihijcjcccdiepockaiekhpflicdii":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"ajlkjjdbgcjdiklbcomhnfghjigfccoh":{"blacklist":true},"ajneiojjdhceikkgmhnjhgaacpfhldpi":{"blacklist":true},"akadaakimgegecohlifeejdnnjbnobop":{"blacklist":true},"akbdojiajlefghcdclgkgmbbljamgehd":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"aldalonecchncedclgcndcndgilaclnk":{"blacklist":true},"alfahpoknocfdebmiclonikapcnljlob":{"blacklist":true},"aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":true},"amfgdngndpfldigimkcindjalokfnmem":{"blacklist":true},"amoobcjlpgloocplpikcldcpjjdnoeii":{"blacklist":true},"anmjpohfnlopdfaojooicpemopnliimn":{"blacklist":true},"aofechiiopolnegcjcddgedjabmkemhf":{"blacklist":true},"aojicjocmihiopalnhjikigammkhgckb":{"blacklist":true},"aokenbhllkgpooaacldiamnpmmgkjblo":{"blacklist":true},"apdebchnkegjokdjplmfmepcdgneemhe":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnlabkeipnbbicmcahnamibgb":{"blacklist":true},"bbjciahceamgodcoidkjpchnokgfpphh":{"ack_external":true,"active_permissions":{"api":["cookies","tabs"],"explicit_host":["*://*.facebook.com/*","*://f.funmoods.com/*","*://igor.funmoods.com/*","hxxp://*/*","hxxp://addon.greetingmoods.com/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":false,"install_time":"13009649074226237","location":3,"manifest":{"background":{"page":"background.html"},"browser_action":{"default_icon":"img/16.png","default_popup":"dropdown.html","default_title":"Funmoods"},"content_security_policy":"script-src 'self' hxxps://addon.greetingmoods.com/ hxxps://cdn.montiera.com/ hxxps://ssl.google-analytics.com/ ; object-src 'self' ;","description":"Enhance your facebook chat with smileys, emoticons, winks and much more...","icons":{"128":"img/128.png","16":"img/16.png","32":"img/32.png","48":"img/48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB","manifest_version":2,"name":"Funmoods","permissions":["tabs","cookies","hxxp://*/*","*://*.facebook.com/","hxxp://addon.greetingmoods.com/","*://igor.funmoods.com/*","*://f.funmoods.com/*"],"update_url":"hxxp://funmoods.com/public/download/chrome/update.xml","version":"2.3"},"path":"bbjciahceamgodcoidkjpchnokgfpphh\\2.3_0","state":0,"was_installed_by_default":false},"bccdgfmbcjkfkinkkagaflgdaoaamogo":{"blacklist":true},"bcddmcejgphfgofbpoocakaeapfomlek":{"blacklist":true},"bckhfnghfdponbaldednpnljadgfjecj":{"blacklist":true},"bdgijcibmhjjccgbdohofncdjcophknj":{"blacklist":true},"benclngoadbppljglhphhnfknoppmjoa":{"blacklist":true},"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":true},"bhkdpodceenlocjmmgodpbbpkafkpljc":{"blacklist":true},"bhmahaiplmeodpakkcchmolaihbhkpdl":{"blacklist":true},"biiponhbbifajapmbggbgaepiedinifm":{"blacklist":true},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklist":true},"bioeopenmokdgbekbgpgnacecjmpckbb":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkhafliomebnpccanacmlfaemgfiofko":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"bkplhcigeaiiliajeehehiikokgocbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameigoohecdfl":{"blacklist":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"t","creation_flags":9,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["appNotifications"]},"install_time":"13010341666085883","lastpingday":"13013938795008299","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/?feature=ytca"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","manifest_version":2,"name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.6"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0","state":1,"was_installed_by_default":false},"bmjhmeeepkkbmjdajachipfgihmpokpd":{"blacklist":true},"bndahdijlcnncjbpammoedeapmlobllc":{"blacklist":true},"bnffnggkphadlnoopcoakdnkellnifjp":{"blacklist":true},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"bpfadpmhabiajakhgnaipdplkcjaklnj":{"blacklist":true},"canhmdgddepdjikkjhpmhcfdkkjdbppi":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cbhhdkemlehgodemcigfabmcdnohhhef":{"blacklist":true},"cbjlfaogacjpkplebfbijaakaifoflno":{"blacklist":true},"cconecmbohgadkjghlfbchmjpgbobkaf":{"blacklist":true},"cdogaeccgljmkecjmoedambgiekkllij":{"blacklist":true},"cedclbokcakighlpbnbhfjffdjeihfdp":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cepfogmgfkddnllaopgknbdfkceejmhk":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cfdedhfmaeiheeklgodcmcgfpedooocj":{"blacklist":true},"cfnfobbpdaccoljfahpmfjdmbfmmkeof":{"blacklist":true},"cfogpbanfnocakdckmgafapdlmclpiln":{"blacklist":true},"cgnegjfmdfenjojhjffejinpnpoglmlh":{"blacklist":true},"cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklist":true},"chhniecmnighakmlnhkifeogjddhoajn":{"blacklist":true},"chlplighidmhpgmidehfmjfdlahakjog":{"blacklist":true},"cidnoinjdbalndcidafahfnoeehfblfl":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhpohinffggbphnhoblea":{"blacklist":true},"cjpglkicenollcignonpgiafdgfeehoj":{"ack_external":true,"active_permissions":{"api":["bookmarks","contextMenus","history","management","storage","tabs","topSites","unlimitedStorage","webNavigation"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":false,"install_time":"13013528136513530","location":3,"manifest":{"background":{"page":"background.html","persistent":true},"chrome_url_overrides":{"newtab":"newtab/newtab.html"},"content_security_policy":"script-src 'self' hxxps://ssl.google-analytics.com; object-src 'self'","current_locale":"en_US","default_locale":"en","description":"Newtab Speed Dial by Funmoods","icons":{"128":"assets/128.png","16":"assets/16.png","48":"assets/48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRqN9D2z7WOarG6HPbopiFxzXhGGBycI3jvJwPztlgJ6/vTsLX2SLP1xj54If/v/5F6Nz1WHHhOgTgaQ0xCch4ELAluUDnjx/gjtMi1nlw38O+TWcinxlXVVE4zRtd+p6iMxrrhno7LRykN4iyjqhK2RqYrTHbb1LDj4f4vcY/6wIDAQAB","manifest_version":2,"minimum_chrome_version":"23","name":"Newtab","permissions":["storage","unlimitedStorage","contextMenus","webNavigation","history","bookmarks","tabs","management","topSites","chrome://favicon/","hxxp://*/*","hxxps://*/*"],"update_url":"hxxp://update.speedial.com/addons/funmoods-ch.xml?v=fn-tv8-c3","version":"8.2","web_accessible_resources":["newtab/newtab.html"]},"path":"cjpglkicenollcignonpgiafdgfeehoj\\8.2_0","state":0,"was_installed_by_default":false},"ckckpgefkpjfopjppjfcikppehdhceah":{"blacklist":true},"ckphhghhpjbfddcgkpfbelfeojcciglo":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"clfhanhcjmgjnbpjfopldmnabimhmcmp":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"cmlokmkdolieoaoddlfhaidnlmiadhik":{"blacklist":true},"cmnfphnmpedeolmelllmgkghmjcnlajp":{"blacklist":true},"cnimdnlablahacgompaahbgohcokcclp":{"blacklist":true},"cniodhfhdiidogekcjkplecimemfocpn":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"app_launcher_ordinal":"w","creation_flags":9,"from_bookmark":false,"from_webstore":true,"install_time":"13010341663812883","lastpingday":"13013938795008299","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","manifest_version":2,"name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.20"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0","state":1,"was_installed_by_default":false},"copjbedljgpkaakkmbhgkpoaadeahido":{"blacklist":true},"cpiiakoibaohkfoaijaigdnocfolnmll":{"blacklist":true},"dadcalgappognjbjpalfophhcfakoeac":{"blacklist":true},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbanhghadfmjndnjmmejdgfdmgidlbpm":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dcfefnkefopibnlcjhjcfegckhanekld":{"blacklist":true},"dcpjokbfgfnbaekphjgehhjaokkcifbj":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"deocpjmfifplhepinpkmpinpnbiemfje":{"blacklist":true},"deonbedlmakdddidplniclflladdjoep":{"blacklist":true},"dfafokiagoiocidlpglcanjkcdbdnioi":{"blacklist":true},"dfjhgoeofgmepmcngkhnaiphbhdbonhp":{"blacklist":true},"dfoegfajplmijblljfancdapbdaopebb":{"blacklist":true},"dgaehaeahdegbdlenicbmkbakhdgoeml":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dhclobcklknojliojkkclgjndemadnig":{"blacklist":true},"dhdepfaagokllfmhfbcfmocaeigmoebo":{"blacklist":true},"dhmghpedmigfknfpolfmkihcaeiccjgf":{"blacklist":true},"dibljdngacjhpccjckmlmeklpgjeinjd":{"blacklist":true},"digmihafmlfkgdbjjdgbcojghcgcoeoa":{"blacklist":true},"diinokaoicgobepmadnmedlhdfnpehcj":{"blacklist":true},"dinhjcapnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"djnahdkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true},"djpnjilhooodipllnjedjeiabkboakok":{"blacklist":true},"dkhkecikbdfpoiopnnpoeglbdphgflmf":{"blacklist":true},"dkpdmjefniplpkalcgnainfmmclllpnn":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dlopielgodpjhkbapdlbbicpiefpaack":{"blacklist":true},"dmabikjmolgegjajdhmgpmgffajlmmkb":{"blacklist":true},"dmhgenmamfphbclmhdgmffajkfommkom":{"blacklist":true},"dmhjdbigobajgnfoabodjgmcdgoeoljm":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpaphgcjeeochbiafgbochohgmpcmlbj":{"blacklist":true},"dpcdiabehkofdddfhdmkgkndjilfoppd":{"blacklist":true},"dpfanoongnoofcdhgijjdjmbnfekdejj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"eagmciolnojfofmggkffclbonhleeank":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"ebhdpnhjbfkchfamjcpebpeddhhicnab":{"blacklist":true},"echjhfifjidfhoappglfmoffcpmpkigb":{"blacklist":true},"echngajnlpjeacbanjejlhcajjfoedcc":{"blacklist":true},"ecinfbhalenfhdhnljmkglajfjjfehoj":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"eemcgdkfndhakfknompkggombfjjjeno":{"active_permissions":{"api":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs"],"explicit_host":["chrome://favicon/*","chrome://resources/*"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13009649069581994","location":5,"manifest":{"chrome_url_overrides":{"bookmarks":"main.html"},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","description":"Bookmark Manager","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Bookmark Manager","permissions":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs","chrome://favicon/","chrome://resources/"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.43\\resources\\bookmark_manager","was_installed_by_default":false},"efbeabpbbkahnnjalakldjfhljboclkf":{"blacklist":true},"efcnjdcimjmggfdkahncpoikhehcfgnh":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"efonemhbokfedckpfpohpmcamfihnnlm":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehmjnpjodmgeocfphkjjnheiheehcoid":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"eiflkkehgogioennialfbilppmegcpoa":{"blacklist":true},"eihjeehdobnpkonebmpanonopghepfle":{"blacklist":true},"eijbdinddjecmebnlienfoijpjjobkjh":{"blacklist":true},"einmhcleeonenkkldjlmhhcmgolhblhh":{"blacklist":true},"ejakhnjbomgngodiidgbkapjgbdckhnh":{"blacklist":true},"ejijgghlncnaphklndknkbkclebfboca":{"blacklist":true},"ejlekamipdcfcfpgfepjmklllbpeecaj":{"blacklist":true},"ekikoahmboikmmclhnijlmldpmleahnh":{"blacklist":true},"elcaigjcaijbfpjngaekbblphmfjdhfo":{"blacklist":true},"emcdpbapjmnjgoannclkongdfboaabho":{"blacklist":true},"ennkphjdgehloodpbhlhldgbnhmacadg":{"active_permissions":{"api":["app.currentWindowInternal","app.runtime","app.window"],"explicit_host":["chrome://settings-frame/*"]},"app_launcher_ordinal":"w","creation_flags":1,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":false,"install_time":"13009649069584994","location":5,"manifest":{"app":{"background":{"scripts":["settings_app.js"]}},"description":"Settings","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"settings_app_icon_128.png","16":"settings_app_icon_16.png","32":"settings_app_icon_32.png","48":"settings_app_icon_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB","manifest_version":2,"name":"Settings","permissions":["chrome://settings-frame/"],"version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.43\\resources\\settings_app","running":false,"was_installed_by_default":false},"eofejpelggimkodeojpeojnbijgiglgh":{"blacklist":true},"eopmhecjnginkckggjmhombbopmkjpam":{"blacklist":true},"epbmnbdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fakdahljemjliginkgdehfoocmjgloam":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fbjjhbijaiopkcdolheliknnjlkaekeb":{"blacklist":true},"fbmgoajoadbjhoachcdiplofcblaihdc":{"blacklist":true},"fbmimoidopbghbcmdmpkjaffffmcbmbg":{"blacklist":true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blacklist":true},"fcijaeofmfihkldhkofkjoibdoeoflha":{"blacklist":true},"fclheclkknbgfndeahkfdomollhmfkcn":{"blacklist":true},"febmhchodibcbchcofonaamfglbjhggg":{"blacklist":true},"fekjidlkjnecepnlmdmjohmgpkdlbegi":{"blacklist":true},"ffgfbfakpcnngelphjnppokmoicdollk":{"blacklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{"blacklist":true},"fhpclkemjlhmbfbjakbmdjihocinkmim":{"blacklist":true},"fiapkdjniadkodmdibdnchoifkpfoiid":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpmifhbkiinp":{"blacklist":true},"fiiblakkkkgeljngobmpeljjapemenhi":{"blacklist":true},"fjhfnfakmfcejgmfkmnapemgblmehppf":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"fjpofaghniailakahnhkjjfbfonpfglo":{"blacklist":true},"flalbhkmnijcnpialgakicllnabckmhi":{"blacklist":true},"fleljamdchegbjeiipbnmiebnhgheeld":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fngolbdmkneakeaoiieafkilnogbocda":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fnihpenllbnplcglabekelhhblcdndbb":{"blacklist":true},"fnkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true},"fnnmbghphdnmmjdapccfobgjemjadeli":{"blacklist":true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blacklist":true},"foenbafkkmajnmfnlcmejonkfaipdmme":{"blacklist":true},"folhciaicehdnoalhbkbgkakfcockopc":{"blacklist":true},"fomljmklmcefndkgpakgifbiiidgbjej":{"blacklist":true},"fommcgokigkhmnhlhlkckfjhefnmfohd":{"blacklist":true},"fopgndklnkecillfbdmfknhmadmenikm":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpbkafpphnhlpakobppekmkebmbhkoco":{"blacklist":true},"fpjdackpllilinpkgmhkpidkanmccblc":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbgkgahg":{"blacklist":true},"fpokembamndopkflopmplkklbdngnknd":{"blacklist":true},"gagalgomhifgcmeciklindhpaihmecgi":{"blacklist":true},"gaicmfjflflabagobdiodejfpjikheeo":{"blacklist":true},"gandihaiobadcggbfkhpbkocmiemjlnf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"gchbiabnbdikkgfhnkclecjncojnkmhb":{"blacklist":true},"gdggdkkjecogagaffaemnbfmllcoihjp":{"blacklist":true},"gdlgbpbmiiagaikjbednkikinokbkbcb":{"blacklist":true},"geggofhlfbcmanadhknllmlajiafopoh":{"blacklist":true},"gekkhpjigmckhgmgngadbeknekgpgolb":{"blacklist":true},"gfjfhihpkmehdmblhfaikkipeplpdcla":{"blacklist":true},"gfmmoiakbmdohkgeoekiokjgljcminig":{"blacklist":true},"ggkpicnfnljflddbdoeeaajjgepapcbf":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gjmhdmobkhfhkpfmfegnkkimlamjdldi":{"blacklist":true},"gkcfodgjdcijjlliehfhgohlkemcbobl":{"blacklist":true},"gkhbgnodbilglgholifcjdblbgdaieah":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm":{"blacklist":true},"gklphmokmaaepjgandocpneomjlidjag":{"blacklist":true},"glhhlafadlhkgbklgbjnmblfhnkfknbm":{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhcjeb":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngfmjidncdccdlfjcjbnngeaaclfgpl":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"goedioiidkokkbobdnopnlnaaalniegm":{"blacklist":true},"gomkbnfeifchddfokcicibjnlgbolhol":{"blacklist":true},"gompblemgafijijmlgbaepcijfgfgljf":{"blacklist":true},"gpdcodmabpgmncbkhpipakhehepmpopk":{"blacklist":true},"gpgehbjbkfhngdlfpfeokjgbkmmokjhe":{"blacklist":true},"gplgjmecjpbfcdikpbicknafcnfcidek":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hbdhabpmbbanaopgkbaondabkkepjfaf":{"blacklist":true},"hbmlheccjkodhfejcmblndjodllmnlnl":{"blacklist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true},"hdijkiondgomjpehfhopomicjbiodmcm":{"blacklist":true},"hdnbmmfjbblajkjkcaeofolgfnljpnim":{"blacklist":true},"hecijapnccjhonbmacmkmffooodfokoo":{"blacklist":true},"hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true},"hfcgbiofoebieldldghfocjfnnajmpej":{"blacklist":true},"hfjpjodbolkmheaehcnmfhjakjileoof":{"blacklist":true},"hfpfbhnmbbigpmoodjemilggabklpopj":{"blacklist":true},"hgbaomphocgmdpmiohjclchaaljpaelp":{"blacklist":true},"hgboiaecclcbjphldpbgfgggcbihmnai":{"blacklist":true},"hgjgaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true},"hhbihfbjoifhhebcnchglobmkmapgjkm":{"blacklist":true},"hhfffemhgkginfafaoapljdllodppana":{"blacklist":true},"hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist":true},"hhjmkijkgojfifipdgmiemghfikbohcm":{"blacklist":true},"hhlgbfcfbkhlmajakkcjippgpcmejkko":{"blacklist":true},"hhommgjjeekpmpcbdmfnhpchijdkgaei":{"blacklist":true},"hilncbjbdpnfepdidfchmdclhpnlegpj":{"blacklist":true},"himgjpdejpikenoibmolgmfblolpahno":{"blacklist":true},"hjkhligcnpfjhjlapmejaiaiigibofif":{"blacklist":true},"hjnigaibahdeadcdnpnommdehajodlhc":{"blacklist":true},"hkbgccpdcpbdckohbknjlamamelcnlki":{"blacklist":true},"hkjcejgfmaanpncnpoidgbhoikcaeepd":{"blacklist":true},"hkjfdgjkgpbbdmadbglcgljjjddkcdha":{"blacklist":true},"hmmoglffhpmacaacfbbmbbkcbdkjphnc":{"blacklist":true},"hnbcdmfeoldeppcbnnjmjkdofohaljbn":{"blacklist":true},"hncomkjbbkchfjelocejkbbflmjhlhfp":{"blacklist":true},"hnipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true},"hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist":true},"hnnebfeppcbhhbhiifeaajgcjnkljlld":{"blacklist":true},"hnonhhpgjnjcjfbkjdpfbkfpaodcmncb":{"blacklist":true},"hnpgphegniamplngojaffllhjahkgbfl":{"blacklist":true},"hpcdoodjfcmpcpkeendjnjkeinimhkih":{"blacklist":true},"hphibigbodkkohoglgfkddblldpfohjl":{"blacklist":true},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true},"iablioliielnhdianpbiijaoncbmfend":{"blacklist":true},"ibnhidklhjoopebonemhliklfbhndjjd":{"blacklist":true},"iccblehkchfmjgfafjcpjlkjcponhdhl":{"blacklist":true},"icihfeaofpcfehanhbnjigdlpfahjlee":{"blacklist":true},"idbdlnkdnaodonmgnimcfelpngbmcpjk":{"blacklist":true},"iedogbkombgmapifenoojnmpcnjighfm":{"blacklist":true},"iemfpgbdjfoihicbocpbjppipdbfimeh":{"blacklist":true},"ifbkndkaolfbjjhnnhfmkbkoclpdkpli":{"blacklist":true},"ifeijfpkjckedpclgncedmgdiaoeahmk":{"blacklist":true},"igaajdmlejbjcbmpmnigopikfdaccdcm":{"blacklist":true},"igbaoknfddliiaoimhehfbkfekpmmfll":{"blacklist":true},"igghanohiioehififjoalfkdoicafjof":{"blacklist":true},"iggjepemmdkieakihpomccndhdfcljdp":{"blacklist":true},"igjhgaoajaccjllfkfffboldnmncmhoh":{"blacklist":true},"igkdgkdiiolilocklmiolkpoohacojop":{"blacklist":true},"ihnembcpodnfgkafmiojebccomjekopm":{"blacklist":true},"iiiinekimabooeihccihfopoadcaaphn":{"blacklist":true},"iijdejcjlbgbpkdjanfjanndnffpkfdl":{"ack_external":true,"active_permissions":{"api":["notifications","plugin","tabs"],"explicit_host":["hxxp://*/*"],"scriptable_host":["file:///*","hxxp://*/*","hxxps://*/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":false,"install_time":"13009658159178652","lastpingday":"13013938795008299","location":3,"manifest":{"background_page":"bg.html","content_scripts":[{"all_frames":true,"js":["json2.min.js","ct.js","appCntrl.js"],"matches":["hxxp://*/*","hxxps://*/*","file:///*"]}],"description":"Alnaddy Chrome Toolbar","icons":{"128":"logo.png","48":"logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkKub7xEwZ0oIehWUztF+thfTAze3qNtrM3RTu7uUSr6qi9aQ28ji+03E29pXu7Nkh2OEvZ1xNEeEr2H9hp9R5TI+stpoZVPeQvXEF9oA3SmWB2Y/wsMG0qxwrYM/hyOvI3DrAVPKQC61i8zgjJDBRqjQOTl4lKC+i+4O8HG73nwIDAQAB","name":"Alnaddy Chrome Toolbar","permissions":["tabs","hxxp://*/","notifications"],"plugins":[{"path":"ctb.dll","public":true}],"version":"1.0"},"path":"iijdejcjlbgbpkdjanfjanndnffpkfdl\\1.0_0","state":0,"was_installed_by_default":false},"ijecjbcgpblkacpijljpaienknanaloa":{"blacklist":true},"ijenlpgidnapbndonoinbkhekgjonojg":{"blacklist":true},"ijjmbbddenkbenbcfldgghhjgjmcnioo":{"blacklist":true},"ilhjicgcglhjigdehkcehjdokmkahbjl":{"blacklist":true},"iljfgjkppapinhcgonhjnipfppfmfedh":{"blacklist":true},"ilmknaabackgdbnkgbihgpgiopnlkjek":{"blacklist":true},"imfbomjbodpfgfhfahlgkkcllmhbelhk":{"blacklist":true},"imkffpjpdngdkpgadcmnlkhhmhdocijn":{"blacklist":true},"inbhlfpapeikbbgpfionabkigakepbbm":{"blacklist":true},"indfhnliadamglhalanplbajgenpjdml":{"blacklist":true},"iobnpmeeecphddicmhhmdjbnlbdhjlne":{"blacklist":true},"iomejadoamfilglofmeaffghddcgapmf":{"blacklist":true},"jabpdgllijbnknhkgjideeajfofafckp":{"blacklist":true},"jaejgaoiipdjjlbnapngknalafalbkej":{"blacklist":true},"jafnimahlamccccjbkhjjpeiipiedpik":{"blacklist":true},"janhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true},"jaoiiahdoamhobamdkmcmielddmnelko":{"blacklist":true},"jbfebbkjjmkcoldeaeelhpconkmgjhbg":{"blacklist":true},"jbmbiepnidbnhbbfdbgioomdkgnbcacj":{"blacklist":true},"jbnafcjbcfgejacaanogofkkehcomamp":{"blacklist":true},"jcmipejepoimfflnoapdmkdephgjinck":{"blacklist":true},"jddbdddmbfencninofcgnodekclofpaj":{"blacklist":true},"jdiakcmbpmcnniggjcmcjknnklpdlogc":{"blacklist":true},"jeehjhnmgohgpfpjneglogiholalkeip":{"blacklist":true},"jfalnphfjdoalcdhlnhdpekbmmopkgkj":{"blacklist":true},"jfhmafmjfdblceidmfdmoihamolaaeco":{"blacklist":true},"jfjagidcpadkoaonbogmbgfimmnefeie":{"blacklist":true},"jgdkappiifgomhgikcjbanhnmlekpeje":{"blacklist":true},"jgmpapdckakiohhebmeoemejibommimi":{"blacklist":true},"jgoljhcbgajhbhnchplgjdkknendhjnn":{"blacklist":true},"jhhabiomopkibeecgngiggmopkeofacl":{"blacklist":true},"jihmekmccilkocefjpejdebpapohlhjb":{"blacklist":true},"jiiccolbjkhpgockodneljpejdeaaodf":{"blacklist":true},"jindbcpkhnnnjgcjgmkjedbibibiojjf":{"blacklist":true},"jiofcofpcbijcnlpekdkpmgjdppajbjb":{"blacklist":true},"jjahldbngdicbnejidklgkienpkdcpba":{"blacklist":true},"jjhackoobdibnnndjopfjldbjmohkpdk":{"blacklist":true},"jjnkfllhcgkgnfbekpnmoikpfihpjfli":{"blacklist":true},"jkihmglffmfjedfbpbpdbbimcodjbmdh":{"blacklist":true},"jkkfmenldnihjkgnolhlakhaepomhoob":{"blacklist":true},"jkmhalpofmlfeglboejbchpoijnkmcgh":{"blacklist":true},"jljfnkmkkdkppfndippkedacgfkafped":{"blacklist":true},"jmbkhogpjgjpfjhpdikloblkbkljkgao":{"blacklist":true},"jmeanodbelbflfmnkfdjgpikmldgjjko":{"blacklist":true},"jmifipgdcllamghkhdplfjffkciekbgo":{"blacklist":true},"jnehbnhjkefckoljkcmjfgkkeejhipgi":{"blacklist":true},"jokbafidjfknjbchmcakabjgdiiacgek":{"blacklist":true},"jolgdmpdhloiienhblmiimamomhdphlk":{"blacklist":true},"jpehgolpfgnknboibogccapmdcadjkbd":{"blacklist":true},"jpeijjbllejgmokmahkeommcodahoobm":{"blacklist":true},"jpgidahfcgiajlcbleeiaibpmmblcmnb":{"blacklist":true},"jpiedgcdjigcoeagojmlokclbljokpon":{"blacklist":true},"jpkdlckejfjidmplieobnhijmoiecbhl":{"blacklist":true},"kbipembkfhbdmkkkfbigmohilmknjnof":{"blacklist":true},"kbmkecfipofebpaikgifajmahdmadlnb":{"blacklist":true},"kcanfkmhccbaheheaackijegkclkaeic":{"blacklist":true},"kcfnnanmpghdnoompcfclakpacapnfbn":{"blacklist":true},"kcgplbmkmfcpngilmhjmebdgkkpbdemp":{"blacklist":true},"kcmnkpehkjhodoodchlmgnicaifckhdj":{"blacklist":true},"kdchmeaiapjkejkcbeclgjklemecieeg":{"blacklist":true},"kdcnnmifdmlmjffdgeieikcokcogpbej":{"blacklist":true},"kdfahjokahcbmecgaandpobmgiiknagf":{"blacklist":true},"kdicckonacionpoompfoopggkgimjpcb":{"blacklist":true},"kdjhalklkkcmodeicjiaekcgifkcepaf":{"blacklist":true},"kdpcgcpfnkolljkhgdbbgimplfkhakec":{"blacklist":true},"keknhkokjnjhgpcofobpcbelddppeolp":{"blacklist":true},"kelcbonmemlciepjdmfcifnhloeammhj":{"blacklist":true},"kelljdoinjlkmkncffgadbebgpmlcang":{"blacklist":true},"keoimpnicgbcjamfdgpcecihicnbmhej":{"blacklist":true},"kffhenjbibjnbnjhlkcdlmpeccpaohio":{"blacklist":true},"kfodnkhdfdgeaegehjjnkjkieloddelg":{"blacklist":true},"kgbkdabomfdpfoibliicpmibceaoohgh":{"blacklist":true},"kgbmmcjgkkecjcafigegjphkmkdpnggo":{"blacklist":true},"kgdhnhadbnpeibkghaebmhmngobdafag":{"blacklist":true},"kgdkcodealpfjolmiagcogfbgmaamegh":{"blacklist":true},"kgdmldjagfciieddcnlhampgkajkpanc":{"blacklist":true},"khgjomcpjblpoaipanicbfjfgcfbpegp":{"blacklist":true},"kibgmcdcfmcglajcfbecilngejnfppjp":{"blacklist":true},"kiipngoehgkgkackngaidmhmnchfbmio":{"blacklist":true},"kincjchfokkeneeofpeefomkikfkiedl":{"blacklist":true},"kinhljbhjmcmoddhdoodekeklmjapjff":{"blacklist":true},"kkhejjmlcfbcleolhadhekjbcanoopna":{"blacklist":true},"kkhomejdleoonmbdhcigkhkjcghngncf":{"blacklist":true},"kkkeikdkpjenmoiicggnnodbkebafgpc":{"blacklist":true},"kleaapgdkahaekcocmkbgfainbhihccj":{"blacklist":true},"kljhmdlkclaglodecegamnpioaflmage":{"blacklist":true},"kmlebjoghkhpapfhbdikannggmmffnco":{"blacklist":true},"kojkdbedffnppdoalcfkkeelbhbklhgp":{"blacklist":true},"kolbbghckjilleabphhgeggcgpfidofi":{"blacklist":true},"kpbfifeiomkhocgkkffocfinoedcjebg":{"blacklist":true},"laicaenbonaajhkmfhhbpiapobdieffm":{"blacklist":true},"lambangeielkjcnmioccboaphdfcffib":{"blacklist":true},"lbaddolhebpnhdcdkicpcflhnfamcemn":{"blacklist":true},"lbcmmpmjjaockhkcofljpakjcbmjmgla":{"blacklist":true},"lbficnmfealeidppcbgdcbemgfjodbkg":{"blacklist":true},"lcbfjcekjncehfbcimlogajbekmoeblm":{"blacklist":true},"lcccggoiffkhgfkefgbicjdgdnfpoihn":{"blacklist":true},"lceaiepehinnomgijphkmjccbigkljkj":{"blacklist":true},"lcfkojlnjnedeoepfemhdgkhiabkeadc":{"blacklist":true},"lcmpleboacinanffcdgenhhbkboclkjb":{"blacklist":true},"ldgfapfmnplpaohbbadnecegcpfkfall":{"blacklist":true},"ldmoahefokhfelhpbgfjpelcdbahdofk":{"blacklist":true},"leccghfplhenabeogpibljliijgapfgb":{"blacklist":true},"lfechjkgjjijfjoandhakaghdeimjcod":{"blacklist":true},"lfggokjjaanlfikbbapgnfemifmddalf":{"blacklist":true},"lgalokbapphhklmilicdefmgbjkcmldf":{"blacklist":true},"lgcnahanhlfpceencjmlehpfklokhojk":{"blacklist":true},"lhajoamjgchgljkdjigcgmmcehjkagan":{"blacklist":true},"lhgbajoidigcpmgbnnonllfkndhahmie":{"blacklist":true},"lifbcibllhkdhoafpjfnlhfpfgnpldfl":{"ack_external":true,"active_permissions":{"api":["plugin","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["file:///*","hxxp://*/*","hxxps://*/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":false,"install_time":"13013119330572382","lastpingday":"13013938795008299","location":3,"manifest":{"background":{"page":"background.html"},"browser_action":{"default_icon":"skype.png","default_title":"Options"},"content_scripts":[{"all_frames":true,"js":["contentscript.js"],"matches":["hxxp://*/*","file://*/*","hxxps://*/*"],"run_at":"document_end"}],"description":"Skype Click to Call","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMxFysW3wPKWRPPe3xuJQz3m1ZDLX1hN8EYdP37tRPf7lp8vIhG4xirlXHGK748qcLPc4Lm8WsHDhvS5okN54Kwcnw4T2tBXSCZJxMmlu14HZ5yc/t969QLTPLIbAsasq4NVo40YuP2B7umxV9BlcxZEB9TEKPEQq8DRoKhj9jBQIDAQAB","manifest_version":2,"name":"Skype Click to Call","permissions":["tabs","hxxp://*/*","hxxps://*/*"],"plugins":[{"path":"npSkypeChromePlugin.dll","public":true}],"version":"6.8.0.12323","web_accessible_resources":["change_sink.js","contentscript.js","document_iterator.js","find_proxy.js","get_html_text.js","global_constants.js","menu_injection_builder.js","menu_injection_handler.js","name_injection_builder.js","number_injection_builder.js","string_finder.js","flags.gif","numbers_common_active_icon_set.gif","numbers_common_inactive_icon_set.gif","numbers_free_icon_set.gif","skype_name_icon_set.gif","space.gif","call_icon.png","dropdown_menu_icon_set.png","numbers_button_skype_logo.png","skype.png"]},"path":"lifbcibllhkdhoafpjfnlhfpfgnpldfl\\6.8.0.12323_0","state":0,"was_installed_by_default":false},"likifpgnijjfbdegfepoalpamlgnfofi":{"blacklist":true},"liomofjeffddiiccaolcnllbhnipbkhe":{"blacklist":true},"ljcicfibknpmlcmcecddjlbgkejehhpa":{"blacklist":true},"ljeihpebkahejeacdalhkhmckmggppif":{"blacklist":true},"ljlppmpjdogefnanekncklkjgpnhpcpd":{"blacklist":true},"ljmjoloiepllcndinchenhomcdcgbgef":{"blacklist":true},"lkdimamelhbiijkiljlnedmhnnkkmlbl":{"blacklist":true},"lkfdchejjogilmloogbbjlnlpbhgjfab":{"blacklist":true},"lkhcbijhgfchgdmklonlobkfbcadbokg":{"blacklist":true},"lljnngafekbnkpdfophmcdlbfebcbcld":{"blacklist":true},"lmhdacagnmfmomeodbgmlghejdbmldge":{"blacklist":true},"lnahlgmhpghkhmafjppdidhcoaomipfg":{"blacklist":true},"lnbeebaenahmkbffnimghceldeeihfak":{"blacklist":true},"lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true},"lndempehphjoeimfchjflohpmhamiamf":{"blacklist":true},"lnjgjionmhobdfdegbciceafphgemjnc":{"blacklist":true},"lnlaeblencbjjjeaanegaldcjfekeled":{"blacklist":true},"lodollblmkailkkdiijmoccefdfjohgk":{"blacklist":true},"loggadfheaoeabmkgolecncpfdfioefa":{"blacklist":true},"lojppnndedobolgfepahepphhloediji":{"blacklist":true},"loldehkdjdncebfnncknlkdchjclifbn":{"blacklist":true},"lookpbabilcplifjdeifacodednpacmk":{"blacklist":true},"lpgiafapdmlapiokjnmpbbfkomiceoml":{"blacklist":true},"lplmcpcnhpbffpcfiaddbeaplhhbengd":{"blacklist":true},"maakimnachffhlgdhfomaejeeaikgjap":{"blacklist":true},"mafccdbbhekjhemajjejkaidndokeena":{"blacklist":true},"magllcifjcllaafcdplnajmobccbcdlo":{"blacklist":true},"mamfageekafifnickhgkibkofcclfefe":{"blacklist":true},"mandondadnlimicalgkbkaohmeopdojj":{"blacklist":true},"mbifidpgmfiielflaipknojhpfcljmgo":{"blacklist":true},"mbmdaiddhfoljplpdhohimgieioblfif":{"blacklist":true},"mcbkimglepddodbiongpohpeidioafgk":{"blacklist":true},"mcknnlhkkdbcppajgefagceglahcafjd":{"blacklist":true},"mdiehnlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true},"mdngbiejioalifclonjepjjfppmbgned":{"blacklist":true},"megkcfpbmemnpkgadkoompnoajcolpni":{"blacklist":true},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13009649069582994","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://www.google.com/cloudprint"},"urls":["hxxps://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.43\\resources\\cloud_print","was_installed_by_default":false},"mfffdpnblflpobcnekhekiahepofaane":{"blacklist":true},"mfgkkephjfnkggbmahehnjhdcmkioaff":{"blacklist":true},"mfhfkclojmdocagbmecgcnlofppebebd":{"blacklist":true},"mfncimdpmknolnnnccdmkpnpkaofonkc":{"blacklist":true},"mfooalpniplhaaealemjpchkchmmgdko":{"blacklist":true},"mgdgiplcofghdmpekdeeceolepakodcb":{"blacklist":true},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"app_launcher_ordinal":"t","creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13009649069583994","location":5,"manifest":{"app":{"launch":{"web_url":"hxxp://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.43\\resources\\chrome_app","was_installed_by_default":false},"mhbffdldpckobeihgebaamjalehefnia":{"blacklist":true},"mhldlgmggplfkkjgpgjjpebflplpgekg":{"blacklist":true},"mickhiflmjglhpdpfigpkpjiipfdlphj":{"blacklist":true},"mikpklndmiopinkkmalgoophegfnmmfh":{"blacklist":true},"mjalegijammcloleihdmooifidcjggjp":{"blacklist":true},"mjgobkikdipfikmaoakdcdbicpioljgg":{"blacklist":true},"mjhlngjakabhonjagnlimeicooahajpl":{"blacklist":true},"mjolnadmlahbpepjaemohnkhpjkbhmef":{"blacklist":true},"mknjbohhleiicbpagpgmhoaigbblmnic":{"blacklist":true},"mkobblpffgbncfhijabakfafmkjdmmnm":{"blacklist":true},"mlmegahemifabfmdnndafagnncfbnahn":{"blacklist":true},"mlmmbepkgelpbenpobinockmiehdahai":{"blacklist":true},"mlnndjkcclbekgoebkenkdgiggaomaed":{"blacklist":true},"mlnoedbhndgbjcbeadjfnmjloejlgojk":{"blacklist":true},"mmjodihhmnpkldljaifiajmlnpflfhpm":{"blacklist":true},"mndoohjdoechinpkfbkolflbonciahfo":{"blacklist":true},"mnhcgaghminpdabllkbkecahjfkdiabk":{"blacklist":true},"mnichagcickblneeijmfnmoiakigmmhf":{"blacklist":true},"mnllienogacopjnkmhgnniopjpgjpopp":{"blacklist":true},"mogepbcllienegdibkfpmombhefhcoic":{"blacklist":true},"mokdlfbphidpiopnlfejpcmadcbomckn":{"blacklist":true},"mpcglemopeoeapmagdbeenepkdbajape":{"blacklist":true},"mpgehpkneknbopplhmmkfijfiniddipf":{"blacklist":true},"mplhbhmkccidaokcelbcbcmhhedebcng":{"blacklist":true},"mplpabdbfbloeiboikmdbnggfnjbjmlh":{"blacklist":true},"naopgnjebjeeedbbhcadkhkmeefmloho":{"blacklist":true},"nbfcehkihbmpebblmfkihadebllgfmgl":{"blacklist":true},"nbieffehfdniifkgdckbndjhojohbfjj":{"blacklist":true},"nckmikohoilfkcoahbjpbgbpegcjgngm":{"blacklist":true},"ncpdanjmicnihdlijomcggnnekloephc":{"blacklist":true},"ndhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true},"ndibdjnfmopecpmkdieinmbadjfpblof":{"ack_external":true,"active_permissions":{"api":["cookies","management","plugin","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["\u003call_urls\u003e","hxxp://dnt.cloud.avg.com/*","hxxp://dntf.cloud.avg.com/*"],"scriptable_host":["\u003call_urls\u003e","hxxp://toolbar.avg.com/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":false,"install_time":"13013903997317165","lastpingday":"13013938795008299","location":3,"manifest":{"background":{"page":"content/background.html"},"browser_action":{"default_icon":"content/icons/logoAVG.png","default_title":"AVG Do Not Track"},"content_scripts":[{"all_frames":false,"js":["content/js/content.js"],"matches":["\u003call_urls\u003e"],"run_at":"document_end"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"content_security_policy":"script-src 'self' 'unsafe-eval'; object-src 'self'","current_locale":"en_US","default_locale":"en","description":"AVG Security Toolbar","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","manifest_version":2,"name":"AVG Security Toolbar","options_page":"content/options.html","permissions":["\u003call_urls\u003e","tabs","webNavigation","unlimitedStorage","cookies","management","plugin","webRequest","webRequestBlocking","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"15.2.0.5"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\15.2.0.5_0","state":0,"was_installed_by_default":false},"ndiogongcmocdgjciemhagfhpjamehpe":{"blacklist":true},"negkalblfongjbphdcbbhddlickhlamd":{"blacklist":true},"nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist":true},"nfecfkjnlkbphobjbcnphimihniieehc":{"blacklist":true},"nhbfbnmmdjkjahhfdeklgphihfodfgnb":{"blacklist":true},"nhboiakpmibkbkbeehchlfkggmhphpnk":{"blacklist":true},"nhkmojkfnknbbmhbnacjdlodokeophkl":{"blacklist":true},"nhooocacdhkpbmoocdclodjlddcebfoe":{"blacklist":true},"niapdbllcanepiiimjjndipklodoedlc":{"ack_external":true,"ack_prompt_count":1,"active_permissions":{"api":["tabs"],"explicit_host":["\u003call_urls\u003e"],"scriptable_host":["\u003call_urls\u003e"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":false,"install_time":"13009658159218652","location":3,"manifest":{"background":{"page":"background.html"},"content_scripts":[{"js":["yl.js"],"matches":["\u003call_urls\u003e"],"run_at":"document_end"}],"content_security_policy":"script-src 'self' 'unsafe-eval'; object-src 'self'","description":"Add Yontoo to your web experience.","icons":{"48":"y2_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1QuP3Oh7W1BChzJrLJZHGegsCjf+XRykCTm+Dqae3hVTCoz9gkXVN91kDQLmjEjGUZaR74SQsbgV8wI/QhGdcb1m2tw5rAXIcgS8KbanF0a3mDJjlVooxBOkfI0Ae2kQDIwAaTwkKLZjZ+YL6MQUQlsN3KkAW4PRQkmE/+biX6wIDAQAB","manifest_version":2,"name":"Yontoo","permissions":["tabs","\u003call_urls\u003e"],"update_url":"hxxps://download.yontoo.com/chrome-update.xml","version":"1.0.3"},"path":"niapdbllcanepiiimjjndipklodoedlc\\1.0.3_1","state":1,"was_installed_by_default":false},"nibohffepnilngkecenfdgnokfhmnkod":{"blacklist":true},"nidmbljkkcbdfklgdkklgjgmhejmbojn":{"blacklist":true},"nidodbfomffkfabciljelkbdiabkeehe":{"blacklist":true},"nifbebeekindefklojhchehidpikbjfc":{"blacklist":true},"nihhbeikpchdddoillfdcdinnnnllmna":{"blacklist":true},"nikpibnbobmbdbheedjfogjlikpgpnhp":{"ack_external":true,"active_permissions":{"api":["background","contextMenus","plugin","tabs"],"explicit_host":["hxxp://*.youtube.com/*","hxxps://*.youtube.com/*"],"scriptable_host":["hxxp://*.youtube.com/*","hxxps://*.youtube.com/*"]},"creation_flags":1,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":false,"install_time":"13009649074346237","lastpingday":"13013938795008299","location":3,"manifest":{"background":{"page":"background.html"},"content_scripts":[{"css":["dvs_freeyoutubedownload.css"],"js":["dvs_freeyoutubedownload.js"],"matches":["hxxp://*.youtube.com/*","hxxps://*.youtube.com/*"],"run_at":"document_end"}],"content_security_policy":"script-src 'self' hxxps://ssl.google-analytics.com; object-src 'self'","current_locale":"en_US","default_locale":"en","description":"Run DVDVideoSoft Free YouTube Download","icons":{"128":"dvs_logo_128.png","16":"dvs_logo.ico","32":"dvs_logo_32.png","48":"dvs_logo_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaCWFizilBLd9sYTblYhFnaowEtfxkyIRw5PA8K1HhC0IFf5qzC/uzCcFX5SJJV9DtPPBnpdyiOwFhFeBysVN2OB/CfBGxHqeUUpxcBU8fZvYsg30+VK1KOHfycyARvdk9P6AgNvHT2YmgJza0IZBUR1U7idBjBFwNe+AhEHCe5QIDAQAB","manifest_version":2,"name":"DVDVideoSoft Browser Extension","permissions":["tabs","hxxp://*.youtube.com/*","hxxps://*.youtube.com/*","contextMenus","background"],"plugins":[{"path":"np_dvs_plugin.dll"}],"version":"1.0.1.1","web_accessible_resources":["images/YoutubeToMp3.png","images/YoutubeDownloader.png","images/backbar.png","images/download.png","images/headphone.png","fs.png","dvs_freeyoutubedownload.css","dvs_freeyoutubedownload.js","logo.png","errorRunProgramm.html"]},"path":"nikpibnbobmbdbheedjfogjlikpgpnhp\\1.0.1.1_0","state":0,"was_installed_by_default":false},"nlefocohkhlgmjdhgkjgdodobmffjbod":{"blacklist":true},"nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true},"nloaaepkhcnmoakooihnefhhggbmemed":{"blacklist":true},"nmgpbidjnaebdlbdbpjggenmbaolmfoi":{"blacklist":true},"nmmnodocfckpoddcgihiihcdinaonckb":{"blacklist":true},"nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true},"nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist":true},"noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true},"npadaghbcdejfngcjpbnoikajdnongca":{"blacklist":true},"npfpmgjnfcklmaipcffpjhapedmpjggj":{"blacklist":true},"npolaghondefgiomhkbiiompikfjneep":{"blacklist":true},"oafccdmmjdpialdmgenjfhijoondgncj":{"blacklist":true},"oakhllhnbcpgagdafgbninlpjdemdmjk":{"blacklist":true},"oanjogmonneelfpnfmdlalfddkeckdej":{"blacklist":true},"obfnipbbnnhkbafmdbbfpgfgbjmmkgpm":{"blacklist":true},"obgljnmbldahelaakfdbjkplokjoneip":{"blacklist":true},"obhplmafmpmelgapjjbfhcdkicnhakhf":{"blacklist":true},"oblicopoaionpjoapgjmmoncjadpdioh":{"blacklist":true},"ochmdkhojipfibbplgpeeggeimnagcfd":{"blacklist":true},"ocmhjnhildbnglmlfimkjnnfgddelacb":{"blacklist":true},"ocnlnkjmfnolmbclblfhfhcakldceiec":{"blacklist":true},"odeckaficnaplobiiaomegfbokokehhb":{"blacklist":true},"odefpckfdnfkeandbeccopcpncnbkonn":{"blacklist":true},"odnamglmogfldajnhkfodmloofeokcmm":{"blacklist":true},"oebmjchahlpmalnjpeagiibojcbfmema":{"blacklist":true},"oelhhkgiajkjfbccafjgggcpkbkjgpij":{"blacklist":true},"oghphhcagopecifjblgdcfihjnlcbcfc":{"blacklist":true},"ogjbodghhojomghbdfnlkppdagkfjede":{"blacklist":true},"oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blacklist":true},"oilfokmpgejhjhecdjjpikloibggpenf":{"blacklist":true},"oimplfccampifgkgndlamabnkcibkngc":{"blacklist":true},"ojglppmhgfohhfeinlhklglifnbfebak":{"blacklist":true},"ojmdhklabgbnnkkilmkcfcemdhognifc":{"blacklist":true},"omceiakkomngangmllpgbjcoeloglald":{"blacklist":true},"omnicnmbagoinlpamknknbcgopadcoci":{"blacklist":true},"oncmkbmjpjlihkpbohlpmjghiiogmoie":{"blacklist":true},"onfbaaifbbahonepmednhkjbhdgogkbl":{"blacklist":true},"onjaecbdddgibdijafoemfiachlbcgkj":{"blacklist":true},"onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklist":true},"oocfbmollajebjjpkahmlnclfhkjijea":{"blacklist":true},"ookcgejbfhcmcanfkfmmmpahflnlajbl":{"blacklist":true},"oomelpjfeldbopnleifpjibbpekflhlg":{"blacklist":true},"opnnngnphijodjhemhdafpnnpdjggofe":{"blacklist":true},"pajgiddgjidlcajihkjoacjbplimkgfe":{"blacklist":true},"pbdgmppmccanplobanhfkjndjkmmabgk":{"blacklist":true},"pbekednmpdekknlffkiopooofokfmkla":{"blacklist":true},"pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true},"pbipaboekjdfhkfifpkofbfnpbnlolji":{"blacklist":true},"pcaedgdgamlfffkfblocmakhgieggoak":{"blacklist":true},"pcojpoljjgnicbhaffkiphphplijgbcc":{"blacklist":true},"pdhjoamffhjhlkiiminjhmihalkfjaee":{"blacklist":true},"peahabnpipmmfiajjjhgfggbeigbmbgp":{"blacklist":true},"peiijdmlgbelnnmnkighhkpeihmmamio":{"blacklist":true},"pfaooklcbjnkgconjjepimkohgcjmdji":{"blacklist":true},"pfcelnbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true},"pfckhplmfbblecglndaigpojefidapai":{"blacklist":true},"pfgmgcnbngcnhjddppmnloflcidemopc":{"blacklist":true},"pfhlnanelpgjbhndafjamnpfhkjadoip":{"blacklist":true},"pfoiaildicnbcjojocjlpcibenphhbln":{"blacklist":true},"pfonklmafadkmcedjlodommcoipgbcde":{"blacklist":true},"pgelifedkjaohmjehecojkfldinjlamn":{"blacklist":true},"pgjpnfpidejcmjibaaohcmehfohacckf":{"blacklist":true},"pgldfhecfiofkhnbgcncepnkjkeoahlk":{"blacklist":true},"pgmfkblbflahhponhjmkcnpjinenhlnc":{"blacklist":true},"pgmpnhbchhaningbkefchpdalnimjijd":{"blacklist":true},"phkpgooenaonkpnabopdbjjfmphclela":{"blacklist":true},"pihcfdffalbcnmbghijdfcaanagapelf":{"blacklist":true},"pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true},"pjgbfgdpkbfimabdalhjmmeeelbmkcac":{"blacklist":true},"pjkljhegncpnkpknbcohdijeoejaedia":{"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"n","creation_flags":9,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"]},"install_time":"13010341664982883","lastpingday":"13013938795008299","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\7_0","state":1,"was_installed_by_default":false},"pjloefkigphblpjminnlpbhjchjafcfc":{"blacklist":true},"pkbbbncikcipejaiiiioboongndhmjgl":{"blacklist":true},"pkbkgagehkkoajkpgnmjegibihpalfdk":{"blacklist":true},"pkbkkendemaimikinaefldfljliecapm":{"blacklist":true},"pkcbihpffghlanbclfmkegjmbijcpobj":{"blacklist":true},"pkdlpbfmpolnhligegklimbccminkioc":{"blacklist":true},"pkhidkonipdjidjglnkfcfhnkfnlefbk":{"blacklist":true},"plfijddblbcdcnammpdmfccchkbdekmm":{"blacklist":true},"pmbjemmaclljifpmnlagkcgpbcipdldb":{"blacklist":true},"pnaaalnkbgjaphhmahecamecmaldknkc":{"blacklist":true},"pnaiiipilbpcceggeanphcpkkihnojan":{"blacklist":true},"pndadpldhngimdmhnajebjldbmcbpjol":{"blacklist":true},"pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist":true},"pnpfkfanlgljpkpilhgiimfadggfmhcd":{"blacklist":true},"pnpgiaejfbdapllkchhgchjpdbcpiooa":{"blacklist":true},"pobponmhkpmphbnfhpjdagklbkmjhked":{"blacklist":true},"ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true},"kikeacjcceacohckgiajooneiabebfjj":{"blacklist":false},"glmfgahfleepmdfffonfckpmkondpdkg":{"active_permissions":{"api":["bookmarks","history","management","storage","tabs","topSites","unlimitedStorage"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/**"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"granted_permissions":{"api":["bookmarks","history","management","storage","tabs","topSites","unlimitedStorage"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/**"]},"has_declarative_rules":false,"initial_keybindings_set":true,"install_time":"13016195577473212","location":1,"manifest":{"manifest_version":2,"name":"Secure Speed Dial","version":"1.2.1","default_locale":"en","description":"The Ultimate Browser Speed Dial","homepage_url":"hxxp://www.websecuritykeeper.com/","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSW64gaanxBlwcYY68qbEkowyqVLEoSkb5SZMGVjLjYa6ox6mZnTj+PK12wukfZjlh1EFaEXuHSIttd3dg4eirZkBm2TukNr0gRswZKaA7LllgAAspbOKRuqM8hi7NkMoUBFmj4EvNOwrttkp1jEGsugD9mGUwvvUnSa4/E0z0ywIDAQAB","update_url":"hxxps://www.instair.net/extensions/instair_speeddial_chrome_update.xml","icons":{"16":"icon16.png","48":"icon48.png","128":"icon128.png"},"permissions":["webRequest","webRequestBlocking","tabs","hxxp://*/*","hxxps://*/*","chrome://favicon/","management","history","bookmarks","topSites","unlimitedStorage","storage"],"content_scripts":[{"run_at":"document_end","all_frames":false,"matches":["hxxp://www.google.com/cse?cx=014769746791310710274%3Aipbpdhvpzmc*"],"js":["js/content_append.js"]}],"web_accessible_resources":["cache/*"],"background":{"page":"background.html"},"chrome_url_overrides":{"newtab":"index.html"}},"path":"glmfgahfleepmdfffonfckpmkondpdkg\\1.2.1_0","state":1,"was_installed_by_default":false}},"sideload_wipeout_bubble_shown":3,"sideload_wipeout_done":true,"ui":{"developer_mode":true}},"google":{"services":{"last_username":"[email protected]","signin":{"CLIENT_LOGIN_STATUS":{"time":"Saturday, April 13, 2013 5:47:05 PM","value":"Successful"},"GET_USER_INFO_STATUS":{"time":"Saturday, April 13, 2013 5:47:06 PM","value":"Successful"},"LSID":"DQAAANEAAADD8lWa1IwzkLZcO2ku6EuYLJAD-S6Yv1plRapn2ydLW_pvuNeyzGTo2Q29sRKbGVdpHPTQyokYGB8YedhEReftnNiEsQVYoooR0cizvS1nVDy_r7veeHcufNfoj88oqCGIZjxfUGSjYzQDF28PPmLC9LySYwC4S7Wio-s3Akngxhwel0CIC3QvI4xrONvdzAmyDcjhzCUaYD6IKjKN6LJIWnnM_alZ5F9FXGULh44UDnb3E7YGXe4lHWhbo2eO2Zf4m_DkQ3g_YWwLq4q6bPog8SH6uRnHdP4kcS6xvQtzgQ","OAUTH_LOGIN_STATUS":{"time":"Saturday, April 13, 2013 5:47:05 PM","value":"Successful"},"SID":"DQAAANAAAADGCGZqvAC4FlSPkfVyeqfa_5OT104AsJmAsg_Nuos_TIGE4sfZ5OPQpWQl_WR23dfkU0vkzI-L2MtGyWUU-OhvIl-bLXkGY9Bhq90Qsaqypds8vAIZUkgsSVGHkJaw3pnVQKSawPTAz7U6ynGejHXRomClLvQe45oGfVcLy7Acl9mWTIFYcRfthLvryfWNqP9B8X0-pFffnY0pz8deuMe6xT1CG7kpixUd2PXoYuTkF2AiC-nyVTNFCT8U0w7t46Bu6yY7SLaTJ3voawEnvawh","SIGNIN_TYPE":{"time":"Saturday, April 13, 2013 5:47:02 PM","value":"Signin with credentials"},"USERNAME":"[email protected]","tokens":{"chromiumsync":{"status":"Successful","time":"Saturday, April 13, 2013 5:47:06 PM","value":"DQAAANMAAAARvpaSPiO0tiyWgqVx0Bj3gRMS2H4bua1IiAQR3z6Fj0c44IPpzWDE57DYeIOszIdk-Wf3302u5M9y5asjrMc6VB_LUeH7zLEjHzuOxeDTQbvy5pRY9DxqziglOS-zO7kq3ELz1Vg4oc6THErxRUVBywcFxpwDueoGlKtRK1B2rcHd_Z0jdmRKcosIKnwdgL19xZewE2Lh-copYdaz8YlAM0wLSBzW0JdTnQGpMqBl7K2SSMPkuZPTJT4go6wgi5pDsEFqJL5eqOhw_7i9xPPjpA7LHN-IboxxVpxgnndung"},"lso":{"status":"Successful","time":"Saturday, April 13, 2013 5:47:06 PM","value":"DQAAANMAAAARvpaSPiO0tiyWgqVx0Bj38FBxBEMwUQwCxj9BjE222gPJ1g_QzTJNw27dIo6aWGf5Qkteu6PwvMb-d_0K3cmF8wGvOH_nTTcbcKGiKIGnxzCDoeIijpp04Kbj8ZYSzYug44DUkpR19gJ5CWy4ctm--4r-aXgehh6LhymsF9tx6zQIKRCHtpMlr-Nacq7q1HwH9W_NOEXrH-ERLtSHo3PE7z6OF1_uYlttMwLmAeR4Cm1jQryvJI2puq4vOP7mLrHd98jaWe5rtvnxoyoUcR9Zku-6dopiUNFQkUmBbUt-ew\n"},"mobilesync":{"status":"Successful","time":"Saturday, April 13, 2013 5:47:06 PM","value":"DQAAANIAAAARvpaSPiO0tiyWgqVx0Bj38FBxBEMwUQwCxj9BjE222gPJ1g_QzTJNw27dIo6aWGfN6qiCLw29VsONMs453FhUD3aYbLBFBYq0HmwzYtG8S6D4MwAPu-GNaa3ZENFMapQgnLhd3P4VPP7XfRMJgieXu-6Olm4GHKkZgY0PcjEEksGyd8w2rPwa29rA2b86qnTtSmMbI6HmXgk2qaXTe-4bh1rYiHEz6GbCVjCV0XCjBOEVoQRddLYc2jIzsQXCIQxHVQ8pP15P0nIvf67eF2-QXHkEFMqv6ptSQ01OxtQsyQ\n"},"oauth2LoginAccessToken":{"status":"Successful","time":"Saturday, April 13, 2013 5:47:06 PM","value":"ya29.AHES6ZRkZv92OmnyYKKW0I83Snp0unfIQ1BsipkpN2Ie89Y"},"oauth2LoginRefreshToken":{"status":"Successful","time":"Saturday, April 13, 2013 5:47:06 PM","value":"1/yE1DQkm5rHIxhfzRcx91zveLvsQhgbQcIrPs1hAWi-Y"}}},"username":"[email protected]"}},"homepage":"hxxp://www.google.com","homepage_changed":true,"homepage_is_newtabpage":false,"instant":{"confirm_dialog_shown":true,"enabled":true},"invalidator":{"client_id":"5VpFKKvRJbHjJxG+rJUavA==","invalidation_state":"CicKJQoGCgQIAxABEhIJ86VqNxBGMrURNUeJSsJvvJUaBwiBDBADGAESFDqX3pB0/hYDjiLBgeSVeM5kT6La","max_invalidation_versions":[{"max-version":"1365868069748000","name":"APP","payload":"W:ChfCt4645KQQLxpcmvIpmrzK088wLQh8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1369054630837000","name":"AUTOFILL","payload":"W:ChfCt4645KQQLxpWhkIZOxVDR6pOC4R9AhDMoIfayberwIYB","source":"1004"},{"max-version":"1365868457105000","name":"BOOKMARK","payload":"W:ChfCt4645KQQLxpWhkIZOxVDR0D1OAh8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1365868063250000","name":"DEVICE_INFO","payload":"W:ChfCt4645KQQLxpWhkIZOxVDR2j6LAh8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1348807383789000","name":"EXTENSION","payload":"W:ChfCt4645KQQLxpcmvIpmrzK0+1gYhZ0AhC365T2jI3dgmA=","source":"1004"},{"max-version":"1365174796018000","name":"NIGORI","payload":"W:ChfCt4645KQQLxpcmvIpmrzK07EliLV7AhC365T2jI3dgmA=","source":"1004"},{"max-version":"1366657572201000","name":"PASSWORD","payload":"W:ChfCt4645KQQLxpcmvIpmrzK0+PeSmZ8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1365948772747000","name":"PREFERENCE","payload":"W:ChfCt4645KQQLxpcmvIpmrzK01cKzBF8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1366132961078000","name":"SEARCH_ENGINE","payload":"W:ChfCt4645KQQLxpcmvIpmrzK06kAwSd8AhDMoIfayberwIYB","source":"1004"},{"max-version":"1369475730447000","name":"SESSION","payload":"W:ChfCt4645KQQLxpWhkIZOxVDR95BPrZ9AhD1+Zujlsa4wJ8B","source":"1004"},{"max-version":"1369475308679000","name":"TYPED_URL","payload":"W:ChfCt4645KQQLxpcmvIpmrzK04dhMbZ9AhD1+Zujlsa4wJ8B","source":"1004"}]},"net":{"hxxp_server_properties":{"servers":{"accounts.google.com.eg:443":{"settings":{"4":100},"supports_spdy":true},"accounts.google.com:443":{"settings":{"4":100},"supports_spdy":true},"accounts.youtube.com:443":{"settings":{"4":100},"supports_spdy":true},"ad-emea.doubleclick.net:443":{"supports_spdy":true},"ajax.googleapis.com:443":{"settings":{"4":100,"5":16,"6":21},"supports_spdy":true},"apis.google.com:443":{"settings":{"4":100,"5":16,"6":11},"supports_spdy":true},"badge.facebook.com:443":{"supports_spdy":true},"chatenabled.mail.google.com:443":{"settings":{"4":10},"supports_spdy":true},"clients1.google.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"clients2.google.com:443":{"settings":{"4":100,"5":16,"6":9},"supports_spdy":true},"clients4.google.com:443":{"settings":{"4":100},"supports_spdy":true},"csi.gstatic.com:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true},"docs.google.com:443":{"supports_spdy":true},"drive.google.com:443":{"supports_spdy":true},"encrypted-tbn0.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"encrypted-tbn1.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"encrypted-tbn2.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"fonts.googleapis.com:443":{"supports_spdy":true},"gmail.com:443":{"settings":{"4":10},"supports_spdy":true},"googleads.g.doubleclick.net:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true},"gp4.googleusercontent.com:443":{"supports_spdy":true},"gp5.googleusercontent.com:443":{"supports_spdy":true},"gp6.googleusercontent.com:443":{"supports_spdy":true},"html5shiv.googlecode.com:443":{"supports_spdy":true},"i1.ytimg.com:443":{"supports_spdy":true},"i2.ytimg.com:443":{"supports_spdy":true},"i4.ytimg.com:443":{"supports_spdy":true},"id.google.com.eg:443":{"settings":{"4":100},"supports_spdy":true},"lh3.googleusercontent.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"lh4.googleusercontent.com:443":{"supports_spdy":true},"lh5.googleusercontent.com:443":{"supports_spdy":true},"lh6.googleusercontent.com:443":{"settings":{"4":100,"5":2,"6":26},"supports_spdy":true},"linkhelp.clients.google.com:443":{"supports_spdy":true},"mail-attachment.googleusercontent.com:443":{"settings":{"4":10},"supports_spdy":true},"mail.google.com:443":{"settings":{"4":10},"supports_spdy":true},"news.google.com:443":{"supports_spdy":true},"p5-2pbuv3pypzyc2-iksbfdr4c3jrgryf-857219-i2-v6exp3-ds.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"p5-2pbuv3pypzyc2-iksbfdr4c3jrgryf-857219-s1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"p5-2prctz7e5to6k-hsgv24ru2zbqe74z-341828-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-2prctz7e5to6k-hsgv24ru2zbqe74z-341828-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-2prctz7e5to6k-hsgv24ru2zbqe74z-341828-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-4slodnnr25lb6-cmey5kuc75x4y7kn-783390-i2-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-5lieakwdzw42o-yf5gygvvexe5awhk-453922-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-5lieakwdzw42o-yf5gygvvexe5awhk-453922-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-5lieakwdzw42o-yf5gygvvexe5awhk-453922-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-acpikpbjm5xdc-7las2bxotgwvs5g4-688513-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-acpikpbjm5xdc-7las2bxotgwvs5g4-688513-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-acpikpbjm5xdc-7las2bxotgwvs5g4-688513-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-djlc4u4kgldv2-qowopwlzo4hxti2h-883273-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-djlc4u4kgldv2-qowopwlzo4hxti2h-883273-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-djlc4u4kgldv2-qowopwlzo4hxti2h-883273-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-djucxjhtcz3x6-moug3mwxs76yh6rk-494361-i1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"p5-djucxjhtcz3x6-moug3mwxs76yh6rk-494361-i2-v6exp3-ds.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"p5-djucxjhtcz3x6-moug3mwxs76yh6rk-494361-s1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"p5-dmcthqurkhcg4-salozt4msojxwe2m-579780-i2-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"p5-dvtpceywwaswe-jfn2spq2utaaor5b-353204-i2-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-dvtpceywwaswe-jfn2spq2utaaor5b-353204-s1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-eetefdxv4lrio-44y5rmszrg4svzo3-537814-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-eetefdxv4lrio-44y5rmszrg4svzo3-537814-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-iflsyctyrviuw-nminsfanhv2jny2j-359791-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-iflsyctyrviuw-nminsfanhv2jny2j-359791-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-ju3h3fll4bki4-y3tooki4f57zbrau-255993-i1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-ju3h3fll4bki4-y3tooki4f57zbrau-255993-i2-v6exp3-ds.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-kdhgjtrk7p4ke-u5i3ulhbhh3dk3bu-647089-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-kdhgjtrk7p4ke-u5i3ulhbhh3dk3bu-647089-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-l6fu4ushmuy4e-yjfkchafdw33ys43-826999-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-l6fu4ushmuy4e-yjfkchafdw33ys43-826999-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-l6fu4ushmuy4e-yjfkchafdw33ys43-826999-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-m36sedunxolqi-4iow3rjv3pt4nx3f-463735-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-m36sedunxolqi-4iow3rjv3pt4nx3f-463735-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-mghsapdzmrmc4-m7qfr4b5ixw4wjet-534445-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-mghsapdzmrmc4-m7qfr4b5ixw4wjet-534445-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-oy5gvnaytvnwy-6zgdspp27we5dggo-783978-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-oy5gvnaytvnwy-6zgdspp27we5dggo-783978-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-pa2ajiw5xxbwo-btsuypaznjodmekm-169947-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-pa2ajiw5xxbwo-btsuypaznjodmekm-169947-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-pa2ajiw5xxbwo-btsuypaznjodmekm-169947-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-qemd5jcxtxfk4-lybosmzxmb7c4cjn-406910-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-qemd5jcxtxfk4-lybosmzxmb7c4cjn-406910-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-qyvdundtx2nbg-ieew4w7uaqva25xj-308215-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-qyvdundtx2nbg-ieew4w7uaqva25xj-308215-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-qyvdundtx2nbg-ieew4w7uaqva25xj-308215-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-t5dpvd35q46us-gzzsemjn2dy6o2oe-140612-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-t5dpvd35q46us-gzzsemjn2dy6o2oe-140612-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-t5dpvd35q46us-gzzsemjn2dy6o2oe-140612-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-vdeu4gjuklz2m-cqqyjfe3acvfweqn-861098-i1-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-vdeu4gjuklz2m-cqqyjfe3acvfweqn-861098-i2-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-vdeu4gjuklz2m-cqqyjfe3acvfweqn-861098-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-vkljet3awdmwu-bw2kxekgehnwun4g-981383-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-vkljet3awdmwu-bw2kxekgehnwun4g-981383-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"p5-vkljet3awdmwu-bw2kxekgehnwun4g-981383-s1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-x4v5ud2yvey4q-2aj25wjweqwwjqv7-487665-i1-v6exp3-v4.metric.gstatic.com:443":{"supports_spdy":true},"p5-x4v5ud2yvey4q-2aj25wjweqwwjqv7-487665-i2-v6exp3-ds.metric.gstatic.com:443":{"supports_spdy":true},"pagead2.googleadservices.com:443":{"settings":{"4":100},"supports_spdy":true},"pagead2.googlesyndication.com:443":{"supports_spdy":true},"partner.googleadservices.com:443":{"supports_spdy":true},"pixel.facebook.com:443":{"supports_spdy":true},"plus.google.com:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true},"plusone.google.com:443":{"settings":{"4":100,"5":4,"6":21},"supports_spdy":true},"profile-mszgatlg-sonar.xx.fbcdn.net:443":{"supports_spdy":true},"r.twimg.com:443":{"supports_spdy":true},"s.youtube.com:443":{"supports_spdy":true},"s.ytimg.com:443":{"supports_spdy":true},"s2.youtube.com:443":{"supports_spdy":true},"securepubads.g.doubleclick.net:443":{"supports_spdy":true},"ssl.google-analytics.com:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true},"ssl.gstatic.com:443":{"settings":{"4":100,"5":7,"6":12},"supports_spdy":true},"static.doubleclick.net:443":{"supports_spdy":true},"static.googleusercontent.com:443":{"supports_spdy":true},"stats.g.doubleclick.net:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"tpc.googlesyndication.com:443":{"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google-analytics.com:443":{"supports_spdy":true},"www.google.com.eg:443":{"settings":{"4":100,"5":16},"supports_spdy":true},"www.google.com:443":{"settings":{"4":100,"5":16},"supports_spdy":true},"www.googleadservices.com:443":{"settings":{"4":100,"5":16,"6":0},"supports_spdy":true},"www.googleapis.com:443":{"settings":{"4":100},"supports_spdy":true},"www.googletagmanager.com:443":{"supports_spdy":true},"www.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"www.youtube-nocookie.com:443":{"supports_spdy":true},"www.youtube.com:443":{"supports_spdy":true}},"version":1}},"ntp":{"app_page_names":["Apps"],"shown_page":2048},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64","migrated_to_pepper_flash":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64\\PepperFlash\\pepflashplayer.dll","version":"11.6.602.180"},{"enabled":true,"name":"Chrome Remote Desktop Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Native Client","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64\\pdf.dll","version":""},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.1.33"},{"enabled":true,"name":"Microsoft Windows Media Player Firefox Plugin","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\np-mswmp.dll","version":"1.0.0.8"},{"enabled":true,"name":"Winamp Application Detector","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npwachk.dll","version":"5,6,3,3235"},{"enabled":true,"name":"Google Talk Plugin","path":"C:\\Users\\Konsowa\\AppData\\Roaming\\Mozilla\\plugins\\npgoogletalk.dll","version":"3.17.0.12440"},{"enabled":true,"name":"Google Talk Plugin Video Accelerator","path":"C:\\Users\\Konsowa\\AppData\\Roaming\\Mozilla\\plugins\\npgtpo3dautoplugin.dll","version":"0,1,44,24"},{"enabled":true,"name":"Google Talk Plugin Video Renderer","path":"C:\\Users\\Konsowa\\AppData\\Roaming\\Mozilla\\plugins\\npo1d.dll","version":"3.17.0.12440"},{"enabled":true,"name":"Microsoft Office 2010","path":"C:\\PROGRA~2\\MIF5BA~1\\Office14\\NPSPWRAP.DLL","version":"14.0.4761.1000"},{"enabled":true,"name":"AVG SiteSafety plugin","path":"C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\14.2.0\\\\npsitesafety.dll","version":"14, 2, 0, 1"},{"enabled":true,"name":"RIM Handheld Application Loader","path":"C:\\Program Files (x86)\\Common Files\\Research In Motion\\BBWebSLLauncher\\NPWebSLLauncher.dll","version":"7.1.0.22 (Release build by unknown)"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.135\\npGoogleUpdate3.dll","version":"1.3.21.135"},{"enabled":true,"name":"Java(TM) Platform SE 6 U39","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\plugin2\\npjp2.dll","version":"6.0.390.4"},{"enabled":true,"name":"Silverlight Plug-In","path":"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\npctrl.dll","version":"5.1.20125.0"},{"enabled":true,"name":"Pando Web Plugin","path":"C:\\Program Files (x86)\\Pando Networks\\Media Booster\\npPandoWebPlugin.dll","version":"2.3.3.8"},{"enabled":true,"name":"TVU Web Player for FireFox","path":"C:\\Program Files (x86)\\TVUPlayer\\npTVUAx.dll","version":"2.5.3.1"},{"enabled":true,"name":"Veetle TV Player","path":"C:\\Program Files (x86)\\Veetle\\Player\\npvlc.dll","version":"0.9.18"},{"enabled":true,"name":"Veetle Broadcaster Plugin","path":"C:\\Program Files (x86)\\Veetle\\VLCBroadcast\\npvbp.dll","version":"0.9.18"},{"enabled":true,"name":"Veetle TV Core","path":"C:\\Program Files (x86)\\Veetle\\plugins\\npVeetle.dll","version":"0.9.19"},{"enabled":true,"name":"WEBZEN Browser Extension","path":"C:\\Program Files (x86)\\WEBZEN\\BrowserExtension\\NPWZCmnCtrl.dll","version":"0.9.4.0"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"Nexon Game Controller","path":"C:\\ProgramData\\NexonEU\\NGM\\npNxGameeu.dll","version":"1, 0, 1, 2"},{"enabled":true,"name":"Nexon Game Controller","path":"C:\\ProgramData\\NexonUS\\NGM\\npNxGameUS.dll","version":"1, 0, 1, 2"},{"enabled":true,"name":"Unity Player","path":"C:\\Users\\Konsowa\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll","version":"4.0.0.62010"},{"enabled":true,"name":"Kalydo Player Plugin for Mozilla","path":"C:\\Users\\Konsowa\\AppData\\Roaming\\Kalydo\\KalydoPlayer\\bin\\npkalydo.dll","version":"4, 01, 00, 5"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_2_202_233.dll","version":"11,2,202,233"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.390.4","path":"C:\\Windows\\SysWOW64\\npdeployJava1.dll","version":"6.0.390.4"},{"enabled":true,"name":"AVG SiteSafety plugin"},{"enabled":true,"name":"Adobe Flash Player"},{"enabled":false,"name":"Adobe Reader"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Chrome Remote Desktop Viewer"},{"enabled":true,"name":"Google Talk"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Java(TM)"},{"enabled":true,"name":"Kalydo Player Plugin for Mozilla"},{"enabled":true,"name":"Microsoft Office"},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Nexon Game Controller"},{"enabled":true,"name":"Pando Web Plugin"},{"enabled":true,"name":"RIM Handheld Application Loader"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"TVU Web Player for FireFox"},{"enabled":true,"name":"Unity Player"},{"enabled":true,"name":"Veetle Broadcaster Plugin"},{"enabled":true,"name":"Veetle TV Core"},{"enabled":true,"name":"Veetle TV Player"},{"enabled":true,"name":"WEBZEN Browser Extension"},{"enabled":true,"name":"Winamp Application Detector"},{"enabled":true,"name":"Windows Media Player"},{"enabled":true,"name":"iTunes Application Detector"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}},"\u005b*.\u005dguidedhacking.com,*":{"popups":1},"\u005b*.\u005dwww.elitepvpers.com,*":{"popups":1},"\u005b*.\u005dwww.youtube.com,*":{"fullscreen":1},"hxxp://192.168.2.1,*":{"popups":1},"hxxps://\u005b*.\u005dstudent.uwo.ca:443,*":{"popups":1}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exit_type":"Crashed","exited_cleanly":true,"is_managed":false,"name":"First user","per_host_zoom_levels":{"www.youtube.com":1.223901033401490}},"reverse_autologin":{"enabled":false},"selectfile":{"last_directory":"C:\\Users\\Konsowa\\Desktop\\Skool"},"session":{"restore_on_startup":1,"restore_on_startup_migrated":true,["hxxp://www.google.com","hxxp://searchfunmoods.com/?f=1&a=nv2&cd=2XzuyEtN2Y1L1QzutCyE0D0A0EzyyCzz0CyDtC0F0F0AtB0CtN0D0Tzu0CyEyCtCtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=1263485266&ir=","hxxp://www.alnaddy.com/?afltid=wbpk"]},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Search Engines","Sessions","Apps","App settings","Extension settings","App Notifications","Dictionary","Encryption keys"],"app_notifications":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABvuJyUBq5Uiao4JdBe5VaQAAAAACAAAAAAAQZgAAAAEAACAAAACyoOVYiMx4QEgVQKBPMzpNehqSWjCBtTcTXIAcsvGybwAAAAAOgAAAAAIAACAAAAA/eJ/dMP4wh3hMhADcNNm/9+H74BSc1C83gbUwcnYXX0AAAADRsXYl+FhQKdKYgrTpA7QlKHLN1qzcMbK9WJJLAEQdcT60kEORa8YE9aEMu5V5iWZTjBYewbV3f+SLF1eRdbY1QAAAAB4HwdQ54Dc6+lBGrkTvCCC/AO+i50DVObflv7K+1u5Ad8p2V2fplkf161lCAhXxEAyy4DwuCHngj9n+3/2j9uw=","extension_settings":true,"extensions":true,"has_setup_completed":true,"keep_everything_synced":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABvuJyUBq5Uiao4JdBe5VaQAAAAACAAAAAAAQZgAAAAEAACAAAAD4fzsEGMTauUKmpSe8zatPUDApgqR3eIOVyBBVKC8pqQAAAAAOgAAAAAIAACAAAAD6nmzk+LA6OIN1eU7RnOHZNmimrfQnCR1WcRpw5caNZ1AAAADDjdo+l0pj3kWC8bDfq7lxPhhffLHY0EhSbcTnyl99ZPliLHb2V9dOGuH4+LezY7nHhqpuxga4hP+qLAfnspLOeqGT8rTHEmlIdegVhVB0nEAAAAAwbvRr9b1oEL+hrx/gVNdm8vUurSVfGodtyGJkqx9+nQI3bRvMOu0dxV++syIzW0/7R1mJ0ReYgZUTN0vgvxKK","last_synced_time":"13013950877479222","passwords":true,"preferences":true,"search_engines":true,"session_sync_guid":"session_sync5VpFKKvRJbHjJxG+rJUavA==","sessions":true,"suppress_start":false,"themes":true,"typed_urls":true},"sync_promo":{"user_skipped":true},"translate_accepted_count":{"ar":0,"de":5,"es":4,"fr":3,"it":2,"ko":1,"pl":3,"ru":5,"vi":1,"zh-CN":1},"translate_denied_count":{"ar":2,"de":0,"es":0,"fr":0,"it":0,"ko":0,"pl":0,"ru":0,"vi":0,"zh-CN":0},"translate_whitelists":{"de":"en"}}

    *************************

    AdwCleaner[R1].txt - [90934 octets] - [21/07/2013 16:05:08]

    ########## EOF - C:\AdwCleaner[R1].txt - [90995 octets] ##########
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,877
    OK next step

    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    tell us if you are still having any problems after this
     
  5. konsowa

    konsowa Thread Starter

    Joined:
    Jul 20, 2013
    Messages:
    10
    # AdwCleaner v2.306 - Logfile created 07/21/2013 at 16:32:07
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Konsowa - KONSOWAZ-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Konsowa\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\user.js
    File Deleted : C:\Users\Konsowa\AppData\Local\funmoods-speeddial_sf.crx
    File Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
    File Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
    Folder Deleted : C:\Program Files (x86)\BrowserCompanion
    Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
    Folder Deleted : C:\Program Files (x86)\Funmoods
    Folder Deleted : C:\ProgramData\~0
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\BrouwsEe2save
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrouwsEe2save
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Konsowa\AppData\Local\APN
    Folder Deleted : C:\Users\Konsowa\AppData\Local\Babylon
    Folder Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Folder Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Folder Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Deleted : C:\Users\Konsowa\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Konsowa\AppData\LocalLow\bbrs_002.tb
    Folder Deleted : C:\Users\Konsowa\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Konsowa\AppData\Roaming\dvdvideosoftiehelpers
    Folder Deleted : C:\Users\Konsowa\AppData\Roaming\Funmoods
    Folder Deleted : C:\Users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~2\sprote~1.dll
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\AppDataLow\SProtector
    Key Deleted : HKCU\Software\Blabbers
    Key Deleted : HKCU\Software\BrowserCompanion
    Key Deleted : HKCU\Software\Funmoods
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BrowserCompanion
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
    Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
    Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
    Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
    Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
    Key Deleted : HKLM\Software\InstallCore
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Registry is clean.

    -\\ Mozilla Firefox v22.0 (en-US)

    File : C:\Users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\67zcrcqj.default-1374416997754\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Konsowa\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.1] : urls_to_restore_on_startup ={"backup":{"session":{["hxxp://www.google.com","hxxp://searchfunmoods.c[...]

    *************************

    AdwCleaner[R1].txt - [91013 octets] - [21/07/2013 16:05:08]
    AdwCleaner[S1].txt - [12347 octets] - [21/07/2013 16:32:07]

    ########## EOF - C:\AdwCleaner[S1].txt - [12408 octets] ##########

    Thanks, ill report if i have any more problems :D
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,877
    let us know how it is, there might still be other problems
     
  7. konsowa

    konsowa Thread Starter

    Joined:
    Jul 20, 2013
    Messages:
    10
    So after a few days i noticed that things are much better but the ram usage keeps increasing with time even though there are fewer processes now and when i restart the pc everything goes back to normal.
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,877
    ok Next step please

    follow advice here and post the logs those programs make
     
  9. konsowa

    konsowa Thread Starter

    Joined:
    Jul 20, 2013
    Messages:
    10
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:20:05 PM, on 7/25/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16635)
    Boot mode: Normal

    Running processes:
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\Skype\Phone\skype.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    C:\Users\Konsowa\Downloads\HijackThis(1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alnaddy.com/?afltid=wbpk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O3 - Toolbar: Alnaddy.com Toolbar - {CD3AED25-23AB-4543-B915-159449C37197} - C:\Program Files (x86)\Alnaddy.com\alnaddyToolbar\1.6.9.16\alnaddyToolbarTlbr.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Konsowa\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: UltraMon.lnk = ?
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Konsowa\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1CFCBFF4-A3BE-4BCD-B59C-BC570DDDC709}: NameServer = 213.131.65.20 213.131.66.246
    O17 - HKLM\System\CCS\Services\Tcpip\..\{44BAA6BC-7532-4FA6-9738-AB5E49198948}: NameServer = 213.131.65.20 213.131.66.246
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C2FA0FE3-82C5-4AFD-8D28-4B1DF6B14762}: NameServer =
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D99268AF-4CBF-4C65-9C2B-146A58A9BB5C}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\users\konsowa\desktop\newfol~1\bin\detour.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Xamarin Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
    O23 - Service: DTSAudioService - DTS - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
    O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

    --
    End of file - 12078 bytes
     
  10. konsowa

    konsowa Thread Starter

    Joined:
    Jul 20, 2013
    Messages:
    10
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
    Run by Konsowa at 22:21:15 on 2013-07-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5490 [GMT 2:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
    C:\ProgramData\DatacardService\HWDeviceService64.exe
    C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
    C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\Skype\Phone\skype.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Konsowa\Downloads\HijackThis(1).exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
    uProxyOverride = 127.0.0.1:9421;<local>;*.local
    mWinlogon: Userinit = userinit.exe
    BHO: AutorunsDisabled - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Secure Speed Dial: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    TB: Alnaddy.com Toolbar: {CD3AED25-23AB-4543-B915-159449C37197} - C:\Program Files (x86)\Alnaddy.com\alnaddyToolbar\1.6.9.16\alnaddyToolbarTlbr.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
    EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
    EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\skype.exe" /minimized /regrun
    uRun: [cdloader] "C:\Users\Konsowa\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    StartupFolder: C:\Users\Konsowa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:177
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Free YouTube Download - C:\Users\Konsowa\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
    IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
    TCP: NameServer = 192.168.1.1 192.168.2.1
    TCP: Interfaces\{1CFCBFF4-A3BE-4BCD-B59C-BC570DDDC709} : NameServer = 213.131.65.20 213.131.66.246
    TCP: Interfaces\{1CFCBFF4-A3BE-4BCD-B59C-BC570DDDC709} : DHCPNameServer = 213.131.65.20 213.131.66.246
    TCP: Interfaces\{38F75A8C-A838-4DA8-BD0C-9D616176C2BC} : DHCPNameServer = 192.168.1.1 192.168.2.1
    TCP: Interfaces\{38F75A8C-A838-4DA8-BD0C-9D616176C2BC}\B4F6E637F67716 : DHCPNameServer = 213.131.65.20 213.131.66.246
    TCP: Interfaces\{38F75A8C-A838-4DA8-BD0C-9D616176C2BC}\D4F62696E696C6027596D264960243739373 : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{44BAA6BC-7532-4FA6-9738-AB5E49198948} : NameServer = 213.131.65.20 213.131.66.246
    TCP: Interfaces\{B6EC4919-7F91-4384-917A-2E0264408775} : DHCPNameServer = 213.131.65.20 213.131.66.246
    TCP: Interfaces\{C2FA0FE3-82C5-4AFD-8D28-4B1DF6B14762} : NameServer =
    TCP: Interfaces\{D99268AF-4CBF-4C65-9C2B-146A58A9BB5C} : NameServer = 8.8.8.8,8.8.4.4
    Handler: AutorunsDisabled - <Clsid value has no data>
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= c:\users\konsowa\desktop\newfol~1\bin\detour.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: AutorunsDisabled - <orphaned>
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORDTSUPTBT
    x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    x64-Handler: AutorunsDisabled - <Clsid value has no data>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\67zcrcqj.default-1374416997754\
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
    FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
    FF - plugin: C:\Users\Konsowa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Konsowa\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-07-19 23:48; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: 2013-07-20 04:14; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn
    FF - ExtSQL: 2013-07-21 03:34; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-17 493656]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-17 1139800]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-15 1393240]
    R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-17 169048]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-21 279616]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130724.001\IDSviA64.sys [2013-7-25 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-17 224416]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-17 433752]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
    R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-4-5 65024]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
    R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-11-18 21992]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
    R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-11-18 210024]
    R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DataCardService\HWDeviceService64.exe [2011-3-14 346976]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-18 13592]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-7-17 144368]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-7-17 132056]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-4 4153184]
    R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2012-8-24 20512]
    R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
    R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2008-7-29 1075712]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-7-18 138912]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-7-13 66728]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-1-31 90112]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-18 539240]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-1-31 117248]
    S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-1-31 13952]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-3-27 1431888]
    S3 Gun;Gun;D:\SoftnyxGame\GunboundIS\Gun64.sys [2012-5-30 45176]
    S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-1-31 104448]
    S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2013-1-31 30720]
    S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2013-1-31 238080]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
    S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;C:\Windows\System32\drivers\tinspusb.sys [2012-6-11 142848]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-7-21 14544]
    S3 wolf;wolf;C:\Game\SoftnyxGame\WolfTeamIS\wolf64.sys [2012-6-13 40056]
    S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
    S4 Apache2.2;Apache2.2;C:\xampplite\apache\bin\httpd.exe [2012-8-22 29416]
    S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-26 8704]
    S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
    S4 Mobinil USB Modem. RunOuc;Mobinil USB Modem. OUC;C:\Program Files (x86)\Mobinil USB Modem\UpdateDog\ouc.exe [2013-1-31 655712]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 PhontonDashboardService;Photon dashboard service;C:\Users\Konsowa\Documents\Photon\deploy\bin_Tools\dashboard\PhotonDashboard.exe [2012-10-25 18432]
    S4 Photon Socket Server: Default;Photon Socket Server: Default;C:\Users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocketServer.exe [2012-10-25 7012352]
    S4 Photon Socket Server: LoadBalancing;Photon Socket Server: LoadBalancing;C:\Users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocketServer.exe [2012-10-25 7012352]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
    S4 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-7-21 2222928]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\updater.exe [2013-7-19 161384]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
    FileExt: .js: Applications\UnityDevelop.exe="C:\Program Files\UnityDevelop\UnityDevelop.exe" "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-07-23 11:46:21 -------- d-----w- C:\Program Files (x86)\XoftSpy
    2013-07-22 11:03:38 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2013-07-22 11:03:38 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2013-07-22 11:03:38 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
    2013-07-21 14:46:06 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-07-21 14:46:06 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-07-21 13:22:25 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
    2013-07-21 01:45:33 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-07-21 01:45:33 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-07-20 23:52:06 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-07-20 23:31:59 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\PC Cleaners
    2013-07-20 23:31:51 4728712 ----a-w- C:\Windows\uninst.exe
    2013-07-20 23:31:50 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\PCPro
    2013-07-20 23:31:50 -------- d-----w- C:\ProgramData\PC1Data
    2013-07-20 23:29:18 -------- d-----w- C:\ProgramData\PC Registry Cleaner
    2013-07-20 23:07:46 -------- d-----w- C:\Users\Konsowa\AppData\Local\Razer
    2013-07-20 23:07:44 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\Vtools
    2013-07-20 23:07:42 -------- d-----w- C:\Program Files (x86)\Vtools
    2013-07-20 23:07:11 -------- d-----w- C:\Program Files (x86)\Secure Speed Dial
    2013-07-20 01:23:36 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-07-20 01:23:35 70144 ----a-w- C:\Windows\System32\appinfo.dll
    2013-07-20 01:23:35 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-07-20 01:23:35 111448 ----a-w- C:\Windows\System32\consent.exe
    2013-07-20 01:20:15 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-07-20 01:20:15 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-07-20 01:15:32 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-07-20 01:01:43 -------- d-----w- C:\Users\Konsowa\AppData\Local\YavSoft
    2013-07-20 01:01:42 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\Flash Jigsaw Producer
    2013-07-20 01:01:00 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-07-20 00:55:32 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-20 00:55:32 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-20 00:26:05 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-07-20 00:26:05 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-07-20 00:26:05 144384 ----a-w- C:\Windows\System32\cdd.dll
    2013-07-20 00:12:05 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
    2013-07-20 00:12:05 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
    2013-07-20 00:12:05 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
    2013-07-20 00:12:05 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
    2013-07-20 00:12:05 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
    2013-07-20 00:12:05 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
    2013-07-20 00:12:05 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
    2013-07-20 00:01:15 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-07-20 00:01:15 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2013-07-20 00:00:51 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-20 00:00:51 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-19 23:49:52 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-07-19 23:49:52 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-07-19 23:38:31 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-07-19 23:38:31 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-07-19 23:26:52 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-07-19 23:26:52 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-07-19 23:26:52 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-07-19 23:26:52 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-07-19 23:26:52 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-07-19 23:26:51 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-07-19 23:26:51 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-07-19 23:26:51 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-07-19 23:26:51 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-07-19 23:26:51 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-07-19 22:05:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-19 22:04:05 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2013-07-19 22:04:05 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2013-07-19 22:04:05 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2013-07-19 22:03:50 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2013-07-19 22:03:50 3717632 ----a-w- C:\Windows\System32\mstscax.dll
    2013-07-19 22:03:50 158720 ----a-w- C:\Windows\System32\aaclient.dll
    2013-07-19 22:03:48 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-07-19 22:03:47 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-07-19 22:03:45 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-07-19 22:03:45 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-07-19 22:03:45 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-07-19 22:03:44 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-19 22:03:44 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-07-19 22:03:44 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-07-18 16:37:52 -------- d-----w- C:\Program Files (x86)\ArtGem
    2013-07-17 23:29:37 -------- d-----w- C:\N360_BACKUP
    2013-07-17 16:04:11 796760 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys
    2013-07-17 16:04:11 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys
    2013-07-17 16:04:11 433752 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys
    2013-07-17 16:04:11 36952 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtspx64.sys
    2013-07-17 16:04:11 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\symelam.sys
    2013-07-17 16:04:11 224416 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys
    2013-07-17 16:04:11 169048 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys
    2013-07-17 16:04:11 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys
    2013-07-17 16:03:56 -------- d-----w- C:\Windows\System32\drivers\N360x64\1404000.028
    2013-07-17 11:53:00 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2013-07-17 11:51:38 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2013-07-17 11:51:38 -------- d-----w- C:\Program Files\Symantec
    2013-07-17 11:51:38 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2013-07-17 11:51:10 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2013-07-17 11:51:09 -------- d-----w- C:\Program Files (x86)\Norton 360
    2013-07-17 11:47:16 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\TuneUp Software
    2013-07-17 11:44:17 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2013-07-17 11:35:03 -------- d-----w- C:\ProgramData\NortonInstaller
    2013-07-17 11:35:03 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2013-07-17 01:45:03 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup 3.0
    2013-07-17 01:44:30 -------- d-----w- C:\ProgramData\Norton
    2013-07-17 01:36:11 -------- d-----w- C:\Users\Konsowa\AppData\Roaming\PCCUStubInstaller
    2013-07-17 01:31:20 -------- d-----w- C:\ProgramData\StarApp
    2013-07-13 19:04:01 2562208 ----a-w- C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2013-07-13 18:55:17 -------- d-----w- C:\Program Files\Application Verifier
    2013-07-13 18:55:17 -------- d-----w- C:\Program Files (x86)\Application Verifier
    2013-07-13 18:55:16 -------- d-----w- C:\ProgramData\Windows App Certification Kit
    2013-07-13 18:53:04 -------- d-----w- C:\Program Files (x86)\Microsoft Web Tools
    2013-07-13 18:52:51 -------- d-----w- C:\Program Files\Microsoft
    2013-07-13 18:52:30 -------- d-----w- C:\Program Files (x86)\IIS Express
    2013-07-13 18:52:29 -------- d-----w- C:\Program Files\IIS Express
    2013-07-13 18:51:56 -------- d-----w- C:\Program Files (x86)\NuGet
    2013-07-13 18:51:51 -------- d-----w- C:\Program Files (x86)\Microsoft WCF Data Services
    2013-07-13 18:42:14 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
    2013-07-13 18:34:55 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
    2013-07-13 18:33:25 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
    2013-07-12 21:50:05 8610696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-07-12 21:15:26 -------- d-----w- C:\Users\Konsowa\AppData\Local\{F37829FD-8E56-4B32-8FBE-696D34CA00F3}
    2013-07-12 20:45:31 -------- d-----w- C:\Users\Konsowa\AppData\Local\{A5DC2401-8272-45BB-A258-9D9FA9C765D9}
    2013-07-12 12:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2013-07-12 12:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2013-07-07 16:29:41 4249600 ----a-w- C:\Program Files (x86)\GUT3543.tmp
    2013-07-07 16:29:41 -------- d-----w- C:\Program Files (x86)\GUM3542.tmp
    2013-07-07 16:22:29 -------- d-----w- C:\Users\Konsowa\AppData\Local\{37A38914-C56D-425C-A77C-50026A17EEFB}
    .
    ==================== Find3M ====================
    .
    2013-07-20 23:52:06 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-07-19 22:05:48 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-07-19 22:05:48 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-07-15 23:43:33 95247 ----a-w- C:\Windows\PixtopianBook Uninstaller.exe
    2013-07-12 21:50:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-12 21:50:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-02 08:32:04 2274480 ----a-w- C:\Windows\System32\coin94.dll
    2013-05-01 21:55:26 61304 ----a-w- C:\Users\Konsowa\g2mdlhlpx.exe
    .
    ============= FINISH: 22:22:50.96 ===============
     

    Attached Files:

  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,877
    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.

    Please download and run WVCheck.
    • Double-click WVCheck.exe.
    • As indicated by the prompt, this program can take a while depending on your hard drive space.
    • Once the program is done, copy the contents of the Notepad file as a reply.
     
  12. konsowa

    konsowa Thread Starter

    Joined:
    Jul 20, 2013
    Messages:
    10
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-07-25 23:01:07
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.05.0 931.51GB
    Running: 0zrw6lbn.exe; Driver: C:\Users\Konsowa\AppData\Local\Temp\uwlorkoc.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000123e00 7 bytes [00, A3, F3, FF, 01, AF, F0]
    .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000123e08 3 bytes [C0, 06, 02]

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\SysWOW64\svchost.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
    .text C:\Windows\SysWOW64\svchost.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 00000001003f091c
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 00000001003f0048
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001003f02ee
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001003f04b2
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001003f09fe
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 00000001003f0ae0
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 00000001003f012a
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 00000001003f0758
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 00000001003f0676
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001003f03d0
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 00000001003f0594
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 00000001003f083a
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 00000001003f020c
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 00000001003f0f52
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100420210
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100420048
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a77a9d1}
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 00000001003f0ca6
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001004203d8
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010042012c
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001004202f4
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 00000001003f0e6e
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe[1884] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010042059e
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010023091c
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100230048
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002302ee
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002304b2
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002309fe
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100230ae0
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010023012a
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100230758
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100230676
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002303d0
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100230594
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010023083a
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010023020c
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073301a22 2 bytes [30, 73]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073301ad0 2 bytes [30, 73]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073301b08 2 bytes [30, 73]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073301bba 2 bytes [30, 73]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073301bda 2 bytes [30, 73]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100230f52
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100240210
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100240048
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a59a9d1}
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100230ca6
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002403d8
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010024012c
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002402f4
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100230e6e
    .text C:\Windows\SysWOW64\PnkBstrA.exe[532] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010024059e
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010028091c
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100280048
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002802ee
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002804b2
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002809fe
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100280ae0
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010028012a
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100280758
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100280676
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002803d0
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100280594
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010028083a
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010028020c
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073301a22 2 bytes [30, 73]
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073301ad0 2 bytes [30, 73]
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073301b08 2 bytes [30, 73]
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073301bba 2 bytes [30, 73]
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073301bda 2 bytes [30, 73]
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100280f52
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100290210
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100290048
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a5ea9d1}
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100280ca6
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002903d8
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010029012c
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002902f4
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100280e6e
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010029059e
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
    .text C:\Windows\SysWOW64\PnkBstrB.exe[1168] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
    .text ... * 2
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010010091c
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100100048
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001001002ee
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001001004b2
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001001009fe
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100100ae0
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010010012a
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100100758
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100100676
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001001003d0
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100100594
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010010083a
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010010020c
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010011059e
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100100f52
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100110210
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100110048
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a46a9d1}
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100100ca6
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001001103d8
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010011012c
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001001102f4
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2348] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100100e6e
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010010091c
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100100048
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001001002ee
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001001004b2
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001001009fe
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100100ae0
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010010012a
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100100758
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100100676
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001001003d0
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100100594
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010010083a
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010010020c
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100100f52
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100110210
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100110048
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a46a9d1}
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100100ca6
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001001103d8
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010011012c
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001001102f4
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100100e6e
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2480] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001001104bc
    ? C:\Windows\system32\mssprxy.dll [2916] entry point in ".rdata" section 00000000675971e6
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010028091c
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100280048
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002802ee
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002804b2
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002809fe
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100280ae0
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010028012a
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100280758
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100280676
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002803d0
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100280594
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010028083a
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010028020c
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010029059e
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100280f52
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100290210
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100290048
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a5ea9d1}
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100280ca6
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002903d8
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010029012c
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002902f4
    .text C:\ProgramData\DatacardService\DCSHelper.exe[2640] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100280e6e
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010024091c
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100240048
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002402ee
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002404b2
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002409fe
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100240ae0
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010024012a
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100240758
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100240676
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002403d0
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100240594
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010024083a
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010024020c
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 0000000100240bc2
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100250048
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 00000001002502f4
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 7 bytes JMP 000000010025012c
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100240d88
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002504bc
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 0000000100250210
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002503d8
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[3252] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100240f50
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010028091c
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100280048
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002802ee
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002804b2
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002809fe
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100280ae0
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010028012a
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100280758
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100280676
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002803d0
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100280594
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010028083a
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010028020c
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001003104bc
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100280f52
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100310210
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100310048
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a66a9d1}
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100280ca6
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001003103d8
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010031012c
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001003102f4
    .text C:\Windows\SysWOW64\vmnetdhcp.exe[3332] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100280e6e
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010038091c
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100380048
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001003802ee
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001003804b2
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001003809fe
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100380ae0
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010038012a
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100380758
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100380676
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001003803d0
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100380594
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010038083a
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010038020c
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010039059e
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100380f52
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100390210
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100390048
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a6ea9d1}
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100380ca6
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001003903d8
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010039012c
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001003902f4
    .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[2092] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100380e6e
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010009091c
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100090048
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001000902ee
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001000904b2
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001000909fe
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100090ae0
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010009012a
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100090758
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100090676
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001000903d0
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100090594
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010009083a
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010009020c
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 0000000100090bc2
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 00000001000a0048
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 00000001000a02f4
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 7 bytes JMP 00000001000a012c
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100090d88
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001000a04bc
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 00000001000a0210
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001000a03d8
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100090f50
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
    .text C:\Program Files (x86)\Skype\Phone\skype.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
    .text ... * 2
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010024091c
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100240048
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002402ee
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002404b2
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002409fe
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100240ae0
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010024012a
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100240758
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100240676
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002403d0
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100240594
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010024083a
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010024020c
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001002504bc
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100240f52
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100250210
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100250048
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a5aa9d1}
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100240ca6
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002503d8
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010025012c
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002502f4
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100240e6e
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
    .text C:\Users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe[4160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010027091c
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100270048
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002702ee
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002704b2
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002709fe
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100270ae0
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010027012a
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100270758
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100270676
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002703d0
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100270594
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010027083a
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010027020c
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 000000010028059e
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100270f52
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100280210
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100280048
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a5da9d1}
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100270ca6
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002803d8
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010028012c
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002802f4
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100270e6e
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
    .text C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
    .text ... * 2
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010008091c
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100080048
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001000802ee
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001000804b2
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001000809fe
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100080ae0
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010008012a
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100080758
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100080676
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001000803d0
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100080594
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010008083a
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010008020c
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100080f52
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100090210
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100090048
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a3ea9d1}
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100080ca6
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001000903d8
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010009012c
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001000902f4
    .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4484] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100080e6e
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010009091c
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100090048
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001000902ee
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001000904b2
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001000909fe
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100090ae0
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010009012a
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100090758
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100090676
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001000903d0
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100090594
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010009083a
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010009020c
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001000a04bc
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100090f52
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 00000001000a0210
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 00000001000a0048
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a3fa9d1}
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100090ca6
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001000a03d8
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 00000001000a012c
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001000a02f4
    .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1240] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100090e6e
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010014091c
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100140048
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001001402ee
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001001404b2
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001001409fe
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100140ae0
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010014012a
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100140758
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100140676
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001001403d0
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100140594
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010014083a
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010014020c
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100140f52
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100150210
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100150048
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a4aa9d1}
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100140ca6
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001001503d8
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010015012c
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001001502f4
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100140e6e
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[5452] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001001504bc
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010010091c
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100100048
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001001002ee
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001001004b2
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001001009fe
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100100ae0
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010010012a
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100100758
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100100676
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001001003d0
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100100594
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010010083a
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010010020c
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100100f52
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100110210
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100110048
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a46a9d1}
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100100ca6
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001001103d8
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010011012c
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001001102f4
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100100e6e
    .text C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe[1680] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001001104bc
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010027091c
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100270048
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002702ee
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002704b2
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002709fe
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100270ae0
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010027012a
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100270758
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100270676
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002703d0
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100270594
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010027083a
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010027020c
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001003004bc
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100270f52
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100300210
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100300048
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a65a9d1}
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100270ca6
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001003003d8
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010030012c
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001003002f4
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100270e6e
    ? C:\Windows\system32\mssprxy.dll [2560] entry point in ".rdata" section 00000000675971e6
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b91465 2 bytes [B9, 75]
    .text C:\Users\Konsowa\Downloads\HijackThis(1).exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b914bb 2 bytes [B9, 75]
    .text ... * 2
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007790fc90 5 bytes JMP 000000010028091c
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007790fdf4 5 bytes JMP 0000000100280048
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007790fe88 5 bytes JMP 00000001002802ee
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007790ffe4 5 bytes JMP 00000001002804b2
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910018 5 bytes JMP 00000001002809fe
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077910048 5 bytes JMP 0000000100280ae0
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077910064 5 bytes JMP 000000010002004c
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007791077c 5 bytes JMP 000000010028012a
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007791086c 5 bytes JMP 0000000100280758
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077910884 5 bytes JMP 0000000100280676
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077910dd4 5 bytes JMP 00000001002803d0
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077911900 5 bytes JMP 0000000100280594
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077911bc4 5 bytes JMP 000000010028083a
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077911d50 5 bytes JMP 000000010028020c
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ca524f 7 bytes JMP 0000000100280f52
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ca53d0 7 bytes JMP 0000000100290210
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ca5677 1 byte JMP 0000000100290048
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075ca5679 5 bytes {JMP 0xffffffff8a5ea9d1}
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ca589a 7 bytes JMP 0000000100280ca6
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ca5a1d 7 bytes JMP 00000001002903d8
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ca5c9b 7 bytes JMP 000000010029012c
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ca5d87 7 bytes JMP 00000001002902f4
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ca7240 7 bytes JMP 0000000100280e6e
    .text C:\Users\Konsowa\Downloads\0zrw6lbn.exe[7640] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075c01492 7 bytes JMP 00000001002904bc

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3036:4056] 000007fee3ac838c
    Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [3036:1028] 000007fee5a4c680
    Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2552:5660] 000007fee5a4c680
    ---- Processes - GMER 2.1 ----

    Library C:\Users\Konsowa\AppData\Local\Temp\nsyD2C.tmp\System.dll (*** suspicious ***) @ C:\Users\Konsowa\Downloads\dds.scr [3268] 0000000002010000
    Library C:\Users\Konsowa\AppData\Local\Temp\nsyD2C.tmp\Banner.dll (*** suspicious ***) @ C:\Users\Konsowa\Downloads\dds.scr [3268] 0000000003270000
    Library C:\Users\Konsowa\AppData\Local\Temp\nsyD2C.tmp\nsExec.dll (*** suspicious ***) @ C:\Users\Konsowa\Downloads\dds.scr [3268] 0000000003640000
    Library C:\Users\Konsowa\AppData\Local\Temp\nsyD2C.tmp\PEV.DAT (*** suspicious ***) @ C:\Users\Konsowa\AppData\Local\Temp\nsyD2C.tmp\PEV.DAT [7596] 0000000000c70000

    ---- EOF - GMER 2.1 ----

    MGA
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-R8R9M-234F7-9J8DY
    Windows Product Key Hash: w3knYSsbc+SoRkqh1A5XvvR2uJM=
    Windows Product ID: 00359-113-8412213-85019
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {8CCF2DAC-73C3-4C24-B109-209434E31F88}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130318-1533
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{8CCF2DAC-73C3-4C24-B109-209434E31F88}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9J8DY</PKey><PID>00359-113-8412213-85019</PID><PIDType>5</PIDType><SID>S-1-5-21-3920387077-942025914-700066375</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0713</Version><SMBIOSVersion major="2" minor="6"/><Date>20110510000000.000000+000</Date></BIOS><HWID>0BEC3C07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Egypt Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00170-113-841221-00-1033-7601.0000-0012005
    Installation ID: 008665101713734981008381797960299701962622802532653501
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 9J8DY
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 7/25/2013 11:02:14 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 5:13:2013 09:56
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NgAAAAIAAQABAAEAAAADAAAABAABAAEAln2qQ3cWVlEaXfaqWH1iPcxFBumQTXJ3coq+QS5z

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC ALASKA A M I
    FACP ALASKA A M I
    HPET ALASKA A M I
    MCFG ALASKA A M I
    SSDT AMICPU PROC
     
  13. konsowa

    konsowa Thread Starter

    Joined:
    Jul 20, 2013
    Messages:
    10
    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 2304_25-07-2013
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows 7 Service Pack 1
    Windows Mode: Normal
    Systemroot Path: C:\Windows

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Do not download or install updates automatically.
    -----------------------
    Last Success Time for Update Detection: 2013-07-25 02:04:52
    Last Success Time for Update Download: 2013-07-23 11:00:41
    Last Success Time for Update Installation: 2013-07-22 11:02:29


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    C:\Program Files (x86)\Microsoft DirectX 9.0 SDK (Summer 2004)\Samples\C++\DirectShow\Bin\Watermark.exe
    Size: 114688 bytes
    Creation; 9/7/2004 8:28:10
    Modification; 9/7/2004 8:28:10
    MD5; 3a90542d5f881964bb60a48cf9ed88be
    Matched: watermark.exe
    -----------------------
    C:\Windows\System32\slwga.dll
    Size: 14336 bytes
    Creation; 21/11/2010 5:23:48
    Modification; 21/11/2010 5:23:48
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------
    C:\Windows\SysWOW64\slwga.dll
    Size: 14336 bytes
    Creation; 21/11/2010 5:23:48
    Modification; 21/11/2010 5:23:48
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
    Size: 15360 bytes
    Creation; 21/11/2010 5:24:21
    Modification; 21/11/2010 5:24:21
    MD5; b6d6886149573278cba6abd44c4317f5
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
    Size: 14336 bytes
    Creation; 21/11/2010 5:23:48
    Modification; 21/11/2010 5:23:48
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


    -------- End of File, program close at 2307_25-07-2013 --------
     
  14. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,877
    nothing definitely wrong there, but a few suspicious entries so
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  15. konsowa

    konsowa Thread Starter

    Joined:
    Jul 20, 2013
    Messages:
    10
    ComboFix 13-07-25.02 - Konsowa 07/26/2013 14:26:28.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5241 [GMT 2:00]
    Running from: c:\users\Konsowa\Downloads\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\program files (x86)\P2Pcontrol
    c:\program files (x86)\P2Pcontrol\config\nodes.dat
    c:\program files (x86)\P2Pcontrol\data
    c:\program files (x86)\P2Pcontrol\P2Pcontrol.url
    c:\program files (x86)\P2Pcontrol\P2Pcontrol_claim.url
    c:\program files (x86)\P2Pcontrol\uninst.exe
    c:\users\Konsowa\AppData\Local\assembly\tmp
    c:\users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Pcontrol
    c:\users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Pcontrol\Claim money.lnk
    c:\users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Pcontrol\P2Pcontrol website.lnk
    c:\users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\P2Pcontrol\Uninstall.lnk
    c:\users\Konsowa\g2mdlhlpx.exe
    c:\windows\SysWow64\DannyComObjects.dll
    c:\windows\SysWow64\DannyHelper.dll
    c:\windows\SysWow64\Eziriz.bin
    c:\windows\SysWow64\frapsvid.dll
    c:\windows\SysWow64\UNWISE.EXE
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-06-26 to 2013-07-26 )))))))))))))))))))))))))))))))
    .
    .
    2013-07-26 12:36 . 2013-07-26 12:36 -------- d-----w- c:\users\unitysrv\AppData\Local\temp
    2013-07-26 12:36 . 2013-07-26 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-07-25 21:02 . 2013-07-25 21:02 -------- d-----w- C:\MGADiagToolOutput
    2013-07-25 21:02 . 2013-07-25 21:02 -------- d-----w- c:\programdata\Office Genuine Advantage
    2013-07-23 11:46 . 2013-07-23 12:02 -------- d-----w- c:\program files (x86)\XoftSpy
    2013-07-22 11:03 . 2011-09-22 19:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
    2013-07-22 11:03 . 2011-09-22 19:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2013-07-22 11:03 . 2011-09-22 15:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2013-07-21 14:46 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
    2013-07-21 14:46 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
    2013-07-21 13:22 . 2013-07-21 13:22 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
    2013-07-21 01:45 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2013-07-21 01:45 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-07-20 23:52 . 2013-07-20 23:52 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-07-20 23:31 . 2013-07-20 23:31 -------- d-----w- c:\users\Konsowa\AppData\Roaming\PC Cleaners
    2013-07-20 23:31 . 2012-12-22 17:53 4728712 ----a-w- c:\windows\uninst.exe
    2013-07-20 23:31 . 2013-07-20 23:33 -------- d-----w- c:\programdata\PC1Data
    2013-07-20 23:31 . 2013-07-20 23:32 -------- d-----w- c:\users\Konsowa\AppData\Roaming\PCPro
    2013-07-20 23:29 . 2013-07-20 23:29 -------- d-----w- c:\programdata\PC Registry Cleaner
    2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\users\Konsowa\AppData\Local\Razer
    2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\users\Konsowa\AppData\Roaming\Vtools
    2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\program files (x86)\Vtools
    2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\programdata\Razer
    2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\program files (x86)\Razer
    2013-07-20 23:07 . 2013-07-20 23:07 -------- d-----w- c:\program files (x86)\Secure Speed Dial
    2013-07-20 01:23 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
    2013-07-20 01:23 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
    2013-07-20 01:23 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
    2013-07-20 01:23 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
    2013-07-20 01:23 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
    2013-07-20 01:23 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
    2013-07-20 01:20 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
    2013-07-20 01:20 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
    2013-07-20 01:15 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-07-20 01:01 . 2013-07-20 01:01 -------- d-----w- c:\users\Konsowa\AppData\Local\YavSoft
    2013-07-20 01:01 . 2013-07-20 23:41 -------- d-----w- c:\users\Konsowa\AppData\Roaming\Flash Jigsaw Producer
    2013-07-20 01:01 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
    2013-07-20 00:55 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-20 00:55 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-20 00:26 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-07-20 00:26 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-07-20 00:26 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
    2013-07-20 00:12 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
    2013-07-20 00:12 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
    2013-07-20 00:12 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
    2013-07-20 00:12 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
    2013-07-20 00:12 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
    2013-07-20 00:12 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
    2013-07-20 00:12 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
    2013-07-20 00:01 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
    2013-07-20 00:01 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2013-07-20 00:00 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-07-20 00:00 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2013-07-19 23:49 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
    2013-07-19 23:49 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-07-19 23:38 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
    2013-07-19 23:38 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
    2013-07-19 23:26 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-07-19 23:26 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2013-07-19 23:26 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-07-19 23:26 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
    2013-07-19 23:26 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
    2013-07-19 23:26 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
    2013-07-19 23:26 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
    2013-07-19 23:26 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2013-07-19 23:26 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2013-07-19 23:26 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
    2013-07-19 22:05 . 2013-07-19 22:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-19 22:04 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
    2013-07-19 22:04 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
    2013-07-19 22:04 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
    2013-07-19 22:03 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
    2013-07-19 22:03 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
    2013-07-19 22:03 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
    2013-07-19 22:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-07-19 22:03 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2013-07-19 22:03 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-07-19 22:03 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-07-19 22:03 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-07-19 22:03 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-19 22:03 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-07-19 22:03 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
    2013-07-18 16:37 . 2013-07-25 22:40 -------- d-----w- c:\program files (x86)\ArtGem
    2013-07-17 23:29 . 2013-07-17 23:29 -------- d-----w- C:\N360_BACKUP
    2013-07-17 11:53 . 2013-07-17 11:53 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2013-07-17 11:51 . 2013-07-17 16:04 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2013-07-17 11:51 . 2013-07-17 11:51 -------- d-----w- c:\program files\Symantec
    2013-07-17 11:51 . 2013-07-17 11:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2013-07-17 11:51 . 2013-07-17 22:48 -------- d-----w- c:\windows\system32\drivers\N360x64
    2013-07-17 11:51 . 2013-07-17 11:51 -------- d-----w- c:\program files (x86)\Norton 360
    2013-07-17 11:47 . 2013-07-17 11:47 -------- d-----w- c:\users\Konsowa\AppData\Roaming\TuneUp Software
    2013-07-17 11:44 . 2013-07-17 11:44 -------- d-----w- c:\programdata\ATI
    2013-07-17 11:44 . 2013-07-17 11:44 -------- d-----w- c:\program files (x86)\AMD AVT
    2013-07-17 11:35 . 2013-07-17 11:35 -------- d-----w- c:\program files (x86)\NortonInstaller
    2013-07-17 01:45 . 2013-07-21 03:51 -------- d-----w- c:\program files (x86)\Norton PC Checkup 3.0
    2013-07-17 01:44 . 2013-07-17 23:22 -------- d-----w- c:\programdata\Norton
    2013-07-17 01:36 . 2013-07-17 01:36 -------- d-----w- c:\users\Konsowa\AppData\Roaming\PCCUStubInstaller
    2013-07-17 01:31 . 2013-07-17 01:31 -------- d-----w- c:\programdata\StarApp
    2013-07-13 19:04 . 2013-07-20 23:49 2562208 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2013-07-13 18:55 . 2013-07-13 18:55 -------- d-----w- c:\program files\Application Verifier
    2013-07-13 18:55 . 2013-07-13 18:55 -------- d-----w- c:\program files (x86)\Application Verifier
    2013-07-13 18:55 . 2013-07-13 18:55 -------- d-----w- c:\programdata\Windows App Certification Kit
    2013-07-13 18:53 . 2013-07-13 18:53 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
    2013-07-13 18:52 . 2013-07-13 18:52 -------- d-----w- c:\program files\Microsoft
    2013-07-13 18:52 . 2013-07-13 18:52 -------- d-----w- c:\program files (x86)\IIS Express
    2013-07-13 18:52 . 2013-07-13 18:52 -------- d-----w- c:\program files\IIS Express
    2013-07-13 18:51 . 2013-07-13 18:51 -------- d-----w- c:\program files (x86)\NuGet
    2013-07-13 18:51 . 2013-07-13 18:51 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services
    2013-07-13 18:42 . 2013-07-13 18:42 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
    2013-07-13 18:34 . 2013-07-13 19:02 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
    2013-07-13 18:33 . 2013-07-13 18:33 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
    2013-07-12 21:50 . 2013-07-12 21:50 8610696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-07-07 16:29 . 2013-07-07 16:31 4249600 ----a-w- c:\program files (x86)\GUT3543.tmp
    2013-07-07 16:29 . 2013-07-07 16:29 -------- d-----w- c:\program files (x86)\GUM3542.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-07-21 00:04 . 2011-11-21 09:02 2485920 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2013-07-19 22:05 . 2013-03-09 08:20 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2013-07-19 22:05 . 2012-01-11 15:47 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-07-15 23:43 . 2012-01-20 16:47 95247 ----a-w- c:\windows\PixtopianBook Uninstaller.exe
    2013-07-12 21:50 . 2012-04-01 14:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-07-12 21:50 . 2011-12-15 18:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-23 22:41 . 2011-11-18 11:11 78185248 ----a-w- c:\windows\system32\MRT.exe
    2013-05-13 21:24 . 2012-06-14 22:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-02 08:32 . 2013-05-02 08:32 2274480 ----a-w- c:\windows\system32\coin94.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-07-28 393216]
    "Skype"="c:\program files (x86)\Skype\Phone\skype.exe" [2013-07-19 18642024]
    "cdloader"="c:\users\Konsowa\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "RL Uninstaller"="del" [X]
    .
    c:\users\Konsowa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Konsowa\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2013-5-13 29310]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 Gun;Gun;d:\softnyxgame\GunBoundIS\Gun64.sys;d:\softnyxgame\GunBoundIS\Gun64.sys [x]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
    R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
    R3 KeDetective131;KeDetective131;c:\windows\system32\Drivers\KeDetective131.sys;c:\windows\SYSNATIVE\Drivers\KeDetective131.sys [x]
    R3 KIKIDRIVER;KIKIDRIVER;c:\users\Konsowa\Desktop\Kiki Engine 1.41\kiki.sys;c:\users\Konsowa\Desktop\Kiki Engine 1.41\kiki.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
    R3 Revolution1;Revolution1;c:\users\Konsowa\AppData\Local\Temp\Rar$EX04.512\SHAK3.sys;c:\users\Konsowa\AppData\Local\Temp\Rar$EX04.512\SHAK3.sys [x]
    R3 SysCom1;SysCom1;c:\users\Konsowa\AppData\Local\Temp\Rar$EX23.992\Ghost Killer Girl\SoRa.sys;c:\users\Konsowa\AppData\Local\Temp\Rar$EX23.992\Ghost Killer Girl\SoRa.sys [x]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys;c:\windows\SYSNATIVE\DRIVERS\tinspusb.sys [x]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
    R3 vtany;vtany;c:\windows\vtany.sys;c:\windows\vtany.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
    R3 wolf;wolf;c:\game\SoftnyxGame\WolfTeamIS\wolf64.sys;c:\game\SoftnyxGame\WolfTeamIS\wolf64.sys [x]
    R3 X6va005;X6va005;c:\users\Konsowa\AppData\Local\Temp\005104D.tmp;c:\users\Konsowa\AppData\Local\Temp\005104D.tmp [x]
    R3 X6va008;X6va008;c:\users\Konsowa\AppData\Local\Temp\008561.tmp;c:\users\Konsowa\AppData\Local\Temp\008561.tmp [x]
    R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
    R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
    R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
    R3 xspirit;xspirit;c:\windows\xspirit.sys;c:\windows\xspirit.sys [x]
    R4 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe;c:\xampplite\apache\bin\httpd.exe [x]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
    R4 Mobinil USB Modem. RunOuc;Mobinil USB Modem. OUC;c:\program files (x86)\Mobinil USB Modem\UpdateDog\ouc.exe;c:\program files (x86)\Mobinil USB Modem\UpdateDog\ouc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 PhontonDashboardService;Photon dashboard service;c:\users\Konsowa\Documents\Photon\deploy\bin_Tools\dashboard\PhotonDashboard.exe;c:\users\Konsowa\Documents\Photon\deploy\bin_Tools\dashboard\PhotonDashboard.exe [x]
    R4 Photon Socket Server: Default;Photon Socket Server: Default;c:\users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocketServer.exe;c:\users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocketServer.exe [x]
    R4 Photon Socket Server: LoadBalancing;Photon Socket Server: LoadBalancing;c:\users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocketServer.exe;c:\users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocketServer.exe [x]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
    R4 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130725.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130725.001\IDSvia64.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [x]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
    S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
    S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Konsowa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
    IE: Free YouTube Download - c:\users\Konsowa\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
    IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
    LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
    TCP: Interfaces\{1CFCBFF4-A3BE-4BCD-B59C-BC570DDDC709}: NameServer = 213.131.65.20 213.131.66.246
    TCP: Interfaces\{44BAA6BC-7532-4FA6-9738-AB5E49198948}: NameServer = 213.131.65.20 213.131.66.246
    TCP: Interfaces\{D99268AF-4CBF-4C65-9C2B-146A58A9BB5C}: NameServer = 8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\users\Konsowa\AppData\Roaming\Mozilla\Firefox\Profiles\67zcrcqj.default-1374416997754\
    FF - ExtSQL: 2013-07-19 23:48; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: 2013-07-20 04:14; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn
    FF - ExtSQL: 2013-07-21 03:34; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-BlackBerry_Desktop - c:\program files (x86)\Research In Motion\BlackBerry Desktop\InstallerUtils\InstallerUtils.exe
    AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
    AddRemove-P2Pcontrol - c:\program files (x86)\P2Pcontrol\uninst.exe
    AddRemove-SuddenAttackNA - c:\programdata\NexonUS\NGM\NGM.exe
    AddRemove-NCsoft-Lineage2 - c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
    --
    "ImagePath"="\"c:\users\Konsowa\Documents\Photon\deploy\bin_Tools\dashboard\PhotonDashboard.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Photon Socket Server: Default]
    "ImagePath"="c:\users\Konsowa\Documents\Photon\deploy\bin_Win64\PhotonSocketServer.exe /service Default"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Photon Socket Server: LoadBalancing]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WINIO]
    "ImagePath"="8ý\18"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Konsowa\AppData\Local\Temp\005104D.tmp"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\users\Konsowa\AppData\Local\Temp\008561.tmp"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
    "ImagePath"="c:\windows\system32\xsherlock.xem"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3920387077-942025914-700066375-1000\Software\SecuROM\License information*]
    "datasecu"=hex:58,e4,30,e6,f1,53,79,fb,7c,c0,37,bd,57,9f,3d,4e,4f,d4,ab,96,89,
    62,d3,47,47,d7,c2,5f,57,18,c7,59,3d,20,fd,d4,2a,95,52,0d,aa,7f,f7,e8,69,fc,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_USERS\S-1-5-21-3920387077-942025914-700066375-1000_Classes\Wow6432Node\CLSID\{4b8f6ff0-597d-4d60-ad54-3ebcf90d5e38}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000039
    "Therad"=dword:00000010
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-3920387077-942025914-700066375-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):a5,6f,76,8e,64,00,bc,54,44,25,d7,6e,60,49,d6,a1,8d,47,77,c7,c6,
    2d,e2,8f,8f,9c,bd,7d,5e,da,1a,79,9f,a5,4d,d1,6e,12,c6,46,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-07-26 14:38:55
    ComboFix-quarantined-files.txt 2013-07-26 12:38
    .
    Pre-Run: 114,272,223,232 bytes free
    Post-Run: 114,100,084,736 bytes free
    .
    - - End Of File - - 574186AE220EC011F5C877E27D8ECB5C
    D41D8CD98F00B204E9800998ECF8427E
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1104190