1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus in the home network

Discussion in 'Virus & Other Malware Removal' started by sweety_pie, Feb 4, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    I´m getting huge amounts of advertisements poping up. They´re driving me nuts. My host dad wanted me to have my computer checked, because he had a nasty virus. Can you help? Below are the files you requested: :confused:

    I have a Lenovo Thinkpad edge with Windows 7.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:45:51, on 04.02.2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
    C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe
    C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe
    C:\Users\francisca\AppData\Local\Smartbar\Application\SnapDo.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
    C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
    C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
    C:\Users\francisca\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe
    c:\program files (x86)\real\realplayer\RealPlay.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Vert...020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=ad...AyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Vert...020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Vert...020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
    O2 - BHO: Unfriend Checker - {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dll
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
    O2 - BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll
    O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
    O2 - BHO: CrossriderApp0005058 - {11111111-1111-1111-1111-110011501158} - C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll
    O2 - BHO: ZD Manager IE Plugin - {18D6D197-45BB-465B-ADC0-274A70B49B55} - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (file missing)
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
    O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
    O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
    O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    O2 - BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
    O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Privacy SafeGuard - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
    O2 - BHO: CouponAmazing - {A59D1D83-8A40-4FA5-9CC9-749D4D7BD472} - C:\Users\francisca\AppData\Local\couponamazing\ie\couponamazing_1357698002.dll
    O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
    O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
    O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
    O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
    O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
    O3 - Toolbar: Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
    O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
    O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
    O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
    O4 - HKLM\..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
    O4 - HKLM\..\Run: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    O4 - HKLM\..\Run: [SMessaging] C:\Users\francisca\AppData\Local\Strongvault Online Backup\SMessaging.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5075ED5FA5DD9B9ED5ED20BB82467041] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
    O4 - HKCU\..\Run: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"
    O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\francisca\AppData\Local\Smartbar\Application\SnapDo.exe startup
    O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
    O4 - Global Startup: StrongVaultApp.exe
    O4 - Global Startup: StrongVaultApp.exe.lnk = francisca\AppData\Local\StrongVault\StrongVaultApp.exe
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{541A4C82-EE27-4696-B0AB-468336D8D3F8}: NameServer = 216.146.35.240,216.146.36.240,192.168.17.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{541A4C82-EE27-4696-B0AB-468336D8D3F8}: NameServer = 216.146.35.240,216.146.36.240,192.168.17.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{541A4C82-EE27-4696-B0AB-468336D8D3F8}: NameServer = 216.146.35.240,216.146.36.240,192.168.17.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    O23 - Service: 24x7HelpService (24x7HelpSvc) - PCRx.com, LLC - C:\Program Files (x86)\24x7Help\App24x7Svc.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.exe
    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
    O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
    O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: TrueSuiteService (FPLService) - AuthenTec, Inc - C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
    O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
    O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: Intel(R) Small Business Advantage - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
    O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
    O23 - Service: Service Sendori - sendori - C:\Program Files (x86)\Sendori\Sendori.Service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: sndappv2 - Sendori - C:\Program Files (x86)\Sendori\sndappv2.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
    O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Updater Service for AMZN - Unknown owner - C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    O23 - Service: Yahoo! NanoClient Service (YNanoService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
    O23 - Service: ZDManager Service - Unknown owner - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    --
    End of file - 27246 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by francisca at 19:38:59 on 2013-02-04
    Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3685.1400 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\24x7Help\App24x7Svc.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\CxAudMsg64.exe
    C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
    C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    C:\Windows\system32\dmwu.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\SysWOW64\SAsrv.exe
    C:\Program Files (x86)\Sendori\sndappv2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
    C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files (x86)\Sendori\Sendori.Service.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe
    C:\Users\francisca\AppData\Local\Smartbar\Application\SnapDo.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
    C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\24x7Help\App24x7Help.exe
    C:\Program Files (x86)\24x7Help\App24x7Hook.exe
    C:\Program Files (x86)\24x7Help\App24x7Hook64.exe
    C:\Windows\SysWOW64\schtasks.exe
    C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
    C:\Program Files (x86)\Sendori\SendoriUp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
    C:\Windows\system32\rundll32.exe
    C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Mozilla FireFox\firefox.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Mozilla FireFox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
    C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe
    C:\Users\francisca\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uSearch Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
    mStart Page = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
    uSearchAssistant = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
    mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    mURLSearchHooks: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
    BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dll
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
    BHO: InfoAtoms: {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll
    BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
    BHO: Shopping Sidekick: {11111111-1111-1111-1111-110011501158} - C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll
    BHO: ZD Manager IE Plugin: {18D6D197-45BB-465B-ADC0-274A70B49B55} - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -
    BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
    BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
    BHO: CouponAmazing: {A59D1D83-8A40-4FA5-9CC9-749D4D7BD472} - C:\Users\francisca\AppData\Local\couponamazing\ie\couponamazing_1357698002.dll
    BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
    BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    TB: TrueSuite Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
    TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    uRun: [GoogleChromeAutoLaunch_5075ED5FA5DD9B9ED5ED20BB82467041] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    uRun: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
    uRun: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"
    uRun: [Browser Infrastructure Helper] C:\Users\francisca\AppData\Local\Smartbar\Application\SnapDo.exe startup
    uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
    mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
    mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
    mRun: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
    mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    mRun: [SMessaging] C:\Users\francisca\AppData\Local\Strongvault Online Backup\SMessaging.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: C:\Windows\System32\Sendori.dll
    TCP: NameServer = 192.168.17.1
    TCP: Interfaces\{541A4C82-EE27-4696-B0AB-468336D8D3F8} : NameServer = 216.146.35.240,216.146.36.240,192.168.17.1
    TCP: Interfaces\{541A4C82-EE27-4696-B0AB-468336D8D3F8} : DHCPNameServer = 192.168.17.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
    x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
    x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll
    x64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
    x64-TB: TrueSuite Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
    x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
    x64-Run: [TpShocks] TpShocks.exe
    x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110801&tt=0313_3&babsrc=HP_ss&mntrId=54023b68000000000000b888e32f6238
    FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMSS.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - ExtSQL: 2012-12-08 21:44; [email protected]; C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected]
    FF - ExtSQL: 2013-01-18 21:35; {336D0C35-8A85-403a-B9D2-65C292C39087}; C:\Program Files\IB Updater\Firefox
    FF - ExtSQL: 2013-01-18 21:36; [email protected]; C:\Program Files (x86)\Unfriend Checker\FF
    FF - ExtSQL: 2013-01-20 21:08; {58bd07eb-0ee0-4df0-8121-dc9b693373df}; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
    FF - ExtSQL: !HIDDEN! 2012-10-25 18:00; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2012-12-08 21:44; [email protected]; C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-5-31 70416]
    R0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-31 16152]
    R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-28 25416]
    R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-1-30 33344]
    R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-12-8 394392]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
    R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-2-21 1014096]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-2-21 1104208]
    R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-1-20 2550224]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
    R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-5-31 198784]
    R2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-11-14 568832]
    R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-1-24 107520]
    R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-9 8447848]
    R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-5-31 169776]
    R2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-22 313672]
    R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2013-1-18 188760]
    R2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2013-1-18 1261936]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-31 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-31 163608]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-5-31 58192]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-3-27 101736]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-5-31 61264]
    R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-5-31 175440]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-3-27 133992]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
    R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
    R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-3-27 145256]
    R2 TPHKSVC;Anzeige am Bildschirm;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-3-27 144960]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-31 363800]
    R2 Updater Service for AMZN;Updater Service for AMZN;C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-5-22 222368]
    R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-9 84080]
    R2 YNanoService;Yahoo! NanoClient Service;C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [2012-7-25 157016]
    R2 ZDManager Service;ZDManager Service;C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-12-27 176640]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-25 2669840]
    R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-5-31 216064]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-2-21 1304912]
    R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-31 331264]
    R3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-31 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-31 786200]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
    R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-5-31 1662528]
    R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-5-31 259688]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-31 565352]
    R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]
    R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-5-31 27432]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-2-2 145472]
    S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-5-31 49376]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
    S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-11-30 94720]
    S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-30 747008]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
    S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-2-14 60928]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-25 273168]
    S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-5-31 1665088]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
    S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]
    S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-3 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-02-04 16:54:38 -------- d-----w- C:\Users\francisca\AppData\Local\Amazon Browser Bar
    2013-02-04 16:54:26 -------- d-----w- C:\Program Files (x86)\Amazon Browser Bar
    2013-02-04 16:54:19 -------- d-----w- C:\Users\francisca\AppData\Local\NanoService
    2013-02-04 16:54:18 -------- d-----w- C:\Users\francisca\AppData\Local\Yahoo!
    2013-02-04 16:54:13 -------- d--h--w- C:\Windows\msdownld.tmp
    2013-02-03 18:33:33 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BEB19B4-33E8-4776-AC21-0590480FEF21}\offreg.dll
    2013-02-02 02:12:11 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BEB19B4-33E8-4776-AC21-0590480FEF21}\mpengine.dll
    2013-01-24 19:30:21 -------- d-----w- C:\Users\francisca\AppData\Roaming\Optimizer Pro
    2013-01-24 19:25:13 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
    2013-01-24 19:24:57 -------- d-----w- C:\Program Files (x86)\DefaultTab
    2013-01-24 19:24:53 -------- d-----w- C:\Users\francisca\AppData\Roaming\DefaultTab
    2013-01-24 19:24:43 -------- d-----w- C:\ProgramData\ZDManagerService
    2013-01-24 19:24:42 -------- d-----w- C:\Program Files (x86)\ZD Systems
    2013-01-24 19:24:33 -------- d-----w- C:\Program Files (x86)\Yontoo
    2013-01-24 19:24:29 -------- d-----w- C:\ProgramData\Tarma Installer
    2013-01-22 01:33:10 -------- d-----w- C:\Users\francisca\AppData\Local\Macromedia
    2013-01-22 01:26:41 -------- d-----w- C:\ProgramData\McAfee Security Scan
    2013-01-22 01:26:39 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
    2013-01-21 02:25:31 1700864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM9.dll
    2013-01-21 02:25:31 1700864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM8.dll
    2013-01-21 02:25:30 1702912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM6.dll
    2013-01-21 02:25:30 1701376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM7.dll
    2013-01-21 02:25:29 1702912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM5.dll
    2013-01-21 02:25:29 1702400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM4.dll
    2013-01-21 02:25:29 1701376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM11.dll
    2013-01-21 02:25:29 1701376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM10.dll
    2013-01-21 02:10:00 -------- d-----w- C:\Users\francisca\AppData\Local\Mozilla
    2013-01-21 02:08:59 -------- d-----w- C:\Windows\SysWow64\searchplugins
    2013-01-21 02:08:59 -------- d-----w- C:\Windows\SysWow64\Extensions
    2013-01-21 02:08:56 -------- d-----w- C:\Users\francisca\AppData\Roaming\BabSolution
    2013-01-21 02:08:53 -------- d-----w- C:\ProgramData\BrowserProtect
    2013-01-21 02:08:49 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
    2013-01-21 02:08:35 -------- d-----w- C:\Program Files (x86)\PricePeep
    2013-01-21 02:08:27 -------- d-----w- C:\Users\francisca\AppData\Roaming\Babylon
    2013-01-21 02:08:27 -------- d-----w- C:\ProgramData\Babylon
    2013-01-21 01:47:09 -------- d-----w- C:\ProgramData\Uniblue
    2013-01-19 02:41:36 -------- d-----w- C:\Program Files (x86)\Flash Player Pro
    2013-01-19 02:37:29 -------- d-----w- C:\Users\francisca\AppData\Roaming\Uniblue
    2013-01-19 02:37:26 -------- d-----w- C:\Program Files (x86)\Uniblue
    2013-01-19 02:36:30 321384 ----a-w- C:\Windows\SysWow64\Sendori.dll
    2013-01-19 02:36:27 -------- d-----w- C:\ProgramData\Sendori
    2013-01-19 02:36:25 -------- d-----w- C:\Program Files (x86)\Sendori
    2013-01-19 02:36:16 -------- d-----w- C:\Program Files (x86)\Unfriend Checker
    2013-01-19 02:36:02 -------- d-----w- C:\Program Files (x86)\Perion
    2013-01-19 02:35:57 -------- d-----w- C:\Program Files (x86)\Incredibar.com
    2013-01-19 02:35:49 35328 ----a-w- C:\Windows\System32\ImHttpComm.dll
    2013-01-19 02:35:49 1261936 ----a-w- C:\Windows\System32\dmwu.exe
    2013-01-19 02:35:49 -------- d-----w- C:\Windows\SysWow64\WNLT
    2013-01-19 02:35:49 -------- d-----w- C:\Windows\System32\ARFC
    2013-01-19 02:35:47 -------- d-----w- C:\Program Files\IB Updater
    2013-01-10 23:26:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-01-09 02:27:41 -------- d-----w- C:\Users\francisca\AppData\Roaming\RealNetworks
    2013-01-09 02:27:34 -------- d-----w- C:\Users\francisca\AppData\Local\Real
    2013-01-09 02:27:18 -------- d-----w- C:\Program Files (x86)\RealNetworks
    2013-01-09 02:27:15 -------- d-----w- C:\ProgramData\RealNetworks
    2013-01-09 02:27:05 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2013-01-09 02:26:52 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2013-01-09 02:26:52 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-01-09 02:24:20 -------- d-----w- C:\Users\francisca\AppData\Local\couponamazing
    2013-01-09 02:23:47 -------- d-----w- C:\Users\francisca\AppData\Local\Smartbar
    .
    ==================== Find3M ====================
    .
    2013-01-22 01:26:36 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-22 01:26:36 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 19:39:15,04 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 13.07.2012 12:59:05
    System Uptime: 04.02.2013 18:44:46 (1 hours ago)
    .
    Motherboard: LENOVO | | 325979G
    Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU Socket - U3E1 | 2185/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 385,157 GiB free.
    D: is CDROM (UDF)
    Q: is FIXED (NTFS) - 14 GiB total, 0,386 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C4700 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C4700 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    24x7 Help
    64 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.5) MUI
    Amazon Browser Bar
    Anzeige am Bildschirm
    AOL Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AuthenTec TrueSuite
    Babylon Chrome Toolbar
    Babylon toolbar
    blinkx beat
    Bonjour
    BrowserProtect
    BufferChm
    Burn.Now 4.5
    C4700
    Conexant HD Audio
    Corel Burn.Now Lenovo Edition
    Corel DVD MovieFactory 7
    Corel DVD MovieFactory Lenovo Edition
    Corel WinDVD
    Coupon Printer for Windows
    couponamazing
    Create Recovery Media
    D3DX10
    DefaultTab
    Destinations
    DeviceDiscovery
    Die Sims™ 3
    Die Sims™ 3 Reiseabenteuer
    Direct DiscRecorder
    DisplayLink Core Software
    Download Updater (AOL Inc.)
    Energie-Manager
    Evernote v. 4.2.3
    Flash Player Pro V5.4
    Funmoods
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP Photo Creations
    HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    IB Updater 2.0.0.530
    IB Updater Service
    Incredibar Toolbar on IE
    InfoAtoms
    Integrated Camera Driver Installer Package Ver.1.2.1.16
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) Update Manager
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel(R) WiDi
    Intel(R) Wireless Display
    Intel® PROSet/Wireless WiFi-Software
    Intel® Trusted Connect Service Client
    iTunes
    Junk Mail filter update
    Lenovo Auto Scroll Utility
    Lenovo Graphics Software
    Lenovo Patch Utility
    Lenovo Patch Utility 64 bit
    Lenovo Registration
    Lenovo SimpleTap
    Lenovo Solution Center
    Lenovo Solutions for Small Business
    Lenovo Solutions for Small Business Customizations
    Lenovo System Update
    Lenovo User Guide
    Lenovo Warranty Information
    Lenovo Welcome
    MarketResearch
    McAfee Security Scan Plus
    Mesh Runtime
    Message Center Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (German) 2007
    Microsoft Office Excel MUI (German) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (German) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (German) 2007
    Microsoft Office PowerPoint MUI (German) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Italian) 2007
    Microsoft Office Proofing (German) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (German) 2007
    Microsoft Office Shared 64-bit MUI (German) 2007
    Microsoft Office Shared MUI (German) 2007
    Microsoft Office Word MUI (German) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Firefox Packages
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network64
    Optimizer Pro v3.0
    Origin
    PC Fix Speed 1.2.0.24
    PlayBryte
    PricePeep
    Privacy SafeGuard version 1.1
    PS_AIO_06_C4700_SW_Min
    QuickTransfer
    RapidBoot
    RapidBoot HDD Accelerator
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    RealUpgrade 1.1
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Sendori
    Shop for HP Supplies
    Shopping Sidekick
    Skype™ 6.0
    SmartWebPrinting
    SMPlayer 0.6.9
    Snap.Do
    Snap.Do Engine
    SolutionCenter
    Status
    Strongvault Online Backup
    SugarSync Manager
    The Weather Channel App
    The Weather Channel Desktop 6
    ThinkPad Power Management Driver
    ThinkPad UltraNav Driver
    ThinkVantage Communications Utility
    ThinkVantage System für aktiven Festplattenschutz
    Toolbox
    TrayApp
    Unfriend Checker
    Uniblue DriverScanner
    Update für Microsoft Office Excel 2007 Help (KB963678)
    Update für Microsoft Office Outlook 2007 Help (KB963677)
    Update für Microsoft Office Powerpoint 2007 Help (KB963669)
    Update für Microsoft Office Word 2007 Help (KB963665)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    VIP Access
    Wajam
    WebReg
    Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032)
    Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
    Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotogalerie
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX control for remote connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Axis
    Yahoo! Software Update
    Yahoo! Toolbar
    Yontoo 1.12.02
    ZD Manager
    .
    ==== End Of File ===========================

    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-04 19:44:56
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.GH2Z 465,76GB
    Running: 9o8knkni.exe; Driver: C:\Users\FRANCI~1\AppData\Local\Temp\kwtoruod.sys

    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2684] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000717811a8 2 bytes [78, 71]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000007178127d 2 bytes [78, 71]
    .text ... * 6
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000717813a8 2 bytes [78, 71]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000071781422 2 bytes [78, 71]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000071781498 2 bytes [78, 71]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000069fe1825 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000069fe1830 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 0000000069fe183b 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000069fe1846 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000069fe1851 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 0000000069fe185c 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000069fe1867 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000069fe1872 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 0000000069fe187d 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000069fe1888 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000069fe1893 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 0000000069fe189e 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 0000000069fe18a9 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 0000000069fe18b4 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 0000000069fe18bf 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 0000000069fe18ca 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 0000000069fe18d5 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 0000000069fe18e0 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 0000000069fe18eb 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 0000000069fe18f6 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000069fe1901 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 0000000069fe190c 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000069fe1917 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000069fe1922 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 0000000069fe192d 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000069fe1938 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000069fe1943 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 0000000069fe194e 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000069fe1959 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000069fe1964 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 0000000069fe196f 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 0000000069fe197a 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000069fe1985 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000069fe1990 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 0000000069fe199b 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 0000000069fe19a6 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 0000000069fe19b1 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 0000000069fe19bc 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 0000000069fe19c7 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 0000000069fe19d2 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 0000000069fe19dd 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 0000000069fe19e8 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 0000000069fe19f3 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 0000000069fe19fe 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000069fe1a09 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000069fe1a14 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000069fe1a1f 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000069fe1a2a 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000069fe1a35 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000069fe1a40 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000069fe1a4b 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000069fe1a56 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000069fe1a61 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000069fe1a6c 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000069fe1a77 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000069fe1a82 2 bytes [FE, 69]
    .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000069fe1ab2 2 bytes [FE, 69]
    .text C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe[4480] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Users\francisca\AppData\Local\Smartbar\Application\SnapDo.exe[4496] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2052] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe[3944] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe[5208] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5272] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7096] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[4400] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x7cba28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x7cba68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x7cb9a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x7cb928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x7cbb28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x7cbb68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x7cbae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x7cbaa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x7cb868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x7cb8a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x7cb828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x7cb9e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x7cb968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x7cb8e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x46d628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x46d668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x46d5a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x46d528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x46d728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x46d768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x46d6e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x46d6a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x46d468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x46d4a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x46d428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x46d5e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x46d568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x46d4e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0xaeee28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0xaeee68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0xaeeda8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0xaeed28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0xaeef28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0xaeef68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0xaeeee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0xaeeea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0xaeec68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0xaeeca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0xaeec28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0xaeede8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0xaeed68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0xaeece8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x472628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x472668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x4725a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x472528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x472728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x472768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x4726e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x4726a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x472468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x4724a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x472428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x4725e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x472568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x4724e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x2d3628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x2d3668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x2d35a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x2d3528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x2d3728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x2d3768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x2d36e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x2d36a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x2d3468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x2d34a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x2d3428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x2d35e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x2d3568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x2d34e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x46aa28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x46aa68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x46a9a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x46a928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x46ab28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x46ab68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x46aae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x46aaa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x46a868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x46a8a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x46a828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x46a9e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x46a968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x46a8e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x36ae28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x36ae68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x36ada8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x36ad28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x36af28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x36af68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x36aee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x36aea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x36ac68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x36aca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x36ac28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x36ade8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x36ad68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x36ace8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x76b228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x76b268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x76b1a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x76b128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x76b328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x76b368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x76b2e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x76b2a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x76b068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x76b0a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x76b028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x76b1e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x76b168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x76b0e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0xf2ae28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0xf2ae68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0xf2ada8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0xf2ad28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0xf2af28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0xf2af68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0xf2aee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0xf2aea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0xf2ac68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0xf2aca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0xf2ac28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0xf2ade8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0xf2ad68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0xf2ace8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0xfbae28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0xfbae68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0xfbada8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0xfbad28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0xfbaf28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0xfbaf68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0xfbaee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0xfbaea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0xfbac68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0xfbaca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0xfbac28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0xfbade8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0xfbad68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0xfbace8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x610228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x610268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x6101a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x610128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x610328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x610368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x6102e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x6102a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x610068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x6100a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x610028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x6101e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x610168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x6100e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x713628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x713668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x7135a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x713528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x713728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x713768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x7136e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x7136a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x713468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x7134a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x713428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x7135e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x713568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x7134e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x886228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x886268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x8861a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x886128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x886328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x886368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x8862e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x8862a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x886068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x8860a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x886028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x8861e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x886168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x8860e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0xadea28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0xadea68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0xade9a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0xade928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0xadeb28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0xadeb68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0xadeae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0xadeaa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0xade868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0xade8a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0xade828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0xade9e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0xade968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0xade8e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x6a5a28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x6a5a68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x6a59a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x6a5928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x6a5b28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x6a5b68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x6a5ae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x6a5aa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x6a5868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x6a58a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x6a5828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x6a59e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x6a5968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x6a58e8; JMP RDX}
    .text C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe[9172] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000766387b1 5 bytes [33, C0, C2, 04, 00]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[10648] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[11096] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077a1f99b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077a1fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077a1fa17 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077a1fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077a1fb2f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077a1fbdf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077a1fc0f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077a1fc27 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077a1fc3f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077a1fc6f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077a1fcef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077a1fd07 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077a1fd53 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077a1fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077a1fdb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077a1fe4b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077a1ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077a1ff93 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 8 bytes {MOV EDX, 0x90028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077a200a3 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077a20781 8 bytes {MOV EDX, 0x90268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077a2078b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077a20ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077a21007 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077a2105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077a21067 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077a210af 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077a21127 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077a2132b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007663103d 5 bytes JMP 0000000100010030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076631072 5 bytes JMP 0000000100010070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000076cd119f 5 bytes JMP 0000000100020030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000076cd11cf 5 bytes JMP 0000000100020070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076b64de0 5 bytes JMP 00000001001203b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076b64f70 5 bytes JMP 00000001001205f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000076b651a2 5 bytes JMP 00000001001208f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000076b6522d 5 bytes JMP 0000000100120a30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076b65689 5 bytes JMP 00000001001201b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b658b3 5 bytes JMP 0000000100120170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076b66bad 5 bytes JMP 0000000100120370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076b66e05 5 bytes JMP 0000000100120570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000076b66ead 5 bytes JMP 0000000100120530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076b67180 5 bytes JMP 00000001001206b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076b67435 5 bytes JMP 0000000100120770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b67bcc 5 bytes JMP 00000001001200b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076b67dc4 5 bytes JMP 00000001001203f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076b67fd5 5 bytes JMP 0000000100120d70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000076b682b2 5 bytes JMP 0000000100120e30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000076b68401 5 bytes JMP 00000001001209f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000076b6879f 5 bytes JMP 00000001001202f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076b68916 5 bytes JMP 00000001001205b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076b68b7a 5 bytes JMP 0000000100120970
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000076b68ee6 5 bytes JMP 0000000100120470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076b69875 5 bytes JMP 0000000100120c70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000076b69936 5 bytes JMP 0000000100120d30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000076b6a53a 5 bytes JMP 00000001001209b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000076b6af9f 5 bytes JMP 0000000100120330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!LineTo 0000000076b6b9e5 5 bytes JMP 0000000100120430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000076b6bd55 5 bytes JMP 0000000100120db0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000076b6c040 5 bytes JMP 0000000100120130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000076b6c107 5 bytes JMP 0000000100120670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000076b6c269 5 bytes JMP 00000001001206f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000076b6d1f1 5 bytes JMP 0000000100120df0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000076b6d349 5 bytes JMP 0000000100120630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000076b6dce4 5 bytes JMP 0000000100120930
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b6e743 5 bytes JMP 00000001001200f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000076b703b7 5 bytes JMP 00000001001202b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!Escape 0000000076b71bda 5 bytes JMP 0000000100120270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000076b71e89 5 bytes JMP 0000000100120cf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000076b74843 5 bytes JMP 0000000100120b30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000076b75690 5 bytes JMP 0000000100120b70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!EndPage 0000000076b76bde 5 bytes JMP 0000000100120230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000076b7e2db 5 bytes JMP 0000000100120ab0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 0000000076b8940d 5 bytes JMP 0000000100120cb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 0000000076b8c621 5 bytes JMP 0000000100120bb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 0000000076b8d2b2 5 bytes JMP 0000000100120bf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 0000000076b8d919 5 bytes JMP 0000000100120c30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076b93adc 5 bytes JMP 0000000100120030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000076b93f29 5 bytes JMP 00000001001201f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!StartPage 0000000076b9401a 5 bytes JMP 0000000100120730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076b94c51 5 bytes JMP 00000001001207f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!BeginPath 0000000076b953fd 5 bytes JMP 0000000100120830
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076b95454 5 bytes JMP 0000000100120af0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!CloseFigure 0000000076b954af 5 bytes JMP 0000000100120070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076b95506 5 bytes JMP 0000000100120a70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!StrokePath 0000000076b9573f 5 bytes JMP 00000001001207b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!FillPath 0000000076b957d2 5 bytes JMP 0000000100120870
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000076b95c44 5 bytes JMP 00000001001204f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000076b95cd5 5 bytes JMP 00000001001204b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000076b95d87 5 bytes JMP 00000001001208b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!MapWindowPoints 00000000751b8c40 5 bytes JMP 0000000100130570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000751b9ebd 5 bytes JMP 00000001001302b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000751c0afa 5 bytes JMP 00000001001302f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000751c0c62 7 bytes JMP 00000001001305b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetParent 00000000751c0f68 7 bytes JMP 00000001001306f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!IsWindowVisible 00000000751c112d 7 bytes JMP 00000001001306b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000751c12a5 5 bytes JMP 00000001001305f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!ScreenToClient 00000000751c227d 7 bytes JMP 0000000100130670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000751c3150 7 bytes JMP 0000000100130630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!SetCursor 00000000751c41f6 5 bytes JMP 0000000100130530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000751c68ef 5 bytes JMP 0000000100130270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000751c77fa 5 bytes JMP 0000000100130230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetTopWindow 00000000751c7887 7 bytes JMP 0000000100130730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000751c8676 5 bytes JMP 00000001001300f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000751c8696 5 bytes JMP 0000000100130330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000751c8e8d 5 bytes JMP 00000001001300b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!OpenClipboard 00000000751c8ecb 5 bytes JMP 0000000100130070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 00000000751cc17b 5 bytes JMP 0000000100130430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 00000000751cc449 5 bytes JMP 00000001001301b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 00000000751cc468 5 bytes JMP 00000001001303f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 00000000751cc486 5 bytes JMP 00000001001301f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000751cc4b6 5 bytes JMP 00000001001304b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000751cd6c0 5 bytes JMP 00000001001304f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 00000000751ce360 5 bytes JMP 0000000100130370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000751f8e57 5 bytes JMP 0000000100130170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000751f9cfd 5 bytes JMP 0000000100130770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000751f9f1d 5 bytes JMP 0000000100130030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075217cb9 5 bytes JMP 0000000100130130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000075218111 5 bytes JMP 0000000100130470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007521832f 5 bytes JMP 00000001001303b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000750f9606 5 bytes JMP 00000001001400f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000075100581 5 bytes JMP 0000000100140130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000075100bb9 5 bytes JMP 0000000100140270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000075100c2e 5 bytes JMP 00000001001401b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000075100f2e 5 bytes JMP 0000000100140070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000075101096 5 bytes JMP 00000001001400b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007510124e 5 bytes JMP 00000001001401f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 000000007510129d 5 bytes JMP 0000000100140230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000075101527 5 bytes JMP 0000000100140030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000075101590 5 bytes JMP 0000000100140170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000076910045 5 bytes JMP 0000000100150030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000769136b2 5 bytes JMP 0000000100150070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\ole32.dll!OleGetClipboard 000000007693fdcd 5 bytes JMP 00000001001500b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    ? C:\Windows\system32\mssprxy.dll [6008] entry point in ".rdata" section 00000000739f71e6
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Program Files\Internet Explorer\iexplore.exe[11272] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefe6a4ed0 9 bytes [68, 78, 03, A4, 02, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[11272] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc265c54 7 bytes [68, 08, 03, A4, 02, C3, CC]
    .text C:\Program Files\Internet Explorer\iexplore.exe[11272] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc265c64 9 bytes [68, 40, 03, A4, 02, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[11272] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefe5b17a0 9 bytes [68, B0, 03, A4, 02, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 000000007783f548 7 bytes JMP 00000001030408b8
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 000000007784b0ac 7 bytes JMP 00000001030408f0
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\kernel32.dll!CreateThread 00000000772b6580 9 bytes JMP 0000000103040810
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff8475f0 7 bytes [68, 28, 09, 04, 03, C3, CC]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefe641180 10 bytes [68, 08, 0A, 04, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefe641320 7 bytes [68, 98, 09, 04, 03, C3, CC]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefe644450 6 bytes [68, 60, 09, 04, 03, C3]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefe646720 10 bytes [68, D0, 09, 04, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefe6a4ed0 9 bytes [68, 78, 03, 04, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc265c54 7 bytes [68, 08, 03, 04, 03, C3, CC]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc265c64 9 bytes [68, 40, 03, 04, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\comdlg32.dll!PrintDlgW 000007fefe5b1164 9 bytes [68, A8, 05, 04, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefe5b17a0 9 bytes [68, B0, 03, 04, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\comdlg32.dll!PrintDlgA 000007fefe5e0240 6 bytes [68, E0, 05, 04, 03, C3]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
    .text ... * 9
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
    .text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
    ---- Threads - GMER 2.0 ----
    Thread C:\Windows\System32\svchost.exe [696:10980] 000007feec393efc
    Thread C:\Windows\System32\svchost.exe [696:11080] 000007feec4a8a4c
    Thread C:\Windows\System32\svchost.exe [2988:12492] 000007fee8da9688
    ---- Registry - GMER 2.0 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d434429fa
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 1826
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d434429fa (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)
    ---- Disk sectors - GMER 2.0 ----
    Disk \Device\Harddisk0\DR0 unknown MBR code
    ---- EOF - GMER 2.0 ----
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    Please download AdwCleaner from here to your desktop

    Run AdwCleaner and select "Search" (do not select "Delete" at this time)

    Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
  4. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    # AdwCleaner v2.111 - Datei am 08/02/2013 um 19:26:50 erstellt
    # Aktualisiert am 05/02/2013 von Xplode
    # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
    # Benutzer : francisca - FRANCISCA-THINK
    # Bootmodus : Normal
    # Ausgeführt unter : C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\AdwCleaner.exe
    # Option [Suche]

    **** [Dienste] ****
    Gefunden : 24x7HelpSvc
    Gefunden : BrowserProtect
    Gefunden : DefaultTabSearch
    Gefunden : DefaultTabUpdate
    Gefunden : IB Updater
    Gefunden : IBUpdaterService
    Gefunden : WajamUpdater
    ***** [Dateien / Ordner] *****
    Datei Gefunden : C:\END
    Datei Gefunden : C:\user.js
    Datei Gefunden : C:\Users\francisca\AppData\Local\funmoods.crx
    Datei Gefunden : C:\Users\francisca\AppData\Local\funmoods-speeddial_sf.crx
    Datei Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
    Datei Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
    Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\bprotector_extensions.sqlite
    Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\bprotector_prefs.js
    Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
    Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
    Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\search-here.xml
    Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\Web Search.xml
    Ordner Gefunden : C:\Program Files (x86)\BabylonToolbar
    Ordner Gefunden : C:\Program Files (x86)\Common Files\Software Update Utility
    Ordner Gefunden : C:\Program Files (x86)\DealPly
    Ordner Gefunden : C:\Program Files (x86)\DefaultTab
    Ordner Gefunden : C:\Program Files (x86)\Funmoods
    Ordner Gefunden : C:\Program Files (x86)\incredibar.com
    Ordner Gefunden : C:\Program Files (x86)\Optimizer Pro
    Ordner Gefunden : C:\Program Files (x86)\Perion
    Ordner Gefunden : C:\Program Files (x86)\Playbryte
    Ordner Gefunden : C:\Program Files (x86)\PricePeep
    Ordner Gefunden : C:\Program Files (x86)\Wajam
    Ordner Gefunden : C:\Program Files (x86)\Yontoo
    Ordner Gefunden : C:\Program Files\IB Updater
    Ordner Gefunden : C:\ProgramData\Babylon
    Ordner Gefunden : C:\ProgramData\BrowserProtect
    Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
    Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
    Ordner Gefunden : C:\ProgramData\Partner
    Ordner Gefunden : C:\ProgramData\Tarma Installer
    Ordner Gefunden : C:\Users\FRANCI~1\AppData\Local\Temp\Smartbar
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Smartbar
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Wajam
    Ordner Gefunden : C:\Users\francisca\AppData\LocalLow\incredibar.com
    Ordner Gefunden : C:\Users\francisca\AppData\LocalLow\Playbryte
    Ordner Gefunden : C:\Users\francisca\AppData\LocalLow\Smartbar
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\24x7 Help
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\BabSolution
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Babylon
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\DefaultTab
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Funmoods
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Optimizer Pro
    Ordner Gefunden : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
    Ordner Gefunden : C:\Windows\SysWOW64\WNLT
    ***** [Registrierungsdatenbank] *****
    Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    Schlüssel Gefunden : HKCU\Software\24x7HELP
    Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
    Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DefaultTab
    Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PricePeep
    Schlüssel Gefunden : HKCU\Software\BabylonToolbar
    Schlüssel Gefunden : HKCU\Software\Cr_Installer
    Schlüssel Gefunden : HKCU\Software\DataMngr
    Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
    Schlüssel Gefunden : HKCU\Software\DealPly
    Schlüssel Gefunden : HKCU\Software\Default Tab
    Schlüssel Gefunden : HKCU\Software\DefaultTab
    Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
    Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Schlüssel Gefunden : HKCU\Software\IM
    Schlüssel Gefunden : HKCU\Software\ImInstaller
    Schlüssel Gefunden : HKCU\Software\incredibar.com
    Schlüssel Gefunden : HKCU\Software\InstallCore
    Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
    Schlüssel Gefunden : HKCU\Software\Microsoft\Babylon
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Schlüssel Gefunden : HKCU\Software\Optimizer Pro
    Schlüssel Gefunden : HKCU\Software\SmartBar
    Schlüssel Gefunden : HKCU\Software\SmartbarBackup
    Schlüssel Gefunden : HKCU\Software\SmartbarLog
    Schlüssel Gefunden : HKCU\Software\Wajam
    Schlüssel Gefunden : HKCU\Software\WNLT
    Schlüssel Gefunden : HKCU\Software\5e2dedbb76eea49
    Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Schlüssel Gefunden : HKLM\Software\24x7HELP
    Schlüssel Gefunden : HKLM\Software\Babylon
    Schlüssel Gefunden : HKLM\Software\BabylonToolbar
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdate
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\f
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
    Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
    Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504458}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Schlüssel Gefunden : HKLM\Software\Conduit
    Schlüssel Gefunden : HKLM\Software\DataMngr
    Schlüssel Gefunden : HKLM\Software\Default Tab
    Schlüssel Gefunden : HKLM\Software\DefaultTab
    Schlüssel Gefunden : HKLM\Software\IB Updater
    Schlüssel Gefunden : HKLM\Software\incredibar.com
    Schlüssel Gefunden : HKLM\Software\InstallCore
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Schlüssel Gefunden : HKLM\Software\Playbryte
    Schlüssel Gefunden : HKLM\Software\Wajam
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\5e2dedbb76eea49
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502258}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055505558}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501158}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
    Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer
    Schlüssel Gefunden : HKU\S-1-5-21-4088704973-2131027104-1757421381-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Schlüssel Gefunden : HKU\S-1-5-21-4088704973-2131027104-1757421381-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
    Wert Gefunden : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
    Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
    Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
    Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
    Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48B8-9D63-80849FE137CB}]
    Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
    Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    ***** [Internet Browser] *****
    -\\ Internet Explorer v9.0.8112.16457
    [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
    [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
    [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
    -\\ Mozilla Firefox v18.0.1 (en-US)
    Datei : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\prefs.js
    Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Gefunden : user_pref("browser.search.selectedEngine", "Web Search");
    Gefunden : user_pref("browser.startup.homepage", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTech[...]
    Gefunden : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&[...]
    -\\ Google Chrome v24.0.1312.57
    Datei : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] Die Datei ist sauber.
    *************************
    AdwCleaner[R1].txt - [44425 octets] - [08/02/2013 19:26:50]
    ########## EOF - C:\AdwCleaner[R1].txt - [44486 octets] ##########
     
  5. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    Did you ever try to give me instructions via e-mail? Because if so, I didn´t receive any of your mails. :confused:
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    No. We don't assist by e-mail. Everything is done on the boards. But you should receive e-mail notification whenever I reply here so you know to come back and do the next tasks.

    Now, please run AdwCleaner again but this time select the "delete" option and allow the computer to reboot. Then post the resulting log.

    Have you installed Microsoft Security Essentials as your anti-virus program?
     
  7. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    Yes, I installed the Anti-virus programm. Here´s the log:
    # AdwCleaner v2.111 - Datei am 08/02/2013 um 22:29:39 erstellt
    # Aktualisiert am 05/02/2013 von Xplode
    # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
    # Benutzer : francisca - FRANCISCA-THINK
    # Bootmodus : Normal
    # Ausgeführt unter : C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD2AA1H6\AdwCleaner.exe
    # Option [Löschen]

    **** [Dienste] ****
    Gestoppt & Gelöscht : 24x7HelpSvc
    Gestoppt & Gelöscht : BrowserProtect
    Gestoppt & Gelöscht : DefaultTabSearch
    Gestoppt & Gelöscht : DefaultTabUpdate
    Gestoppt & Gelöscht : IB Updater
    Gestoppt & Gelöscht : IBUpdaterService
    Gestoppt & Gelöscht : WajamUpdater
    ***** [Dateien / Ordner] *****
    Datei Gelöscht : C:\END
    Datei Gelöscht : C:\user.js
    Datei Gelöscht : C:\Users\francisca\AppData\Local\funmoods.crx
    Datei Gelöscht : C:\Users\francisca\AppData\Local\funmoods-speeddial_sf.crx
    Datei Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
    Datei Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
    Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\bprotector_extensions.sqlite
    Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\bprotector_prefs.js
    Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
    Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\Conduit.xml
    Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\search-here.xml
    Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\Web Search.xml
    Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
    Gelöscht mit Neustart : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnbpjcckofijioeebipepekepoceodh
    Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
    Ordner Gelöscht : C:\Program Files (x86)\Common Files\Software Update Utility
    Ordner Gelöscht : C:\Program Files (x86)\Conduit
    Ordner Gelöscht : C:\Program Files (x86)\DealPly
    Ordner Gelöscht : C:\Program Files (x86)\DefaultTab
    Ordner Gelöscht : C:\Program Files (x86)\Funmoods
    Ordner Gelöscht : C:\Program Files (x86)\incredibar.com
    Ordner Gelöscht : C:\Program Files (x86)\OApps
    Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
    Ordner Gelöscht : C:\Program Files (x86)\Perion
    Ordner Gelöscht : C:\Program Files (x86)\Playbryte
    Ordner Gelöscht : C:\Program Files (x86)\PriceGong
    Ordner Gelöscht : C:\Program Files (x86)\PricePeep
    Ordner Gelöscht : C:\Program Files (x86)\VisualBee_V.1
    Ordner Gelöscht : C:\Program Files (x86)\Wajam
    Ordner Gelöscht : C:\Program Files (x86)\Yontoo
    Ordner Gelöscht : C:\Program Files\IB Updater
    Ordner Gelöscht : C:\ProgramData\Babylon
    Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
    Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
    Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
    Ordner Gelöscht : C:\ProgramData\Partner
    Ordner Gelöscht : C:\ProgramData\Tarma Installer
    Ordner Gelöscht : C:\Users\FRANCI~1\AppData\Local\Temp\CT3284023
    Ordner Gelöscht : C:\Users\FRANCI~1\AppData\Local\Temp\Smartbar
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Conduit
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnbpjcckofijioeebipepekepoceodh
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Smartbar
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Wajam
    Ordner Gelöscht : C:\Users\francisca\AppData\LocalLow\Conduit
    Ordner Gelöscht : C:\Users\francisca\AppData\LocalLow\incredibar.com
    Ordner Gelöscht : C:\Users\francisca\AppData\LocalLow\Playbryte
    Ordner Gelöscht : C:\Users\francisca\AppData\LocalLow\Smartbar
    Ordner Gelöscht : C:\Users\francisca\AppData\LocalLow\VisualBee_V.1
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\24x7 Help
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\BabSolution
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Babylon
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\DefaultTab
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Funmoods
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b}
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Optimizer Pro
    Ordner Gelöscht : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
    Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
    ***** [Registrierungsdatenbank] *****
    Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    Schlüssel Gelöscht : HKCU\Software\24x7HELP
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PricePeep
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\VisualBee_V.1
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
    Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
    Schlüssel Gelöscht : HKCU\Software\Conduit
    Schlüssel Gelöscht : HKCU\Software\Cr_Installer
    Schlüssel Gelöscht : HKCU\Software\DataMngr
    Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
    Schlüssel Gelöscht : HKCU\Software\DealPly
    Schlüssel Gelöscht : HKCU\Software\Default Tab
    Schlüssel Gelöscht : HKCU\Software\DefaultTab
    Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
    Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\elnbpjcckofijioeebipepekepoceodh
    Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Schlüssel Gelöscht : HKCU\Software\IM
    Schlüssel Gelöscht : HKCU\Software\ImInstaller
    Schlüssel Gelöscht : HKCU\Software\incredibar.com
    Schlüssel Gelöscht : HKCU\Software\InstallCore
    Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
    Schlüssel Gelöscht : HKCU\Software\SmartBar
    Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
    Schlüssel Gelöscht : HKCU\Software\SmartbarLog
    Schlüssel Gelöscht : HKCU\Software\Wajam
    Schlüssel Gelöscht : HKCU\Software\WNLT
    Schlüssel Gelöscht : HKCU\Software\5e2dedbb76eea49
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Schlüssel Gelöscht : HKLM\Software\24x7HELP
    Schlüssel Gelöscht : HKLM\Software\Babylon
    Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdate
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\f
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
    Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
    Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3284023
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504458}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Schlüssel Gelöscht : HKLM\Software\Conduit
    Schlüssel Gelöscht : HKLM\Software\DataMngr
    Schlüssel Gelöscht : HKLM\Software\Default Tab
    Schlüssel Gelöscht : HKLM\Software\DefaultTab
    Schlüssel Gelöscht : HKLM\Software\IB Updater
    Schlüssel Gelöscht : HKLM\Software\incredibar.com
    Schlüssel Gelöscht : HKLM\Software\InstallCore
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
    Schlüssel Gelöscht : HKLM\Software\Playbryte
    Schlüssel Gelöscht : HKLM\Software\VisualBee_V.1
    Schlüssel Gelöscht : HKLM\Software\Wajam
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e2dedbb76eea49
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502258}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055505558}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\elnbpjcckofijioeebipepekepoceodh
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501158}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED3AFF8A-40E2-4091-84DF-9F8E7E846ADF}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8573EB3-CB99-4FF1-B16F-6CEFD935FE52}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_V.1 Toolbar
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
    Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
    Schlüssel Gelöscht : HKU\S-1-5-21-4088704973-2131027104-1757421381-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
    Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
    Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
    Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
    Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
    Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
    Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
    Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
    Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    ***** [Internet Browser] *****
    -\\ Internet Explorer v9.0.8112.16457
    Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=hp --> hxxp://www.google.com
    Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837 --> hxxp://www.google.com
    Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837 --> hxxp://www.google.com
    Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837 --> hxxp://www.google.com
    -\\ Mozilla Firefox v18.0.1 (en-US)
    Datei : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\prefs.js
    C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\user.js ... Gelöscht !
    Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Gelöscht : user_pref("CT3284023.autoDisableScopes", -1);
    Gelöscht : user_pref("CT3284023.UserID", "UN41815829461741225");
    Gelöscht : user_pref("ct3284023.UserID", "UN41815829461741225");
    Gelöscht : user_pref("CT3284023.installDate", "8/2/2013 19:50:06");
    Gelöscht : user_pref("CT3284023.autoDisableScopes", 10);
    Gelöscht : user_pref("smartbar.originalHomepage", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTec[...]
    Gelöscht : user_pref("CT3284023.smartbar.homepage", "true");
    Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3284023&SearchSource=13&CUI[...]
    Gelöscht : user_pref("CT3284023.startPageXPETakeover", "true");
    Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3284023&SearchSource=13[...]
    Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284023&Sea[...]
    Gelöscht : user_pref("browser.search.defaultthis.engineName", "VisualBee V.1 Customized Web Search");
    Gelöscht : user_pref("browser.search.selectedEngine", "VisualBee V.1 Customized Web Search");
    Gelöscht : user_pref("CT3284023.browser.search.defaultthis.engineName", "true");
    Gelöscht : user_pref("CT3284023.defaultSearchXPETakeover", "true");
    Gelöscht : user_pref("smartbar.originalSearchEngine", "Web Search");
    Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=[...]
    Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://feed.snap.do/?publisher=VertiTechnology&d[...]
    Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284023&SearchSource=2&CU[...]
    Gelöscht : user_pref("CT3284023.keyword", "true");
    Gelöscht : user_pref("CT3284023.addressUrlXPETakeover", "true");
    Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    -\\ Google Chrome v24.0.1312.57
    Datei : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] Die Datei ist sauber.
    *************************
    AdwCleaner[R1].txt - [44418 octets] - [08/02/2013 19:26:50]
    AdwCleaner[S1].txt - [50807 octets] - [08/02/2013 22:29:39]
    ########## EOF - C:\AdwCleaner[S1].txt - [50868 octets] ##########
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    Great. You're doing very well so let's continue.

    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  9. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    When I try to run ComboFix it first shuts my whole computer down and when it is done and I can copy the log, none of my programs work and I have to shut my whole system down again, before my internet works. What should I do, if I can´t give you the log? :confused:
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    Did ComboFix actually run? If so the log should be at:

    C:\combofix.txt
     
  11. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    This file is not on my desktop, so probably it did´t actually run... :(
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    The program should be on your desktop but the log file would not be on the desktop. It would be in the root drive C.

    Let's do something else instead though.

    Please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  13. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    Here are the logs you asked for: :)

    OTL:

    OTL logfile created on: 23.02.2013 16:48:20 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\francisca\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    3,60 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 49,18% Memory free
    7,20 Gb Paging File | 4,61 Gb Available in Paging File | 64,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450,62 Gb Total Space | 378,55 Gb Free Space | 84,01% Space Free | Partition Type: NTFS
    Drive D: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive Q: | 13,67 Gb Total Space | 0,39 Gb Free Space | 2,83% Space Free | Partition Type: NTFS

    Computer Name: FRANCISCA-THINK | User Name: francisca | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013.02.23 16:47:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\francisca\Desktop\OTL.exe
    PRC - [2013.02.22 16:26:50 | 000,107,520 | ---- | M] () -- C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    PRC - [2013.01.25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2013.01.08 21:26:53 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012.12.27 13:39:44 | 000,176,640 | ---- | M] () -- C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe
    PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012.12.10 18:01:54 | 000,196,456 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
    PRC - [2012.12.10 18:01:54 | 000,118,632 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
    PRC - [2012.12.10 18:01:54 | 000,082,792 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
    PRC - [2012.12.10 18:01:54 | 000,014,696 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
    PRC - [2012.11.29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    PRC - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2012.10.30 11:55:30 | 000,218,144 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
    PRC - [2012.10.26 13:16:12 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
    PRC - [2012.09.19 03:00:48 | 000,383,648 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
    PRC - [2012.09.07 14:04:41 | 000,359,424 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
    PRC - [2012.07.25 10:57:48 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
    PRC - [2012.05.22 11:21:28 | 000,222,368 | ---- | M] () -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
    PRC - [2012.04.11 16:16:00 | 001,662,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    PRC - [2012.04.11 16:16:00 | 000,128,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    PRC - [2012.04.10 11:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe
    PRC - [2012.04.10 11:42:54 | 000,283,984 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
    PRC - [2012.04.10 11:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
    PRC - [2012.04.10 11:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
    PRC - [2012.04.09 22:41:56 | 002,542,184 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
    PRC - [2012.04.09 22:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    PRC - [2012.04.04 17:04:54 | 000,031,664 | ---- | M] (Stronghold Online Backup) -- C:\Users\francisca\AppData\Local\Strongvault Online Backup\SMessaging.exe
    PRC - [2012.03.23 04:49:40 | 001,529,656 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\SimpleTap\SimpleTap.exe
    PRC - [2012.03.06 17:49:08 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012.03.06 17:49:04 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    PRC - [2012.02.24 04:53:10 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
    PRC - [2012.02.21 12:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2012.02.21 12:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2012.02.21 12:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2012.02.21 12:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    PRC - [2012.01.25 02:44:56 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2012.01.17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
    PRC - [2012.01.04 14:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2011.12.29 05:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2011.12.22 14:37:14 | 000,145,224 | ---- | M] (AuthenTec Inc.) -- C:\Programme\AuthenTec TrueSuite\x86\BioMonitor.exe
    PRC - [2011.07.12 02:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
    PRC - [2011.01.06 23:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
    PRC - [2010.03.11 07:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2008.11.09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008.01.10 05:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013.02.18 23:45:38 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll
    MOD - [2013.02.18 23:11:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
    MOD - [2013.02.18 23:09:50 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
    MOD - [2013.02.18 23:09:23 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
    MOD - [2013.02.18 23:09:20 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll
    MOD - [2013.02.18 23:09:19 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
    MOD - [2013.02.18 23:08:53 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e290208a6d4ea4451ac118f1e0c3b488\Accessibility.ni.dll
    MOD - [2013.02.17 23:55:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013.02.17 23:55:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
    MOD - [2013.02.17 23:55:37 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013.02.17 23:55:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
    MOD - [2013.02.17 22:26:50 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
    MOD - [2013.01.25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    MOD - [2013.01.25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
    MOD - [2013.01.25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
    MOD - [2013.01.25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
    MOD - [2013.01.25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
    MOD - [2013.01.15 12:44:49 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
    MOD - [2013.01.11 17:18:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013.01.11 07:15:14 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2013.01.11 06:49:26 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
    MOD - [2013.01.11 06:49:13 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
    MOD - [2013.01.11 06:49:02 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
    MOD - [2013.01.11 06:49:01 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
    MOD - [2013.01.11 06:48:57 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
    MOD - [2013.01.11 06:48:56 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
    MOD - [2013.01.11 06:48:56 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
    MOD - [2013.01.11 06:48:55 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
    MOD - [2013.01.11 06:48:53 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
    MOD - [2013.01.11 06:48:48 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
    MOD - [2012.10.05 05:53:24 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    MOD - [2012.10.05 05:53:23 | 005,988,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    MOD - [2012.10.05 05:53:23 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    MOD - [2012.10.05 05:53:23 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    MOD - [2012.09.07 14:04:41 | 000,359,424 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
    MOD - [2012.05.31 20:18:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
    MOD - [2012.05.30 13:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012.05.30 13:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011.12.25 15:42:15 | 005,255,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    MOD - [2011.12.22 14:37:18 | 000,823,112 | ---- | M] () -- C:\Programme\AuthenTec TrueSuite\x86\DataManager.dll
    MOD - [2011.10.04 20:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
    MOD - [2010.11.20 22:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2010.11.20 22:24:25 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    MOD - [2010.11.20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010.11.20 22:24:07 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    MOD - [2010.11.20 22:24:07 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    MOD - [2010.11.12 18:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2009.07.13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
    MOD - [2009.06.10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012.02.29 01:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
    SRV:64bit: - [2011.12.28 15:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
    SRV:64bit: - [2010.12.17 03:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
    SRV:64bit: - [2009.07.13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013.02.22 16:26:50 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
    SRV - [2013.02.06 20:39:59 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.12.27 13:39:44 | 000,176,640 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe -- (ZDManager Service)
    SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012.12.10 18:01:54 | 003,569,512 | ---- | M] (Sendori) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
    SRV - [2012.12.10 18:01:54 | 000,118,632 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
    SRV - [2012.12.10 18:01:54 | 000,014,696 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
    SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012.11.23 15:20:54 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012.10.26 13:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
    SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012.07.25 10:57:48 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)
    SRV - [2012.05.22 11:21:28 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
    SRV - [2012.04.11 16:16:00 | 001,665,088 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
    SRV - [2012.04.11 16:16:00 | 001,662,528 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
    SRV - [2012.04.10 11:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
    SRV - [2012.04.10 11:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
    SRV - [2012.04.10 11:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
    SRV - [2012.04.09 22:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
    SRV - [2012.03.06 17:49:18 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012.03.06 17:49:16 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012.03.06 17:49:08 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2012.03.06 17:49:04 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
    SRV - [2012.02.27 06:01:00 | 000,049,376 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (Intel(R)
    SRV - [2012.02.25 22:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
    SRV - [2012.02.25 22:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV - [2012.02.25 22:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2012.02.25 22:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2012.02.21 12:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2012.02.21 12:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2012.02.21 12:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2012.02.09 02:10:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012.02.02 15:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV - [2012.02.02 07:28:32 | 000,145,472 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
    SRV - [2012.01.17 09:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
    SRV - [2012.01.17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
    SRV - [2012.01.09 05:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV - [2011.12.29 05:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV - [2011.12.22 14:36:54 | 000,313,672 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\AuthenTec TrueSuite\TrueSuiteService.exe -- (FPLService)
    SRV - [2011.11.09 13:11:05 | 008,447,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
    SRV - [2011.07.12 02:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
    SRV - [2011.07.12 02:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
    SRV - [2011.07.12 02:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
    SRV - [2011.01.06 23:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
    SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010.09.22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2010.09.21 07:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2010.03.18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.03.11 07:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009.06.10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008.11.09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008.01.10 05:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012.04.11 16:16:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
    DRV:64bit: - [2012.04.01 23:40:50 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012.03.01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012.02.29 01:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV:64bit: - [2012.02.20 05:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
    DRV:64bit: - [2012.02.16 09:19:42 | 000,216,064 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
    DRV:64bit: - [2012.02.14 05:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
    DRV:64bit: - [2012.02.01 15:52:02 | 014,659,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012.01.31 00:17:44 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2012.01.09 05:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2012.01.09 05:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2012.01.04 14:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012.01.04 14:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012.01.04 14:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2011.12.28 15:48:24 | 000,147,784 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
    DRV:64bit: - [2011.12.28 15:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
    DRV:64bit: - [2011.12.26 04:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
    DRV:64bit: - [2011.12.23 07:37:12 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011.12.20 10:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2011.12.20 10:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2011.12.08 16:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.12.08 16:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011.12.07 11:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
    DRV:64bit: - [2011.12.06 06:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011.11.30 04:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2011.11.30 04:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2011.11.10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011.10.26 21:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
    DRV:64bit: - [2011.08.23 07:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011.05.29 05:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
    DRV:64bit: - [2011.05.13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011.05.13 02:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
    DRV:64bit: - [2011.05.13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2011.05.13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
    DRV:64bit: - [2011.05.13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2010.11.20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010.11.20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010.11.20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.11.20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2009.07.13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.07.13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009.07.13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009.06.10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2012.08.02 14:57:30 | 000,056,136 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys -- (X5XSEx_Pr143)
    DRV - [2012.01.30 13:40:02 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
    DRV - [2009.07.13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\URLSearchHook: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
    IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com...b&tb_uuid=20121207214056354&tb_oid=07-12-2012
    &tb_mrud=07-12-2012
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{48919D28-4FFA-4D66-A705-6097B2CB0634}: "URL" = http://delicious.com/search?p={searchTerms}
    IE - HKCU\..\SearchScopes\{704C639C-C1B1-483F-9C72-E28C8D1D026D}: "URL" = http://www.mysearchresults.com/search?&c=4204&t=11&q={searchTerms}
    IE - HKCU\..\SearchScopes\{A2492ECD-8EA7-4FF4-8B97-C32565F837FE}: "URL" = http://www.flickr.com/search/?q={searchTerms}
    IE - HKCU\..\SearchScopes\{B4C4CA69-F79A-4A50-8C24-B95F89839BB0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: uc%40uc.com:1.0
    FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121130
    FF - prefs.js..extensions.enabledAddons: infoatoms%40infoatoms.com:1.4.0.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.25 17:00:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected] [2013.02.06 20:39:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.08 21:27:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.01.08 21:27:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.05.31 11:02:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla FireFox\components [2013.02.06 20:39:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla FireFox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.25 17:00:22 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Unfriend Checker\FF\ [2013.01.18 21:36:16 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla FireFox\components [2013.02.06 20:39:59 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla FireFox\plugins

    [2013.01.20 21:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\francisca\AppData\Roaming\mozilla\Extensions
    [2013.02.08 22:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\francisca\AppData\Roaming\mozilla\Firefox\Profiles\iwrs8z2w.default\Extensions
    [2013.02.04 11:54:25 | 000,000,000 | ---D | M] ("Amazon Browser Bar") -- C:\Users\francisca\AppData\Roaming\mozilla\Firefox\Profiles\iwrs8z2w.default\Extensions\[email protected]
    [2013.02.04 12:01:06 | 000,002,292 | ---- | M] () -- C:\Users\francisca\AppData\Roaming\mozilla\firefox\profiles\iwrs8z2w.default\searchplugins\amazon.xml
    [2013.02.06 20:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2013.02.06 20:39:55 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\mozilla firefox\extensions\[email protected]
    [2013.01.18 21:36:16 | 000,000,000 | ---D | M] ("Unfriend Checker") -- C:\PROGRAM FILES (X86)\UNFRIEND CHECKER\FF
    [2013.02.06 20:39:59 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013.01.04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013.01.04 22:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://feed.snap.do/?publisher=Vert...5a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=hp
    CHR - default_search_provider: Web (Enabled)
    CHR - default_search_provider: search_url = http://feed.snap.do/?publisher=Vert...020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://feed.snap.do/?publisher=Vert...5a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=hp
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: TrueSuite (Enabled) = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombkllfdikmoepjdpmdaiinfbjpnkboa\2.0_0\npwebsitelogon.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: SelectionLinks = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\animabehecgmjjbhlbdepknacikjpico\4.1_0\
    CHR - Extension: Unfriend Checker = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiponhbbifajapmbggbgaepiedinifm\1.1_0\
    CHR - Extension: YouTube = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google-Suche = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: VisualBee V.1 = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnbpjcckofijioeebipepekepoceodh\10.14.251.3_0\
    CHR - Extension: Privacy SafeGuard = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\
    CHR - Extension: InfoAtoms = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.4.0.0_0\
    CHR - Extension: RealDownloader = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
    CHR - Extension: Amazing Coupons = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
    CHR - Extension: Shopping Sidekick = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.21.51_0\crossrider
    CHR - Extension: Shopping Sidekick = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.21.51_0\
    CHR - Extension: Website Logon = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombkllfdikmoepjdpmdaiinfbjpnkboa\2.0_0\
    CHR - Extension: Google Mail = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013.02.10 20:23:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
    O2 - BHO: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
    O2 - BHO: (Unfriend Checker) - {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dll File not found
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (InfoAtoms) - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
    O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
    O2 - BHO: (ZD Manager IE Plugin) - {18D6D197-45BB-465B-ADC0-274A70B49B55} - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll (ZD Systems)
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
    O2 - BHO: (SelectionLinks) - {491BCA71-06F9-42e1-A72E-76D897607E2B} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
    O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
    O2 - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
    O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll File not found
    O2 - BHO: (CouponAmazing) - {A59D1D83-8A40-4FA5-9CC9-749D4D7BD472} - C:\Users\francisca\AppData\Local\couponamazing\ie\couponamazing_1357698002.dll ()
    O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
    O3 - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
    O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
    O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
    O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe (Intel Corporation)
    O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
    O4 - HKLM..\Run: [PCFixSpeed] C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe (Crawler.com)
    O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
    O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
    O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
    O4 - HKLM..\Run: [SMessaging] C:\Users\francisca\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKCU..\Run: [ChicaPasswordManager] C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe (ChicaLogic, Inc.)
    O4 - HKCU..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
    O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
    O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKCU..\Run: [GoogleChromeAutoLaunch_5075ED5FA5DD9B9ED5ED20BB82467041] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{541A4C82-EE27-4696-B0AB-468336D8D3F8}: DhcpNameServer = 192.168.17.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.10.14 03:23:09 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2009.09.21 14:58:33 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013.02.23 16:47:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\francisca\Desktop\OTL.exe
    [2013.02.22 16:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
    [2013.02.22 16:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPlayer
    [2013.02.22 16:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
    [2013.02.22 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Roaming\player
    [2013.02.22 16:26:53 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Roaming\Optimizer Pro
    [2013.02.22 16:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
    [2013.02.22 16:26:47 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Roaming\DefaultTab
    [2013.02.22 16:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
    [2013.02.22 00:14:18 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
    [2013.02.22 00:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com
    [2013.02.17 22:21:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013.02.17 22:21:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013.02.17 22:21:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013.02.17 22:21:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013.02.17 22:21:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013.02.17 22:21:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013.02.17 22:21:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013.02.17 22:21:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013.02.17 22:21:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013.02.17 22:21:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013.02.17 22:21:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013.02.17 22:21:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013.02.17 22:21:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013.02.17 22:21:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013.02.17 22:21:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013.02.16 17:44:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013.02.16 17:44:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013.02.16 17:44:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013.02.16 17:44:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013.02.16 17:44:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013.02.16 17:44:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013.02.16 17:35:54 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2013.02.16 17:34:09 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013.02.16 17:34:09 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013.02.16 17:34:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013.02.10 20:23:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013.02.10 17:19:42 | 013,085,120 | ---- | C] (Microsoft Corporation) -- C:\Users\francisca\Desktop\Silverlight_x64.exe
    [2013.02.09 17:33:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013.02.09 17:33:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013.02.09 17:33:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013.02.09 17:33:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013.02.09 17:33:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013.02.09 17:31:05 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\francisca\Desktop\puppy.exe
    [2013.02.09 17:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    [2013.02.09 17:08:00 | 000,000,000 | ---D | C] -- C:\rei
    [2013.02.09 17:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
    [2013.02.09 16:49:26 | 000,000,000 | --SD | C] -- C:\Users\francisca\Documents\Chica Passwords
    [2013.02.08 22:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChicaLogic
    [2013.02.08 22:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ChicaLogic
    [2013.02.08 19:50:44 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\VisualBeeClient
    [2013.02.08 19:50:16 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\CRE
    [2013.02.08 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\VisualBeeExe
    [2013.02.08 19:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
    [2013.02.08 19:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2013.02.08 19:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2013.02.08 19:32:43 | 013,544,936 | ---- | C] (Microsoft Corporation) -- C:\Users\francisca\Desktop\Antivirus scanner.exe
    [2013.02.06 20:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla FireFox
    [2013.02.04 22:33:48 | 000,000,000 | ---D | C] -- C:\Remote Programs
    [2013.02.04 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
    [2013.02.04 22:33:45 | 000,057,824 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
    [2013.02.04 22:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Ride Games
    [2013.02.04 20:21:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2013.02.04 11:54:38 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\Amazon Browser Bar
    [2013.02.04 11:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2013.02.04 11:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
    [2013.02.04 11:54:19 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\NanoService
    [2013.02.04 11:54:18 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\Yahoo!
    [2013.01.29 23:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013.02.23 16:47:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\francisca\Desktop\OTL.exe
    [2013.02.23 16:46:16 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013.02.23 16:46:16 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013.02.23 16:43:15 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013.02.23 16:43:15 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2013.02.23 16:43:15 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013.02.23 16:43:15 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2013.02.23 16:43:15 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013.02.23 16:40:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    [2013.02.23 16:40:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013.02.23 16:07:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
    [2013.02.23 16:06:56 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013.02.23 16:06:56 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    [2013.02.23 16:05:42 | 2898,370,560 | -HS- | M] () -- C:\hiberfil.sys
    [2013.02.23 13:07:22 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013.02.22 16:27:30 | 000,002,603 | ---- | M] () -- C:\Users\Public\Desktop\VPlayer.lnk
    [2013.02.22 16:26:53 | 000,001,156 | RHS- | M] () -- C:\Users\francisca\ntuser.pol
    [2013.02.22 16:26:47 | 000,001,077 | ---- | M] () -- C:\Users\francisca\Desktop\Optimizer Pro.lnk
    [2013.02.22 00:14:18 | 000,000,846 | ---- | M] () -- C:\Users\francisca\Desktop\HDVidCodec.lnk
    [2013.02.17 23:48:21 | 000,370,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013.02.10 20:23:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013.02.10 17:20:38 | 013,085,120 | ---- | M] (Microsoft Corporation) -- C:\Users\francisca\Desktop\Silverlight_x64.exe
    [2013.02.09 17:33:06 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\francisca\Desktop\puppy.exe
    [2013.02.09 17:24:04 | 000,000,105 | ---- | M] () -- C:\Users\francisca\AppData\Local\ZDManager.ini
    [2013.02.09 17:09:00 | 000,000,162 | ---- | M] () -- C:\Windows\reimage.ini
    [2013.02.08 22:31:30 | 000,000,221 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013.02.08 22:27:27 | 000,001,118 | ---- | M] () -- C:\Users\francisca\Desktop\Flash Player Pro.lnk
    [2013.02.08 22:26:43 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013.02.08 19:38:45 | 013,544,936 | ---- | M] (Microsoft Corporation) -- C:\Users\francisca\Desktop\Antivirus scanner.exe
    [2013.02.04 22:33:49 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
    [2013.02.04 20:38:12 | 451,990,634 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013.02.04 11:56:13 | 629,782,016 | -HS- | M] () -- C:\Windows\lenovo_fastboot.img
    [2013.01.29 23:01:41 | 000,002,057 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013.02.22 16:27:30 | 000,002,603 | ---- | C] () -- C:\Users\Public\Desktop\VPlayer.lnk
    [2013.02.22 16:26:47 | 000,001,077 | ---- | C] () -- C:\Users\francisca\Desktop\Optimizer Pro.lnk
    [2013.02.22 00:14:18 | 000,000,846 | ---- | C] () -- C:\Users\francisca\Desktop\HDVidCodec.lnk
    [2013.02.09 17:33:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013.02.09 17:33:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013.02.09 17:33:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013.02.09 17:33:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013.02.09 17:33:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013.02.09 17:08:06 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
    [2013.02.08 22:31:07 | 000,000,221 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013.02.08 19:37:05 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2013.02.08 19:37:02 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2013.02.04 22:33:49 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2013.02.04 20:21:28 | 451,990,634 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013.01.24 14:24:57 | 000,000,105 | ---- | C] () -- C:\Users\francisca\AppData\Local\ZDManager.ini
    [2012.12.10 13:30:03 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012.12.08 22:01:46 | 000,001,156 | RHS- | C] () -- C:\Users\francisca\ntuser.pol
    [2012.10.25 16:57:18 | 000,208,423 | ---- | C] () -- C:\Windows\hpoins43.dat
    [2012.10.25 16:57:18 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
    [2012.07.13 11:59:50 | 000,001,024 | ---- | C] () -- C:\Users\francisca\AppData\Roaming\AbsoluteReminder.xml
    [2012.07.13 11:59:15 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
    [2012.05.31 10:46:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
    [2012.05.31 10:46:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
    [2012.05.31 10:46:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
    [2012.05.31 10:37:42 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012.05.31 10:37:42 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012.05.31 10:37:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012.05.31 10:37:40 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012.05.31 10:37:39 | 013,201,920 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012.02.02 15:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

    ========== ZeroAccess Check ==========

    [2009.07.13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720
    < End of report >

    Extras:

    OTL Extras logfile created on: 11.02.2013 21:09:01 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\francisca\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    3,60 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 34,92% Memory free
    7,20 Gb Paging File | 4,35 Gb Available in Paging File | 60,39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450,62 Gb Total Space | 384,71 Gb Free Space | 85,37% Space Free | Partition Type: NTFS
    Drive D: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive Q: | 13,67 Gb Total Space | 0,39 Gb Free Space | 2,83% Space Free | Partition Type: NTFS

    Computer Name: FRANCISCA-THINK | User Name: francisca | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03945C20-C615-4C12-A356-8247EAB720FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0D5BB194-1B93-482D-B949-B15909617788}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{17932B13-9ACE-4C77-8355-EF389AE38965}" = rport=139 | protocol=6 | dir=out | app=system |
    "{1F705EC5-B597-4843-B7F9-1F122B9F5545}" = lport=137 | protocol=17 | dir=in | app=system |
    "{21D5C20C-97C3-4D3A-8C6C-FFA0B1785037}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{22478AC2-E9ED-442B-8BFB-99C57D301DFB}" = lport=138 | protocol=17 | dir=in | app=system |
    "{2AF588B9-22D0-4F88-A252-F6705B335998}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3794B49C-795B-4747-9AE9-AF2B0B9332BF}" = rport=137 | protocol=17 | dir=out | app=system |
    "{38482DF0-BB89-4199-B3C2-113975F66ACC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{39179CF7-4E1F-4EC1-81DE-0BE93EF42ACC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{39D6C28C-F851-4D28-B66D-8EAA873D1C4C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{40C857AD-50DB-4A68-A190-8327EFA3A8F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{43849666-3512-47BA-981F-3FC4C4CE4621}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{4F526F8D-5CEC-44AE-BF2A-3D24BCB10A4F}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{58AC8081-E7C6-4C8A-8F86-2FC5DC780F6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{97E823BB-F564-4834-AB63-E8C032FC28A8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{98BF637D-9E9C-485F-8D28-1763761869DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A1C76092-85E2-4B8F-890E-E3A064C24E4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B44DAC0A-162A-43B6-A90C-BB0999816557}" = rport=138 | protocol=17 | dir=out | app=system |
    "{CB4EE116-011C-494E-BCC9-3BD613D5FBE1}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D976218F-6C9C-4621-A0EE-927315256B33}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{E44D56ED-7669-4AAE-8234-C26912DF83A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{F511076B-0919-49F9-A384-5309DAC638B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FB96E991-86BE-4566-AE67-E64B044039E9}" = lport=445 | protocol=6 | dir=in | app=system |
    "{FFAD57DA-673B-4B13-B04C-EB52C6D57F6F}" = lport=10243 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A68A5E1-1E15-4A9B-8439-E0EE7F0233C3}" = protocol=58 | dir=out | [email protected],-28546 |
    "{0ADA1501-3398-42B8-AD02-110E4AEC2419}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{11BD71B7-272B-422E-A3C5-F8632016F0F8}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{1752D226-3D8D-47D7-94B8-D7C0F7F168E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{17D68E93-4EA3-4A07-89B3-D3599A837816}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{18A72B25-9B35-4CAE-9136-E085B0564551}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{21CA5AEA-9D40-4176-9F48-A3009273FB28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{2D5FC66E-E51B-4DE3-9731-7036565DA2EC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2E5F3152-459E-4175-9F41-D410CB7F8B15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{31CFB03D-0636-488F-9FF1-685E33FC1981}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{39D7A044-934D-4896-A774-FB9E4DC06AAE}" = protocol=1 | dir=in | [email protected],-28543 |
    "{3BDB0CF5-0789-40B1-B8EC-9A9EF43619A8}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{3D2446B7-C294-42D9-B85B-9F933B94DDD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{3EDD4389-4271-4889-B6A1-46C45B5C5736}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{454ABA0E-05BB-4970-A188-B5AF5FD839E2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{49C9CEFA-2690-4219-87ED-2940512B150C}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
    "{6203A2DB-CF83-4D22-B896-2D1A28B8385A}" = protocol=6 | dir=out | app=system |
    "{65D0FB6A-943E-4B48-AA34-C6C5D35B7A66}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{6DE90227-92FE-491D-B2B9-41E5EE46FEAE}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{72CA0DAE-5D96-4AC9-81C0-40E94A8C9386}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{80BB47A1-6525-48C0-9B0C-90E912CA066D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{872C83AC-2305-4CCD-82A6-F5861613A678}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{88380F63-4AF6-4587-9C99-BFC318FB812C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{88DCDFAD-35F7-4151-A3D9-5A63E4205991}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{89829672-BACE-4C83-A8DF-EE6DF66496F1}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{916D3069-AC9F-4A89-98B2-B3C5E2753182}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{979233BB-D771-4B25-BB3E-8F3B86D98F6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{9870FD69-87C8-4119-9EC3-6BB4BC39D243}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9B8A21B4-ADBF-43AF-B8DA-3909D43FF54E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9CC75AB9-90B8-4868-BBEB-75A8E8D2B701}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{A6DA81CD-F105-4DAE-813C-1CA8D392F170}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{ADCD1EF8-88AE-47DE-AFCE-58F161D74DDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AE0FC136-802A-441E-978C-36F52CA16B47}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{B790FB5C-C82F-4C2E-9362-05E4D0964782}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C55F1C78-938D-4B91-A4E6-81018528C440}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C891600C-D55A-4D33-8C64-E490A7A10AE0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{C9690F2D-A05A-466F-AFFB-8C9B4DCA31CD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{CB055463-0743-43C2-A71F-F40D211D7F60}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{CDA6D25E-DA36-4266-8C5C-C7578CD2430B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D6297443-4D1C-40FA-83D8-B146E157E75C}" = protocol=1 | dir=out | [email protected],-28544 |
    "{D8ECC80D-B22B-4301-934A-454CC812C984}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{DA359AAB-58B5-4C8D-81FF-233CDCFA9C24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{DAE60680-30C3-4AC9-98FE-BEEDA56553C0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{DE607943-675A-4D53-B5C7-10F77859C11E}" = protocol=58 | dir=in | [email protected],-28545 |
    "{E1139A92-12D9-4CCC-B7B5-8779FEF0A9E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E72A7317-E945-434B-9B51-557384400B8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{EB30C319-11BF-400D-907D-7EBA2E24A6F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EBE74416-1CBE-4CA5-BD73-1983EB313A98}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{F175305D-4D08-476C-9D40-78ABDDF4DA9B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{F89701B3-7A40-4DEA-B77E-920F3B28A596}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{FA83E1FF-8453-4B24-B71B-FD6F3A94AD2E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{FAB97294-ECC4-490D-9C55-336A338B74D1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{FD1AC680-04E8-4117-B8D0-457065249A46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{FED4C52E-927C-4856-A9F9-4B208040B502}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{7DF0D0DF-8996-4F8D-A8ED-A471773FAF8F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
    "TCP Query User{9CDCA28C-5CEE-4D72-AFBA-DD63B4B10D50}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
    "UDP Query User{09188941-C100-418D-A084-A00E65215F4C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
    "UDP Query User{3A6D3CF9-2BD2-42D8-8C33-627F87FEB84B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{792920BD-8D8D-4868-AE2F-16F4B05D3AE9}" = Lenovo Solution Center
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A8CAC260-092D-41DA-A38F-73AF4226B021}" = Lenovo Graphics Software
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{B57D4097-F2FE-4222-BA02-46C6EC8B7944}" = DisplayLink Core Software
    "{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
    "{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{DF8F4026-E6DC-474C-90D2-BCE9888786F8}" = AuthenTec TrueSuite
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software
    "{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032)
    "76052A6680822C2132A1EB4E64568F3C9591560E" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2)
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "E3535F123E7F666D573665142F90D3E5004DC326" = Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
    "OnScreenDisplay" = Anzeige am Bildschirm
    "Power Management Driver" = ThinkPad Power Management Driver
    "ProInst" = Intel PROSet Wireless
    "Reimage Repair" = Reimage Repair
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = ThinkPad UltraNav Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
    "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{3002C8EB-2A7E-419B-B77F-5AD7E9F54A5A}" = Strongvault Online Backup
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
    "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
    "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
    "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
    "{5B5DEF99-85E9-423D-A1A3-B83202697B09}" = Lenovo Solutions for Small Business Customizations
    "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
    "{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Lenovo Solutions for Small Business
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73043E19-0155-49C0-ACB4-8138D25007B4}" = Snap.Do
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}" = Message Center Plus
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
    "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
    "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
    "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
    "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
    "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.16
    "{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
    "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
    "{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1" = PC Fix Speed 1.2.0.24
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
    "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Browser Bar" = Amazon Browser Bar
    "AOL Toolbar" = AOL Toolbar
    "Chica Password Manager 2.0_is1" = Chica Password Manager 2.0 2.0.0.8
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "couponamazing" = couponamazing
    "exent_532150" = Heroes of Hellas
    "exent_554750" = Cradle of Rome
    "exent_586350" = 7 Wonders II
    "exent_683150" = Time Riddles: The Mansion
    "Fastboot" = RapidBoot HDD Accelerator
    "Flash Player Pro_is1" = Flash Player Pro V5.4
    "Google Chrome" = Google Chrome
    "HP Photo Creations" = HP Photo Creations
    "InfoAtoms" = InfoAtoms
    "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
    "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
    "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Optimizer Pro_is1" = Optimizer Pro v3.0
    "Origin" = Origin
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "RealPlayer 16.0" = RealPlayer
    "Sendori" = Sendori
    "Shopping Sidekick" = Shopping Sidekick
    "sl-adk" = SelectionLinks
    "SMPlayer" = SMPlayer 0.6.9
    "SugarSync" = SugarSync Manager
    "The Weather Channel App" = The Weather Channel App
    "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
    "[email protected]" = Unfriend Checker
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! NanoClient" = Yahoo! Axis
    "Yahoo! Software Update" = Yahoo! Software Update
    "ZDManager" = ZD Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{cf0efec8-c035-4b57-9080-ba9758291d99}" = Snap.Do Engine
    "AOL Toolbar" = AOL Toolbar
    "Mozilla Firefox Packages" = Mozilla Firefox Packages
    "VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11.01.2013 08:07:09 | Computer Name = francisca-THINK | Source = SideBySide | ID = 16842785
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
    Die
    abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
    konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
    "sxstrace.exe".

    Error - 11.01.2013 08:14:22 | Computer Name = francisca-THINK | Source = WinMgmt | ID = 10
    Description =

    Error - 11.01.2013 18:15:31 | Computer Name = francisca-THINK | Source = WinMgmt | ID = 10
    Description =

    Error - 11.01.2013 18:17:15 | Computer Name = francisca-THINK | Source = Application Hang | ID = 1002
    Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
    Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
    in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
    zu suchen. Prozess-ID: 17e4 Startzeit: 01cdf0493e725361 Endzeit: 16 Anwendungspfad:
    C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:

    Error - 11.01.2013 18:27:24 | Computer Name = francisca-THINK | Source = MsiInstaller | ID = 1002
    Description =

    Error - 11.01.2013 18:52:51 | Computer Name = francisca-THINK | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11.01.2013 18:52:51 | Computer Name = francisca-THINK | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 11528

    Error - 11.01.2013 18:52:51 | Computer Name = francisca-THINK | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 11528

    Error - 12.01.2013 13:08:12 | Computer Name = francisca-THINK | Source = WinMgmt | ID = 10
    Description =

    Error - 12.01.2013 13:22:08 | Computer Name = francisca-THINK | Source = MsiInstaller | ID = 1002
    Description =

    [ Lenovo-Message Center Plus/Admin Events ]
    Error - 23.09.2012 16:45:33 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
    -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
    gefunden.

    Error - 10.02.2013 18:08:26 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
    Der Vorgang wurde erfolgreich beendet

    Error - 10.02.2013 18:08:26 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
    Der Vorgang wurde erfolgreich beendet

    Error - 10.02.2013 18:08:26 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
    Der Vorgang wurde erfolgreich beendet

    Error - 10.02.2013 20:48:22 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
    Der Vorgang wurde erfolgreich beendet

    Error - 10.02.2013 20:48:22 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
    Der Vorgang wurde erfolgreich beendet

    Error - 10.02.2013 20:48:22 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
    Der Vorgang wurde erfolgreich beendet

    Error - 10.02.2013 21:41:53 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
    Der Vorgang wurde erfolgreich beendet

    Error - 10.02.2013 21:41:53 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
    Der Vorgang wurde erfolgreich beendet

    Error - 10.02.2013 21:41:53 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
    Der Vorgang wurde erfolgreich beendet

    [ System Events ]
    Error - 17.12.2012 19:00:32 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7011
    Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
    von Dienst LENOVO.CAMMUTE erreicht.

    Error - 18.12.2012 20:57:54 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7011
    Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
    von Dienst LENOVO.CAMMUTE erreicht.

    Error - 18.12.2012 20:57:54 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7011
    Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
    von Dienst AeLookupSvc erreicht.

    Error - 19.12.2012 23:50:21 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7011
    Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
    von Dienst LENOVO.CAMMUTE erreicht.

    Error - 21.12.2012 19:09:36 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7034
    Description = Dienst "Bluetooth Media Service" wurde unerwartet beendet. Dies ist
    bereits 1 Mal passiert.

    Error - 23.12.2012 17:25:59 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7034
    Description = Dienst "Bluetooth Media Service" wurde unerwartet beendet. Dies ist
    bereits 1 Mal passiert.

    Error - 23.12.2012 19:20:54 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7031
    Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
    bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
    durchgeführt: Neustart des Diensts.

    Error - 23.12.2012 19:21:09 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7031
    Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
    bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
    durchgeführt: Neustart des Diensts.

    Error - 23.12.2012 19:22:09 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7032
    Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
    des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
    ist fehlgeschlagen. Fehler: %%1056

    Error - 08.01.2013 21:46:03 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7011
    Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
    von Dienst LENOVO.CAMMUTE erreicht.


    < End of report >
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  15. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    Here´s the JRT log: :)

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.5 (02.18.2013:1)
    OS: Windows 7 Professional x64
    Ran by francisca on 24.02.2013 at 13:54:32,37
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services
    Successfully stopped: [Service] defaulttabupdate
    Successfully deleted: [Service] defaulttabupdate

    ~~~ Registry Values
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\optimizer pro
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\pcfixspeed
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\smessaging
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
    Successfully deleted: [Registry Value] hkey_local_machine\software\wow6432node\microsoft\internet explorer\toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
    Successfully deleted: [Registry Value] hkey_local_machine\software\wow6432node\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088704973-2131027104-1757421381-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088704973-2131027104-1757421381-1000\software\microsoft\internet explorer\searchurl\\Default
    Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B?
    Val Name Type Value Data
    ======== ==== ==========
    BTMTrayAgent REG_SZ rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp


    ~~~ Registry Keys
    Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
    Successfully deleted: [Registry Key] hkey_current_user\software\aol toolbar
    Successfully deleted: [Registry Key] hkey_current_user\software\default tab
    Successfully deleted: [Registry Key] hkey_current_user\software\defaulttab
    Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater
    Successfully deleted: [Registry Key] hkey_current_user\software\optimizer pro
    Successfully deleted: [Registry Key] hkey_current_user\software\visualbee
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\defaulttab
    Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{103089da-0f31-4a8b-843f-7d24a7fe8345}
    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{103089da-0f31-4a8b-843f-7d24a7fe8345}
    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{1036ad63-aeac-460b-9060-c96005d4dc86}
    Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
    Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}
    Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe}
    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe}
    Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
    Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
    Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}

    ~~~ Files

    ~~~ Folders
    Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"
    Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
    Successfully deleted: [Folder] "C:\ProgramData\pcfixspeed"
    Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
    Successfully deleted: [Folder] "C:\ProgramData\visualbee"
    Successfully deleted: [Folder] "C:\Users\francisca\AppData\Roaming\defaulttab"
    Successfully deleted: [Folder] "C:\Users\francisca\AppData\Roaming\optimizer pro"
    Successfully deleted: [Folder] "C:\Users\francisca\AppData\Roaming\pcfixspeed"
    Successfully deleted: [Folder] "C:\Users\francisca\AppData\Roaming\strongvault"
    Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\aol toolbar"
    Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\couponamazing"
    Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\stronghold_llc"
    Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\strongvault"
    Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\strongvault online backup"
    Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\visualbeeclient"
    Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\visualbeeexe"
    Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
    Successfully deleted: [Folder] "C:\Program Files (x86)\infoatoms"
    Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
    Successfully deleted: [Folder] "C:\Program Files (x86)\pcfixspeed"
    Successfully deleted: [Folder] "C:\Program Files (x86)\strongvault online backup"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\strongvault online backup"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

    ~~~ FireFox
    Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]"
    Successfully deleted: [Registry Value] hkey_local_machine\software\wow6432node\mozilla\firefox\extensions\\[email protected]
    Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
    Successfully deleted the following from C:\Users\francisca\AppData\Roaming\mozilla\firefox\profiles\iwrs8z2w.default\prefs.js
    user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n \"google\" : {\n \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n \"rankometer\
    Emptied folder: C:\Users\francisca\AppData\Roaming\mozilla\firefox\profiles\iwrs8z2w.default\minidumps [5 files]

    ~~~ Chrome
    Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
    Successfully deleted: [Folder] C:\Users\francisca\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\geggofhlfbcmanadhknllmlajiafopoh
    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\google\chrome\extensions\geggofhlfbcmanadhknllmlajiafopoh

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 24.02.2013 at 13:57:58,51
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088221

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice