Virus in the home network

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sweety_pie

Thread Starter
Joined
Feb 3, 2013
Messages
20
I´m getting huge amounts of advertisements poping up. They´re driving me nuts. My host dad wanted me to have my computer checked, because he had a nasty virus. Can you help? Below are the files you requested: :confused:

I have a Lenovo Thinkpad edge with Windows 7.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:51, on 04.02.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe
C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe
C:\Users\francisca\AppData\Local\Smartbar\Application\SnapDo.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Users\francisca\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
c:\program files (x86)\real\realplayer\RealPlay.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Vert...020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=ad...AyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Vert...020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Vert...020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
O2 - BHO: Unfriend Checker - {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
O2 - BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
O2 - BHO: CrossriderApp0005058 - {11111111-1111-1111-1111-110011501158} - C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll
O2 - BHO: ZD Manager IE Plugin - {18D6D197-45BB-465B-ADC0-274A70B49B55} - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (file missing)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Privacy SafeGuard - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
O2 - BHO: CouponAmazing - {A59D1D83-8A40-4FA5-9CC9-749D4D7BD472} - C:\Users\francisca\AppData\Local\couponamazing\ie\couponamazing_1357698002.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
O4 - HKLM\..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
O4 - HKLM\..\Run: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
O4 - HKLM\..\Run: [SMessaging] C:\Users\francisca\AppData\Local\Strongvault Online Backup\SMessaging.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5075ED5FA5DD9B9ED5ED20BB82467041] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKCU\..\Run: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\francisca\AppData\Local\Smartbar\Application\SnapDo.exe startup
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
O4 - Global Startup: StrongVaultApp.exe
O4 - Global Startup: StrongVaultApp.exe.lnk = francisca\AppData\Local\StrongVault\StrongVaultApp.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{541A4C82-EE27-4696-B0AB-468336D8D3F8}: NameServer = 216.146.35.240,216.146.36.240,192.168.17.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{541A4C82-EE27-4696-B0AB-468336D8D3F8}: NameServer = 216.146.35.240,216.146.36.240,192.168.17.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{541A4C82-EE27-4696-B0AB-468336D8D3F8}: NameServer = 216.146.35.240,216.146.36.240,192.168.17.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
O23 - Service: 24x7HelpService (24x7HelpSvc) - PCRx.com, LLC - C:\Program Files (x86)\24x7Help\App24x7Svc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - AuthenTec, Inc - C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Small Business Advantage - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Service Sendori - sendori - C:\Program Files (x86)\Sendori\Sendori.Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: sndappv2 - Sendori - C:\Program Files (x86)\Sendori\sndappv2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service for AMZN - Unknown owner - C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Yahoo! NanoClient Service (YNanoService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
O23 - Service: ZDManager Service - Unknown owner - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 27246 bytes


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by francisca at 19:38:59 on 2013-02-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3685.1400 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\24x7Help\App24x7Svc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
C:\Windows\system32\dmwu.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe
C:\Users\francisca\AppData\Local\Smartbar\Application\SnapDo.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\24x7Help\App24x7Help.exe
C:\Program Files (x86)\24x7Help\App24x7Hook.exe
C:\Program Files (x86)\24x7Help\App24x7Hook64.exe
C:\Windows\SysWOW64\schtasks.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla FireFox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla FireFox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe
C:\Users\francisca\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
uSearchAssistant = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
BHO: InfoAtoms: {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: Shopping Sidekick: {11111111-1111-1111-1111-110011501158} - C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll
BHO: ZD Manager IE Plugin: {18D6D197-45BB-465B-ADC0-274A70B49B55} - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
BHO: CouponAmazing: {A59D1D83-8A40-4FA5-9CC9-749D4D7BD472} - C:\Users\francisca\AppData\Local\couponamazing\ie\couponamazing_1357698002.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: TrueSuite Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [GoogleChromeAutoLaunch_5075ED5FA5DD9B9ED5ED20BB82467041] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
uRun: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"
uRun: [Browser Infrastructure Helper] C:\Users\francisca\AppData\Local\Smartbar\Application\SnapDo.exe startup
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [SMessaging] C:\Users\francisca\AppData\Local\Strongvault Online Backup\SMessaging.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Windows\System32\Sendori.dll
TCP: NameServer = 192.168.17.1
TCP: Interfaces\{541A4C82-EE27-4696-B0AB-468336D8D3F8} : NameServer = 216.146.35.240,216.146.36.240,192.168.17.1
TCP: Interfaces\{541A4C82-EE27-4696-B0AB-468336D8D3F8} : DHCPNameServer = 192.168.17.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll
x64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-TB: TrueSuite Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110801&tt=0313_3&babsrc=HP_ss&mntrId=54023b68000000000000b888e32f6238
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2012-12-08 21:44; [email protected]; C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected]
FF - ExtSQL: 2013-01-18 21:35; {336D0C35-8A85-403a-B9D2-65C292C39087}; C:\Program Files\IB Updater\Firefox
FF - ExtSQL: 2013-01-18 21:36; [email protected]; C:\Program Files (x86)\Unfriend Checker\FF
FF - ExtSQL: 2013-01-20 21:08; {58bd07eb-0ee0-4df0-8121-dc9b693373df}; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF - ExtSQL: !HIDDEN! 2012-10-25 18:00; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-12-08 21:44; [email protected]; C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-5-31 70416]
R0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-31 16152]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-28 25416]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-1-30 33344]
R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-12-8 394392]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-2-21 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-2-21 1104208]
R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-1-20 2550224]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-5-31 198784]
R2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-11-14 568832]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-1-24 107520]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-9 8447848]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-5-31 169776]
R2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-22 313672]
R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2013-1-18 188760]
R2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2013-1-18 1261936]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-31 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-31 163608]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-5-31 58192]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-3-27 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-5-31 61264]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-5-31 175440]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-3-27 133992]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-3-27 145256]
R2 TPHKSVC;Anzeige am Bildschirm;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-3-27 144960]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-31 363800]
R2 Updater Service for AMZN;Updater Service for AMZN;C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-5-22 222368]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-9 84080]
R2 YNanoService;Yahoo! NanoClient Service;C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [2012-7-25 157016]
R2 ZDManager Service;ZDManager Service;C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-12-27 176640]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-25 2669840]
R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-5-31 216064]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-2-21 1304912]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-31 331264]
R3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-31 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-31 786200]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-5-31 1662528]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-5-31 259688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-31 565352]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]
R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-5-31 27432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-2-2 145472]
S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-5-31 49376]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-11-30 94720]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-30 747008]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-2-14 60928]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-25 273168]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-5-31 1665088]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-04 16:54:38 -------- d-----w- C:\Users\francisca\AppData\Local\Amazon Browser Bar
2013-02-04 16:54:26 -------- d-----w- C:\Program Files (x86)\Amazon Browser Bar
2013-02-04 16:54:19 -------- d-----w- C:\Users\francisca\AppData\Local\NanoService
2013-02-04 16:54:18 -------- d-----w- C:\Users\francisca\AppData\Local\Yahoo!
2013-02-04 16:54:13 -------- d--h--w- C:\Windows\msdownld.tmp
2013-02-03 18:33:33 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BEB19B4-33E8-4776-AC21-0590480FEF21}\offreg.dll
2013-02-02 02:12:11 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BEB19B4-33E8-4776-AC21-0590480FEF21}\mpengine.dll
2013-01-24 19:30:21 -------- d-----w- C:\Users\francisca\AppData\Roaming\Optimizer Pro
2013-01-24 19:25:13 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-01-24 19:24:57 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-01-24 19:24:53 -------- d-----w- C:\Users\francisca\AppData\Roaming\DefaultTab
2013-01-24 19:24:43 -------- d-----w- C:\ProgramData\ZDManagerService
2013-01-24 19:24:42 -------- d-----w- C:\Program Files (x86)\ZD Systems
2013-01-24 19:24:33 -------- d-----w- C:\Program Files (x86)\Yontoo
2013-01-24 19:24:29 -------- d-----w- C:\ProgramData\Tarma Installer
2013-01-22 01:33:10 -------- d-----w- C:\Users\francisca\AppData\Local\Macromedia
2013-01-22 01:26:41 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-01-22 01:26:39 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-01-21 02:25:31 1700864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM9.dll
2013-01-21 02:25:31 1700864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM8.dll
2013-01-21 02:25:30 1702912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM6.dll
2013-01-21 02:25:30 1701376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM7.dll
2013-01-21 02:25:29 1702912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM5.dll
2013-01-21 02:25:29 1702400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM4.dll
2013-01-21 02:25:29 1701376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM11.dll
2013-01-21 02:25:29 1701376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\[email protected]\components\FFXPCOM10.dll
2013-01-21 02:10:00 -------- d-----w- C:\Users\francisca\AppData\Local\Mozilla
2013-01-21 02:08:59 -------- d-----w- C:\Windows\SysWow64\searchplugins
2013-01-21 02:08:59 -------- d-----w- C:\Windows\SysWow64\Extensions
2013-01-21 02:08:56 -------- d-----w- C:\Users\francisca\AppData\Roaming\BabSolution
2013-01-21 02:08:53 -------- d-----w- C:\ProgramData\BrowserProtect
2013-01-21 02:08:49 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2013-01-21 02:08:35 -------- d-----w- C:\Program Files (x86)\PricePeep
2013-01-21 02:08:27 -------- d-----w- C:\Users\francisca\AppData\Roaming\Babylon
2013-01-21 02:08:27 -------- d-----w- C:\ProgramData\Babylon
2013-01-21 01:47:09 -------- d-----w- C:\ProgramData\Uniblue
2013-01-19 02:41:36 -------- d-----w- C:\Program Files (x86)\Flash Player Pro
2013-01-19 02:37:29 -------- d-----w- C:\Users\francisca\AppData\Roaming\Uniblue
2013-01-19 02:37:26 -------- d-----w- C:\Program Files (x86)\Uniblue
2013-01-19 02:36:30 321384 ----a-w- C:\Windows\SysWow64\Sendori.dll
2013-01-19 02:36:27 -------- d-----w- C:\ProgramData\Sendori
2013-01-19 02:36:25 -------- d-----w- C:\Program Files (x86)\Sendori
2013-01-19 02:36:16 -------- d-----w- C:\Program Files (x86)\Unfriend Checker
2013-01-19 02:36:02 -------- d-----w- C:\Program Files (x86)\Perion
2013-01-19 02:35:57 -------- d-----w- C:\Program Files (x86)\Incredibar.com
2013-01-19 02:35:49 35328 ----a-w- C:\Windows\System32\ImHttpComm.dll
2013-01-19 02:35:49 1261936 ----a-w- C:\Windows\System32\dmwu.exe
2013-01-19 02:35:49 -------- d-----w- C:\Windows\SysWow64\WNLT
2013-01-19 02:35:49 -------- d-----w- C:\Windows\System32\ARFC
2013-01-19 02:35:47 -------- d-----w- C:\Program Files\IB Updater
2013-01-10 23:26:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-09 02:27:41 -------- d-----w- C:\Users\francisca\AppData\Roaming\RealNetworks
2013-01-09 02:27:34 -------- d-----w- C:\Users\francisca\AppData\Local\Real
2013-01-09 02:27:18 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-01-09 02:27:15 -------- d-----w- C:\ProgramData\RealNetworks
2013-01-09 02:27:05 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-01-09 02:26:52 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-01-09 02:26:52 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-01-09 02:24:20 -------- d-----w- C:\Users\francisca\AppData\Local\couponamazing
2013-01-09 02:23:47 -------- d-----w- C:\Users\francisca\AppData\Local\Smartbar
.
==================== Find3M ====================
.
2013-01-22 01:26:36 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-22 01:26:36 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 19:39:15,04 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13.07.2012 12:59:05
System Uptime: 04.02.2013 18:44:46 (1 hours ago)
.
Motherboard: LENOVO | | 325979G
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU Socket - U3E1 | 2185/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 385,157 GiB free.
D: is CDROM (UDF)
Q: is FIXED (NTFS) - 14 GiB total, 0,386 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
24x7 Help
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5) MUI
Amazon Browser Bar
Anzeige am Bildschirm
AOL Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec TrueSuite
Babylon Chrome Toolbar
Babylon toolbar
blinkx beat
Bonjour
BrowserProtect
BufferChm
Burn.Now 4.5
C4700
Conexant HD Audio
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
Coupon Printer for Windows
couponamazing
Create Recovery Media
D3DX10
DefaultTab
Destinations
DeviceDiscovery
Die Sims™ 3
Die Sims™ 3 Reiseabenteuer
Direct DiscRecorder
DisplayLink Core Software
Download Updater (AOL Inc.)
Energie-Manager
Evernote v. 4.2.3
Flash Player Pro V5.4
Funmoods
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
IB Updater 2.0.0.530
IB Updater Service
Incredibar Toolbar on IE
InfoAtoms
Integrated Camera Driver Installer Package Ver.1.2.1.16
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Update Manager
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel(R) WiDi
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi-Software
Intel® Trusted Connect Service Client
iTunes
Junk Mail filter update
Lenovo Auto Scroll Utility
Lenovo Graphics Software
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Registration
Lenovo SimpleTap
Lenovo Solution Center
Lenovo Solutions for Small Business
Lenovo Solutions for Small Business Customizations
Lenovo System Update
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
MarketResearch
McAfee Security Scan Plus
Mesh Runtime
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Firefox Packages
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Optimizer Pro v3.0
Origin
PC Fix Speed 1.2.0.24
PlayBryte
PricePeep
Privacy SafeGuard version 1.1
PS_AIO_06_C4700_SW_Min
QuickTransfer
RapidBoot
RapidBoot HDD Accelerator
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sendori
Shop for HP Supplies
Shopping Sidekick
Skype™ 6.0
SmartWebPrinting
SMPlayer 0.6.9
Snap.Do
Snap.Do Engine
SolutionCenter
Status
Strongvault Online Backup
SugarSync Manager
The Weather Channel App
The Weather Channel Desktop 6
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkVantage Communications Utility
ThinkVantage System für aktiven Festplattenschutz
Toolbox
TrayApp
Unfriend Checker
Uniblue DriverScanner
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
VIP Access
Wajam
WebReg
Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032)
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Axis
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 1.12.02
ZD Manager
.
==== End Of File ===========================

GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-04 19:44:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.GH2Z 465,76GB
Running: 9o8knkni.exe; Driver: C:\Users\FRANCI~1\AppData\Local\Temp\kwtoruod.sys

---- User code sections - GMER 2.0 ----
.text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2684] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\sndappv2.exe[3068] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000717811a8 2 bytes [78, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000007178127d 2 bytes [78, 71]
.text ... * 6
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000717813a8 2 bytes [78, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000071781422 2 bytes [78, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000071781498 2 bytes [78, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000069fe1825 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000069fe1830 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 0000000069fe183b 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000069fe1846 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000069fe1851 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 0000000069fe185c 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000069fe1867 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000069fe1872 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 0000000069fe187d 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000069fe1888 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000069fe1893 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 0000000069fe189e 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 0000000069fe18a9 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 0000000069fe18b4 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 0000000069fe18bf 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 0000000069fe18ca 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 0000000069fe18d5 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 0000000069fe18e0 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 0000000069fe18eb 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 0000000069fe18f6 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000069fe1901 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 0000000069fe190c 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000069fe1917 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000069fe1922 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 0000000069fe192d 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000069fe1938 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000069fe1943 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 0000000069fe194e 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000069fe1959 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000069fe1964 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 0000000069fe196f 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 0000000069fe197a 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000069fe1985 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000069fe1990 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 0000000069fe199b 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 0000000069fe19a6 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 0000000069fe19b1 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 0000000069fe19bc 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 0000000069fe19c7 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 0000000069fe19d2 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 0000000069fe19dd 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 0000000069fe19e8 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 0000000069fe19f3 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 0000000069fe19fe 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000069fe1a09 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000069fe1a14 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000069fe1a1f 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000069fe1a2a 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000069fe1a35 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000069fe1a40 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000069fe1a4b 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000069fe1a56 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000069fe1a61 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000069fe1a6c 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000069fe1a77 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000069fe1a82 2 bytes [FE, 69]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5100] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000069fe1ab2 2 bytes [FE, 69]
.text C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe[4480] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Users\francisca\AppData\Local\Smartbar\Application\SnapDo.exe[4496] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2052] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe[3944] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\StrongVault\StrongVaultApp.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe[5208] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5272] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[7096] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[4400] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x7cba28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x7cba68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x7cb9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x7cb928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x7cbb28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x7cbb68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x7cbae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x7cbaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x7cb868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x7cb8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x7cb828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x7cb9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x7cb968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7680] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x7cb8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x46d628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x46d668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x46d5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x46d528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x46d728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x46d768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x46d6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x46d6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x46d468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x46d4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x46d428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x46d5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x46d568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7704] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x46d4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0xaeee28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0xaeee68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0xaeeda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0xaeed28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0xaeef28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0xaeef68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0xaeeee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0xaeeea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0xaeec68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0xaeeca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0xaeec28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0xaeede8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0xaeed68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7724] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0xaeece8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x472628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x472668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x4725a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x472528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x472728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x472768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x4726e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x4726a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x472468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x4724a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x472428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x4725e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x472568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7748] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x4724e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x2d3628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x2d3668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x2d35a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x2d3528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x2d3728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x2d3768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x2d36e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x2d36a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x2d3468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x2d34a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x2d3428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x2d35e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x2d3568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x2d34e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x46aa28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x46aa68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x46a9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x46a928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x46ab28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x46ab68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x46aae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x46aaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x46a868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x46a8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x46a828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x46a9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x46a968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x46a8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x36ae28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x36ae68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x36ada8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x36ad28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x36af28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x36af68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x36aee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x36aea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x36ac68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x36aca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x36ac28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x36ade8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x36ad68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7792] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x36ace8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x76b228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x76b268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x76b1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x76b128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x76b328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x76b368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x76b2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x76b2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x76b068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x76b0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x76b028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x76b1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x76b168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7824] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x76b0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0xf2ae28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0xf2ae68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0xf2ada8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0xf2ad28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0xf2af28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0xf2af68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0xf2aee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0xf2aea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0xf2ac68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0xf2aca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0xf2ac28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0xf2ade8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0xf2ad68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7852] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0xf2ace8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0xfbae28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0xfbae68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0xfbada8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0xfbad28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0xfbaf28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0xfbaf68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0xfbaee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0xfbaea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0xfbac68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0xfbaca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0xfbac28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0xfbade8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0xfbad68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7868] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0xfbace8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x610228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x610268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x6101a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x610128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x610328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x610368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x6102e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x6102a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x610068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x6100a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x610028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x6101e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x610168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7876] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x6100e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x713628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x713668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x7135a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x713528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x713728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x713768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x7136e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x7136a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x713468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x7134a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x713428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x7135e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x713568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7888] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x7134e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x886228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x886268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x8861a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x886128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x886328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x886368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x8862e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x8862a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x886068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x8860a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x886028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x8861e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x886168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x8860e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0xadea28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0xadea68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0xade9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0xade928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0xadeb28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0xadeb68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0xadeae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0xadeaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0xade868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0xade8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0xade828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0xade9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0xade968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7912] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0xade8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 7 bytes {MOV EDX, 0x6a5a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 7 bytes {MOV EDX, 0x6a5a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 7 bytes {MOV EDX, 0x6a59a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 7 bytes {MOV EDX, 0x6a5928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 7 bytes {MOV EDX, 0x6a5b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 7 bytes {MOV EDX, 0x6a5b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 7 bytes {MOV EDX, 0x6a5ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 7 bytes {MOV EDX, 0x6a5aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 7 bytes {MOV EDX, 0x6a5868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 7 bytes {MOV EDX, 0x6a58a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 7 bytes {MOV EDX, 0x6a5828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 7 bytes {MOV EDX, 0x6a59e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 7 bytes {MOV EDX, 0x6a5968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 7 bytes {MOV EDX, 0x6a58e8; JMP RDX}
.text C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe[9172] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000766387b1 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[10648] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[11096] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a1f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077a1f99b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077a1fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077a1fa17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077a1fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077a1fb2f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a1fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077a1fbdf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a1fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077a1fc0f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a1fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077a1fc27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a1fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077a1fc3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a1fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077a1fc6f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a1fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077a1fcef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a1fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077a1fd07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a1fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077a1fd53 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077a1fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077a1fdb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a1fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077a1fe4b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077a1ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077a1ff93 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a20099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077a200a3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077a20781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077a2078b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077a20ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077a21007 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077a2105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077a21067 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a210a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077a210af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a2111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077a21127 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a21321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077a2132b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007663103d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076631072 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000076cd119f 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000076cd11cf 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076b64de0 5 bytes JMP 00000001001203b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076b64f70 5 bytes JMP 00000001001205f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000076b651a2 5 bytes JMP 00000001001208f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000076b6522d 5 bytes JMP 0000000100120a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076b65689 5 bytes JMP 00000001001201b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b658b3 5 bytes JMP 0000000100120170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076b66bad 5 bytes JMP 0000000100120370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076b66e05 5 bytes JMP 0000000100120570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000076b66ead 5 bytes JMP 0000000100120530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076b67180 5 bytes JMP 00000001001206b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076b67435 5 bytes JMP 0000000100120770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b67bcc 5 bytes JMP 00000001001200b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076b67dc4 5 bytes JMP 00000001001203f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076b67fd5 5 bytes JMP 0000000100120d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000076b682b2 5 bytes JMP 0000000100120e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000076b68401 5 bytes JMP 00000001001209f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000076b6879f 5 bytes JMP 00000001001202f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076b68916 5 bytes JMP 00000001001205b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076b68b7a 5 bytes JMP 0000000100120970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000076b68ee6 5 bytes JMP 0000000100120470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076b69875 5 bytes JMP 0000000100120c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000076b69936 5 bytes JMP 0000000100120d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000076b6a53a 5 bytes JMP 00000001001209b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000076b6af9f 5 bytes JMP 0000000100120330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!LineTo 0000000076b6b9e5 5 bytes JMP 0000000100120430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000076b6bd55 5 bytes JMP 0000000100120db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000076b6c040 5 bytes JMP 0000000100120130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000076b6c107 5 bytes JMP 0000000100120670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000076b6c269 5 bytes JMP 00000001001206f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000076b6d1f1 5 bytes JMP 0000000100120df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000076b6d349 5 bytes JMP 0000000100120630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000076b6dce4 5 bytes JMP 0000000100120930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b6e743 5 bytes JMP 00000001001200f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000076b703b7 5 bytes JMP 00000001001202b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!Escape 0000000076b71bda 5 bytes JMP 0000000100120270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000076b71e89 5 bytes JMP 0000000100120cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000076b74843 5 bytes JMP 0000000100120b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000076b75690 5 bytes JMP 0000000100120b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!EndPage 0000000076b76bde 5 bytes JMP 0000000100120230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000076b7e2db 5 bytes JMP 0000000100120ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 0000000076b8940d 5 bytes JMP 0000000100120cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 0000000076b8c621 5 bytes JMP 0000000100120bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 0000000076b8d2b2 5 bytes JMP 0000000100120bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 0000000076b8d919 5 bytes JMP 0000000100120c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076b93adc 5 bytes JMP 0000000100120030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000076b93f29 5 bytes JMP 00000001001201f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!StartPage 0000000076b9401a 5 bytes JMP 0000000100120730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076b94c51 5 bytes JMP 00000001001207f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!BeginPath 0000000076b953fd 5 bytes JMP 0000000100120830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076b95454 5 bytes JMP 0000000100120af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!CloseFigure 0000000076b954af 5 bytes JMP 0000000100120070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076b95506 5 bytes JMP 0000000100120a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!StrokePath 0000000076b9573f 5 bytes JMP 00000001001207b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!FillPath 0000000076b957d2 5 bytes JMP 0000000100120870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000076b95c44 5 bytes JMP 00000001001204f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000076b95cd5 5 bytes JMP 00000001001204b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000076b95d87 5 bytes JMP 00000001001208b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!MapWindowPoints 00000000751b8c40 5 bytes JMP 0000000100130570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000751b9ebd 5 bytes JMP 00000001001302b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000751c0afa 5 bytes JMP 00000001001302f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000751c0c62 7 bytes JMP 00000001001305b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetParent 00000000751c0f68 7 bytes JMP 00000001001306f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!IsWindowVisible 00000000751c112d 7 bytes JMP 00000001001306b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000751c12a5 5 bytes JMP 00000001001305f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!ScreenToClient 00000000751c227d 7 bytes JMP 0000000100130670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000751c3150 7 bytes JMP 0000000100130630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!SetCursor 00000000751c41f6 5 bytes JMP 0000000100130530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000751c68ef 5 bytes JMP 0000000100130270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000751c77fa 5 bytes JMP 0000000100130230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetTopWindow 00000000751c7887 7 bytes JMP 0000000100130730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000751c8676 5 bytes JMP 00000001001300f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000751c8696 5 bytes JMP 0000000100130330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000751c8e8d 5 bytes JMP 00000001001300b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!OpenClipboard 00000000751c8ecb 5 bytes JMP 0000000100130070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 00000000751cc17b 5 bytes JMP 0000000100130430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 00000000751cc449 5 bytes JMP 00000001001301b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 00000000751cc468 5 bytes JMP 00000001001303f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 00000000751cc486 5 bytes JMP 00000001001301f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000751cc4b6 5 bytes JMP 00000001001304b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000751cd6c0 5 bytes JMP 00000001001304f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 00000000751ce360 5 bytes JMP 0000000100130370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000751f8e57 5 bytes JMP 0000000100130170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000751f9cfd 5 bytes JMP 0000000100130770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000751f9f1d 5 bytes JMP 0000000100130030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075217cb9 5 bytes JMP 0000000100130130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000075218111 5 bytes JMP 0000000100130470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007521832f 5 bytes JMP 00000001001303b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000750f9606 5 bytes JMP 00000001001400f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000075100581 5 bytes JMP 0000000100140130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000075100bb9 5 bytes JMP 0000000100140270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000075100c2e 5 bytes JMP 00000001001401b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000075100f2e 5 bytes JMP 0000000100140070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000075101096 5 bytes JMP 00000001001400b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007510124e 5 bytes JMP 00000001001401f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 000000007510129d 5 bytes JMP 0000000100140230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000075101527 5 bytes JMP 0000000100140030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000075101590 5 bytes JMP 0000000100140170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000076910045 5 bytes JMP 0000000100150030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000769136b2 5 bytes JMP 0000000100150070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\ole32.dll!OleGetClipboard 000000007693fdcd 5 bytes JMP 00000001001500b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[8844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[7424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Users\francisca\Downloads\HijackThis.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
? C:\Windows\system32\mssprxy.dll [6008] entry point in ".rdata" section 00000000739f71e6
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[7700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Program Files\Internet Explorer\iexplore.exe[11272] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefe6a4ed0 9 bytes [68, 78, 03, A4, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[11272] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc265c54 7 bytes [68, 08, 03, A4, 02, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[11272] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc265c64 9 bytes [68, 40, 03, A4, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[11272] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefe5b17a0 9 bytes [68, B0, 03, A4, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 000000007783f548 7 bytes JMP 00000001030408b8
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 000000007784b0ac 7 bytes JMP 00000001030408f0
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\kernel32.dll!CreateThread 00000000772b6580 9 bytes JMP 0000000103040810
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff8475f0 7 bytes [68, 28, 09, 04, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefe641180 10 bytes [68, 08, 0A, 04, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefe641320 7 bytes [68, 98, 09, 04, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefe644450 6 bytes [68, 60, 09, 04, 03, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefe646720 10 bytes [68, D0, 09, 04, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefe6a4ed0 9 bytes [68, 78, 03, 04, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc265c54 7 bytes [68, 08, 03, 04, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc265c64 9 bytes [68, 40, 03, 04, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\comdlg32.dll!PrintDlgW 000007fefe5b1164 9 bytes [68, A8, 05, 04, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefe5b17a0 9 bytes [68, B0, 03, 04, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6764] C:\Windows\system32\comdlg32.dll!PrintDlgA 000007fefe5e0240 6 bytes [68, E0, 05, 04, 03, C3]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[12896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 00000001746346c0
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes [3C, 75]
.text ... * 9
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes [3C, 75]
.text C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\9o8knkni.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes [3C, 75]
---- Threads - GMER 2.0 ----
Thread C:\Windows\System32\svchost.exe [696:10980] 000007feec393efc
Thread C:\Windows\System32\svchost.exe [696:11080] 000007feec4a8a4c
Thread C:\Windows\System32\svchost.exe [2988:12492] 000007fee8da9688
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d434429fa
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 1826
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d434429fa (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,046
Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.
 

sweety_pie

Thread Starter
Joined
Feb 3, 2013
Messages
20
# AdwCleaner v2.111 - Datei am 08/02/2013 um 19:26:50 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : francisca - FRANCISCA-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1GZBGQ2\AdwCleaner.exe
# Option [Suche]

**** [Dienste] ****
Gefunden : 24x7HelpSvc
Gefunden : BrowserProtect
Gefunden : DefaultTabSearch
Gefunden : DefaultTabUpdate
Gefunden : IB Updater
Gefunden : IBUpdaterService
Gefunden : WajamUpdater
***** [Dateien / Ordner] *****
Datei Gefunden : C:\END
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\francisca\AppData\Local\funmoods.crx
Datei Gefunden : C:\Users\francisca\AppData\Local\funmoods-speeddial_sf.crx
Datei Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Datei Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\bprotector_prefs.js
Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\search-here.xml
Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files (x86)\BabylonToolbar
Ordner Gefunden : C:\Program Files (x86)\Common Files\Software Update Utility
Ordner Gefunden : C:\Program Files (x86)\DealPly
Ordner Gefunden : C:\Program Files (x86)\DefaultTab
Ordner Gefunden : C:\Program Files (x86)\Funmoods
Ordner Gefunden : C:\Program Files (x86)\incredibar.com
Ordner Gefunden : C:\Program Files (x86)\Optimizer Pro
Ordner Gefunden : C:\Program Files (x86)\Perion
Ordner Gefunden : C:\Program Files (x86)\Playbryte
Ordner Gefunden : C:\Program Files (x86)\PricePeep
Ordner Gefunden : C:\Program Files (x86)\Wajam
Ordner Gefunden : C:\Program Files (x86)\Yontoo
Ordner Gefunden : C:\Program Files\IB Updater
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\BrowserProtect
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\FRANCI~1\AppData\Local\Temp\Smartbar
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gefunden : C:\Users\francisca\AppData\Local\Smartbar
Ordner Gefunden : C:\Users\francisca\AppData\Local\Wajam
Ordner Gefunden : C:\Users\francisca\AppData\LocalLow\incredibar.com
Ordner Gefunden : C:\Users\francisca\AppData\LocalLow\Playbryte
Ordner Gefunden : C:\Users\francisca\AppData\LocalLow\Smartbar
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\24x7 Help
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\BabSolution
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\DefaultTab
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Funmoods
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\Optimizer Pro
Ordner Gefunden : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Ordner Gefunden : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\24x7HELP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DefaultTab
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PricePeep
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Cr_Installer
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\DealPly
Schlüssel Gefunden : HKCU\Software\Default Tab
Schlüssel Gefunden : HKCU\Software\DefaultTab
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\incredibar.com
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\SmartbarBackup
Schlüssel Gefunden : HKCU\Software\SmartbarLog
Schlüssel Gefunden : HKCU\Software\Wajam
Schlüssel Gefunden : HKCU\Software\WNLT
Schlüssel Gefunden : HKCU\Software\5e2dedbb76eea49
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\24x7HELP
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\f
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504458}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Default Tab
Schlüssel Gefunden : HKLM\Software\DefaultTab
Schlüssel Gefunden : HKLM\Software\IB Updater
Schlüssel Gefunden : HKLM\Software\incredibar.com
Schlüssel Gefunden : HKLM\Software\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\Software\Playbryte
Schlüssel Gefunden : HKLM\Software\Wajam
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\5e2dedbb76eea49
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011501158}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502258}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055505558}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501158}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gefunden : HKU\S-1-5-21-4088704973-2131027104-1757421381-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-4088704973-2131027104-1757421381-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48B8-9D63-80849FE137CB}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837
-\\ Mozilla Firefox v18.0.1 (en-US)
Datei : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\prefs.js
Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gefunden : user_pref("browser.search.selectedEngine", "Web Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTech[...]
Gefunden : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&[...]
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [44425 octets] - [08/02/2013 19:26:50]
########## EOF - C:\AdwCleaner[R1].txt - [44486 octets] ##########
 

sweety_pie

Thread Starter
Joined
Feb 3, 2013
Messages
20
Did you ever try to give me instructions via e-mail? Because if so, I didn´t receive any of your mails. :confused:
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,046
No. We don't assist by e-mail. Everything is done on the boards. But you should receive e-mail notification whenever I reply here so you know to come back and do the next tasks.

Now, please run AdwCleaner again but this time select the "delete" option and allow the computer to reboot. Then post the resulting log.

Have you installed Microsoft Security Essentials as your anti-virus program?
 

sweety_pie

Thread Starter
Joined
Feb 3, 2013
Messages
20
Yes, I installed the Anti-virus programm. Here´s the log:
# AdwCleaner v2.111 - Datei am 08/02/2013 um 22:29:39 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : francisca - FRANCISCA-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\francisca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD2AA1H6\AdwCleaner.exe
# Option [Löschen]

**** [Dienste] ****
Gestoppt & Gelöscht : 24x7HelpSvc
Gestoppt & Gelöscht : BrowserProtect
Gestoppt & Gelöscht : DefaultTabSearch
Gestoppt & Gelöscht : DefaultTabUpdate
Gestoppt & Gelöscht : IB Updater
Gestoppt & Gelöscht : IBUpdaterService
Gestoppt & Gelöscht : WajamUpdater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\francisca\AppData\Local\funmoods.crx
Datei Gelöscht : C:\Users\francisca\AppData\Local\funmoods-speeddial_sf.crx
Datei Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Datei Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\search-here.xml
Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\Web Search.xml
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Gelöscht mit Neustart : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnbpjcckofijioeebipepekepoceodh
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Software Update Utility
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\DefaultTab
Ordner Gelöscht : C:\Program Files (x86)\Funmoods
Ordner Gelöscht : C:\Program Files (x86)\incredibar.com
Ordner Gelöscht : C:\Program Files (x86)\OApps
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\Playbryte
Ordner Gelöscht : C:\Program Files (x86)\PriceGong
Ordner Gelöscht : C:\Program Files (x86)\PricePeep
Ordner Gelöscht : C:\Program Files (x86)\VisualBee_V.1
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\FRANCI~1\AppData\Local\Temp\CT3284023
Ordner Gelöscht : C:\Users\FRANCI~1\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnbpjcckofijioeebipepekepoceodh
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\francisca\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\francisca\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\francisca\AppData\LocalLow\Playbryte
Ordner Gelöscht : C:\Users\francisca\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\francisca\AppData\LocalLow\VisualBee_V.1
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\24x7 Help
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\DefaultTab
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b}
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\24x7HELP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PricePeep
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\VisualBee_V.1
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Default Tab
Schlüssel Gelöscht : HKCU\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\elnbpjcckofijioeebipepekepoceodh
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\incredibar.com
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\5e2dedbb76eea49
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\24x7HELP
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\f
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3284023
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504458}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Default Tab
Schlüssel Gelöscht : HKLM\Software\DefaultTab
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
Schlüssel Gelöscht : HKLM\Software\Playbryte
Schlüssel Gelöscht : HKLM\Software\VisualBee_V.1
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e2dedbb76eea49
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011501158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502258}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055505558}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\elnbpjcckofijioeebipepekepoceodh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED3AFF8A-40E2-4091-84DF-9F8E7E846ADF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8573EB3-CB99-4FF1-B16F-6CEFD935FE52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_V.1 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKU\S-1-5-21-4088704973-2131027104-1757421381-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=hp --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtB0FyCtBtAzztA0ByCzztN0D0Tzu0CtAyEtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1153498837 --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.1 (en-US)
Datei : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\prefs.js
C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("CT3284023.autoDisableScopes", -1);
Gelöscht : user_pref("CT3284023.UserID", "UN41815829461741225");
Gelöscht : user_pref("ct3284023.UserID", "UN41815829461741225");
Gelöscht : user_pref("CT3284023.installDate", "8/2/2013 19:50:06");
Gelöscht : user_pref("CT3284023.autoDisableScopes", 10);
Gelöscht : user_pref("smartbar.originalHomepage", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTec[...]
Gelöscht : user_pref("CT3284023.smartbar.homepage", "true");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3284023&SearchSource=13&CUI[...]
Gelöscht : user_pref("CT3284023.startPageXPETakeover", "true");
Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3284023&SearchSource=13[...]
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284023&Sea[...]
Gelöscht : user_pref("browser.search.defaultthis.engineName", "VisualBee V.1 Customized Web Search");
Gelöscht : user_pref("browser.search.selectedEngine", "VisualBee V.1 Customized Web Search");
Gelöscht : user_pref("CT3284023.browser.search.defaultthis.engineName", "true");
Gelöscht : user_pref("CT3284023.defaultSearchXPETakeover", "true");
Gelöscht : user_pref("smartbar.originalSearchEngine", "Web Search");
Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=[...]
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://feed.snap.do/?publisher=VertiTechnology&d[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3284023&SearchSource=2&CU[...]
Gelöscht : user_pref("CT3284023.keyword", "true");
Gelöscht : user_pref("CT3284023.addressUrlXPETakeover", "true");
Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [44418 octets] - [08/02/2013 19:26:50]
AdwCleaner[S1].txt - [50807 octets] - [08/02/2013 22:29:39]
########## EOF - C:\AdwCleaner[S1].txt - [50868 octets] ##########
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,046
Great. You're doing very well so let's continue.

Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
 

sweety_pie

Thread Starter
Joined
Feb 3, 2013
Messages
20
When I try to run ComboFix it first shuts my whole computer down and when it is done and I can copy the log, none of my programs work and I have to shut my whole system down again, before my internet works. What should I do, if I can´t give you the log? :confused:
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,046
Did ComboFix actually run? If so the log should be at:

C:\combofix.txt
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,046
The program should be on your desktop but the log file would not be on the desktop. It would be in the root drive C.

Let's do something else instead though.

Please download OTL to your Desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under Custom Scans/Fixes type in Netsvcs
  • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
  • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy and paste the contents of both of these files here in your next reply.
 

sweety_pie

Thread Starter
Joined
Feb 3, 2013
Messages
20
Here are the logs you asked for: :)

OTL:

OTL logfile created on: 23.02.2013 16:48:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\francisca\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,60 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 49,18% Memory free
7,20 Gb Paging File | 4,61 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,62 Gb Total Space | 378,55 Gb Free Space | 84,01% Space Free | Partition Type: NTFS
Drive D: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 13,67 Gb Total Space | 0,39 Gb Free Space | 2,83% Space Free | Partition Type: NTFS

Computer Name: FRANCISCA-THINK | User Name: francisca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.23 16:47:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\francisca\Desktop\OTL.exe
PRC - [2013.02.22 16:26:50 | 000,107,520 | ---- | M] () -- C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013.01.25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.01.08 21:26:53 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012.12.27 13:39:44 | 000,176,640 | ---- | M] () -- C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe
PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.10 18:01:54 | 000,196,456 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
PRC - [2012.12.10 18:01:54 | 000,118,632 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
PRC - [2012.12.10 18:01:54 | 000,082,792 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
PRC - [2012.12.10 18:01:54 | 000,014,696 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
PRC - [2012.11.29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012.10.30 11:55:30 | 000,218,144 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012.10.26 13:16:12 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
PRC - [2012.09.19 03:00:48 | 000,383,648 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
PRC - [2012.09.07 14:04:41 | 000,359,424 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
PRC - [2012.07.25 10:57:48 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
PRC - [2012.05.22 11:21:28 | 000,222,368 | ---- | M] () -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
PRC - [2012.04.11 16:16:00 | 001,662,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2012.04.11 16:16:00 | 000,128,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2012.04.10 11:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2012.04.10 11:42:54 | 000,283,984 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012.04.10 11:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012.04.10 11:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2012.04.09 22:41:56 | 002,542,184 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
PRC - [2012.04.09 22:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2012.04.04 17:04:54 | 000,031,664 | ---- | M] (Stronghold Online Backup) -- C:\Users\francisca\AppData\Local\Strongvault Online Backup\SMessaging.exe
PRC - [2012.03.23 04:49:40 | 001,529,656 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\SimpleTap\SimpleTap.exe
PRC - [2012.03.06 17:49:08 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.03.06 17:49:04 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.24 04:53:10 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
PRC - [2012.02.21 12:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.02.21 12:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012.02.21 12:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.02.21 12:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2012.01.25 02:44:56 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2012.01.17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2012.01.04 14:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.12.29 05:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.12.22 14:37:14 | 000,145,224 | ---- | M] (AuthenTec Inc.) -- C:\Programme\AuthenTec TrueSuite\x86\BioMonitor.exe
PRC - [2011.07.12 02:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.01.06 23:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.03.11 07:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008.11.09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.01.10 05:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013.02.18 23:45:38 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll
MOD - [2013.02.18 23:11:17 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013.02.18 23:09:50 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
MOD - [2013.02.18 23:09:23 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013.02.18 23:09:20 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll
MOD - [2013.02.18 23:09:19 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.02.18 23:08:53 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e290208a6d4ea4451ac118f1e0c3b488\Accessibility.ni.dll
MOD - [2013.02.17 23:55:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.02.17 23:55:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.17 23:55:37 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.17 23:55:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.02.17 22:26:50 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013.01.15 12:44:49 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.01.11 17:18:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.11 07:15:14 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.11 06:49:26 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013.01.11 06:49:13 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013.01.11 06:49:02 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013.01.11 06:49:01 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.11 06:48:57 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.11 06:48:56 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.11 06:48:56 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.11 06:48:55 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.11 06:48:53 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.11 06:48:48 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.10.05 05:53:24 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012.10.05 05:53:23 | 005,988,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012.10.05 05:53:23 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2012.10.05 05:53:23 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2012.09.07 14:04:41 | 000,359,424 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
MOD - [2012.05.31 20:18:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2012.05.30 13:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 13:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.12.25 15:42:15 | 005,255,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011.12.22 14:37:18 | 000,823,112 | ---- | M] () -- C:\Programme\AuthenTec TrueSuite\x86\DataManager.dll
MOD - [2011.10.04 20:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2010.11.20 22:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.20 22:24:25 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010.11.20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.20 22:24:07 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2010.11.20 22:24:07 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2010.11.12 18:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.02.29 01:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.12.28 15:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.12.17 03:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009.07.13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.22 16:26:50 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013.02.06 20:39:59 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.27 13:39:44 | 000,176,640 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe -- (ZDManager Service)
SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 18:01:54 | 003,569,512 | ---- | M] (Sendori) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2012.12.10 18:01:54 | 000,118,632 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2012.12.10 18:01:54 | 000,014,696 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012.11.23 15:20:54 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 13:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.25 10:57:48 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)
SRV - [2012.05.22 11:21:28 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
SRV - [2012.04.11 16:16:00 | 001,665,088 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2012.04.11 16:16:00 | 001,662,528 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2012.04.10 11:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV - [2012.04.10 11:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2012.04.10 11:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2012.04.09 22:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2012.03.06 17:49:18 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.03.06 17:49:16 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.06 17:49:08 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.03.06 17:49:04 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.27 06:01:00 | 000,049,376 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (Intel(R)
SRV - [2012.02.25 22:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.02.25 22:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.02.25 22:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.02.25 22:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.02.21 12:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.02.21 12:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012.02.21 12:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.02.09 02:10:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.02 15:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.02 07:28:32 | 000,145,472 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2012.01.17 09:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.01.17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2012.01.09 05:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.12.29 05:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.12.22 14:36:54 | 000,313,672 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\AuthenTec TrueSuite\TrueSuiteService.exe -- (FPLService)
SRV - [2011.11.09 13:11:05 | 008,447,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2011.07.12 02:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 02:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 02:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.01.06 23:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.09.22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 07:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 07:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.01.10 05:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.04.11 16:16:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012.04.01 23:40:50 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.29 01:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012.02.20 05:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.02.16 09:19:42 | 000,216,064 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012.02.14 05:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.02.01 15:52:02 | 014,659,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.01.31 00:17:44 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012.01.09 05:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.01.09 05:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.01.04 14:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.04 14:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.04 14:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.12.28 15:48:24 | 000,147,784 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.12.28 15:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.12.26 04:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.12.23 07:37:12 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.12.20 10:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.12.20 10:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.12.08 16:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.12.08 16:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.12.07 11:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
DRV:64bit: - [2011.12.06 06:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.30 04:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.30 04:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.11.10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.26 21:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011.08.23 07:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.29 05:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2011.05.13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.05.13 02:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.05.13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.05.13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.05.13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010.11.20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.08.02 14:57:30 | 000,056,136 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys -- (X5XSEx_Pr143)
DRV - [2012.01.30 13:40:02 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com...b&tb_uuid=20121207214056354&tb_oid=07-12-2012
&tb_mrud=07-12-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{48919D28-4FFA-4D66-A705-6097B2CB0634}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{704C639C-C1B1-483F-9C72-E28C8D1D026D}: "URL" = http://www.mysearchresults.com/search?&c=4204&t=11&q={searchTerms}
IE - HKCU\..\SearchScopes\{A2492ECD-8EA7-4FF4-8B97-C32565F837FE}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{B4C4CA69-F79A-4A50-8C24-B95F89839BB0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: uc%40uc.com:1.0
FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121130
FF - prefs.js..extensions.enabledAddons: infoatoms%40infoatoms.com:1.4.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.25 17:00:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla FireFox\extensions\[email protected] [2013.02.06 20:39:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.08 21:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.01.08 21:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.05.31 11:02:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla FireFox\components [2013.02.06 20:39:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla FireFox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.25 17:00:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Unfriend Checker\FF\ [2013.01.18 21:36:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla FireFox\components [2013.02.06 20:39:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla FireFox\plugins

[2013.01.20 21:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\francisca\AppData\Roaming\mozilla\Extensions
[2013.02.08 22:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\francisca\AppData\Roaming\mozilla\Firefox\Profiles\iwrs8z2w.default\Extensions
[2013.02.04 11:54:25 | 000,000,000 | ---D | M] ("Amazon Browser Bar") -- C:\Users\francisca\AppData\Roaming\mozilla\Firefox\Profiles\iwrs8z2w.default\Extensions\[email protected]
[2013.02.04 12:01:06 | 000,002,292 | ---- | M] () -- C:\Users\francisca\AppData\Roaming\mozilla\firefox\profiles\iwrs8z2w.default\searchplugins\amazon.xml
[2013.02.06 20:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 20:39:55 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\mozilla firefox\extensions\[email protected]
[2013.01.18 21:36:16 | 000,000,000 | ---D | M] ("Unfriend Checker") -- C:\PROGRAM FILES (X86)\UNFRIEND CHECKER\FF
[2013.02.06 20:39:59 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.04 22:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://feed.snap.do/?publisher=Vert...5a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=hp
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snap.do/?publisher=Vert...020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://feed.snap.do/?publisher=Vert...5a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: TrueSuite (Enabled) = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombkllfdikmoepjdpmdaiinfbjpnkboa\2.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: SelectionLinks = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\animabehecgmjjbhlbdepknacikjpico\4.1_0\
CHR - Extension: Unfriend Checker = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiponhbbifajapmbggbgaepiedinifm\1.1_0\
CHR - Extension: YouTube = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: VisualBee V.1 = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnbpjcckofijioeebipepekepoceodh\10.14.251.3_0\
CHR - Extension: Privacy SafeGuard = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\
CHR - Extension: InfoAtoms = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.4.0.0_0\
CHR - Extension: RealDownloader = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Amazing Coupons = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: Shopping Sidekick = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.21.51_0\crossrider
CHR - Extension: Shopping Sidekick = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.21.51_0\
CHR - Extension: Website Logon = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombkllfdikmoepjdpmdaiinfbjpnkboa\2.0_0\
CHR - Extension: Google Mail = C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013.02.10 20:23:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
O2 - BHO: (Unfriend Checker) - {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (InfoAtoms) - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (ZD Manager IE Plugin) - {18D6D197-45BB-465B-ADC0-274A70B49B55} - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll (ZD Systems)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (SelectionLinks) - {491BCA71-06F9-42e1-A72E-76D897607E2B} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll File not found
O2 - BHO: (CouponAmazing) - {A59D1D83-8A40-4FA5-9CC9-749D4D7BD472} - C:\Users\francisca\AppData\Local\couponamazing\ie\couponamazing_1357698002.dll ()
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PCFixSpeed] C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe (Crawler.com)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [SMessaging] C:\Users\francisca\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [ChicaPasswordManager] C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe (ChicaLogic, Inc.)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_5075ED5FA5DD9B9ED5ED20BB82467041] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{541A4C82-EE27-4696-B0AB-468336D8D3F8}: DhcpNameServer = 192.168.17.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.14 03:23:09 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.09.21 14:58:33 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.23 16:47:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\francisca\Desktop\OTL.exe
[2013.02.22 16:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
[2013.02.22 16:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPlayer
[2013.02.22 16:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
[2013.02.22 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Roaming\player
[2013.02.22 16:26:53 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Roaming\Optimizer Pro
[2013.02.22 16:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2013.02.22 16:26:47 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Roaming\DefaultTab
[2013.02.22 16:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2013.02.22 00:14:18 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
[2013.02.22 00:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com
[2013.02.17 22:21:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.17 22:21:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.17 22:21:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.17 22:21:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.17 22:21:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.17 22:21:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.17 22:21:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.17 22:21:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.17 22:21:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.17 22:21:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.17 22:21:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.17 22:21:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.17 22:21:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.17 22:21:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.17 22:21:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.16 17:44:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.16 17:44:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.16 17:44:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.16 17:44:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.16 17:44:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.16 17:44:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.16 17:35:54 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.16 17:34:09 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.16 17:34:09 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.16 17:34:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.10 20:23:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.10 17:19:42 | 013,085,120 | ---- | C] (Microsoft Corporation) -- C:\Users\francisca\Desktop\Silverlight_x64.exe
[2013.02.09 17:33:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.09 17:33:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.09 17:33:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.09 17:33:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.09 17:33:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.09 17:31:05 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\francisca\Desktop\puppy.exe
[2013.02.09 17:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2013.02.09 17:08:00 | 000,000,000 | ---D | C] -- C:\rei
[2013.02.09 17:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013.02.09 16:49:26 | 000,000,000 | --SD | C] -- C:\Users\francisca\Documents\Chica Passwords
[2013.02.08 22:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChicaLogic
[2013.02.08 22:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ChicaLogic
[2013.02.08 19:50:44 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\VisualBeeClient
[2013.02.08 19:50:16 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\CRE
[2013.02.08 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\VisualBeeExe
[2013.02.08 19:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2013.02.08 19:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013.02.08 19:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.02.08 19:32:43 | 013,544,936 | ---- | C] (Microsoft Corporation) -- C:\Users\francisca\Desktop\Antivirus scanner.exe
[2013.02.06 20:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla FireFox
[2013.02.04 22:33:48 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2013.02.04 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2013.02.04 22:33:45 | 000,057,824 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2013.02.04 22:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Ride Games
[2013.02.04 20:21:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.04 11:54:38 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\Amazon Browser Bar
[2013.02.04 11:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013.02.04 11:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
[2013.02.04 11:54:19 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\NanoService
[2013.02.04 11:54:18 | 000,000,000 | ---D | C] -- C:\Users\francisca\AppData\Local\Yahoo!
[2013.01.29 23:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.02.23 16:47:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\francisca\Desktop\OTL.exe
[2013.02.23 16:46:16 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 16:46:16 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 16:43:15 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 16:43:15 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 16:43:15 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 16:43:15 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 16:43:15 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 16:40:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.02.23 16:40:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 16:07:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.02.23 16:06:56 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.23 16:06:56 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.02.23 16:05:42 | 2898,370,560 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.23 13:07:22 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.22 16:27:30 | 000,002,603 | ---- | M] () -- C:\Users\Public\Desktop\VPlayer.lnk
[2013.02.22 16:26:53 | 000,001,156 | RHS- | M] () -- C:\Users\francisca\ntuser.pol
[2013.02.22 16:26:47 | 000,001,077 | ---- | M] () -- C:\Users\francisca\Desktop\Optimizer Pro.lnk
[2013.02.22 00:14:18 | 000,000,846 | ---- | M] () -- C:\Users\francisca\Desktop\HDVidCodec.lnk
[2013.02.17 23:48:21 | 000,370,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.10 20:23:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.10 17:20:38 | 013,085,120 | ---- | M] (Microsoft Corporation) -- C:\Users\francisca\Desktop\Silverlight_x64.exe
[2013.02.09 17:33:06 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\francisca\Desktop\puppy.exe
[2013.02.09 17:24:04 | 000,000,105 | ---- | M] () -- C:\Users\francisca\AppData\Local\ZDManager.ini
[2013.02.09 17:09:00 | 000,000,162 | ---- | M] () -- C:\Windows\reimage.ini
[2013.02.08 22:31:30 | 000,000,221 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.08 22:27:27 | 000,001,118 | ---- | M] () -- C:\Users\francisca\Desktop\Flash Player Pro.lnk
[2013.02.08 22:26:43 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.08 19:38:45 | 013,544,936 | ---- | M] (Microsoft Corporation) -- C:\Users\francisca\Desktop\Antivirus scanner.exe
[2013.02.04 22:33:49 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013.02.04 20:38:12 | 451,990,634 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.04 11:56:13 | 629,782,016 | -HS- | M] () -- C:\Windows\lenovo_fastboot.img
[2013.01.29 23:01:41 | 000,002,057 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.22 16:27:30 | 000,002,603 | ---- | C] () -- C:\Users\Public\Desktop\VPlayer.lnk
[2013.02.22 16:26:47 | 000,001,077 | ---- | C] () -- C:\Users\francisca\Desktop\Optimizer Pro.lnk
[2013.02.22 00:14:18 | 000,000,846 | ---- | C] () -- C:\Users\francisca\Desktop\HDVidCodec.lnk
[2013.02.09 17:33:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.09 17:33:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.09 17:33:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.09 17:33:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.09 17:33:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.09 17:08:06 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2013.02.08 22:31:07 | 000,000,221 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.08 19:37:05 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.02.08 19:37:02 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.02.04 22:33:49 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013.02.04 20:21:28 | 451,990,634 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.24 14:24:57 | 000,000,105 | ---- | C] () -- C:\Users\francisca\AppData\Local\ZDManager.ini
[2012.12.10 13:30:03 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.08 22:01:46 | 000,001,156 | RHS- | C] () -- C:\Users\francisca\ntuser.pol
[2012.10.25 16:57:18 | 000,208,423 | ---- | C] () -- C:\Windows\hpoins43.dat
[2012.10.25 16:57:18 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2012.07.13 11:59:50 | 000,001,024 | ---- | C] () -- C:\Users\francisca\AppData\Roaming\AbsoluteReminder.xml
[2012.07.13 11:59:15 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.05.31 10:46:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012.05.31 10:46:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012.05.31 10:46:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.05.31 10:37:42 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.05.31 10:37:42 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.05.31 10:37:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.05.31 10:37:40 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.05.31 10:37:39 | 013,201,920 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.02 15:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >

Extras:

OTL Extras logfile created on: 11.02.2013 21:09:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\francisca\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,60 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 34,92% Memory free
7,20 Gb Paging File | 4,35 Gb Available in Paging File | 60,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,62 Gb Total Space | 384,71 Gb Free Space | 85,37% Space Free | Partition Type: NTFS
Drive D: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 13,67 Gb Total Space | 0,39 Gb Free Space | 2,83% Space Free | Partition Type: NTFS

Computer Name: FRANCISCA-THINK | User Name: francisca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03945C20-C615-4C12-A356-8247EAB720FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D5BB194-1B93-482D-B949-B15909617788}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{17932B13-9ACE-4C77-8355-EF389AE38965}" = rport=139 | protocol=6 | dir=out | app=system |
"{1F705EC5-B597-4843-B7F9-1F122B9F5545}" = lport=137 | protocol=17 | dir=in | app=system |
"{21D5C20C-97C3-4D3A-8C6C-FFA0B1785037}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{22478AC2-E9ED-442B-8BFB-99C57D301DFB}" = lport=138 | protocol=17 | dir=in | app=system |
"{2AF588B9-22D0-4F88-A252-F6705B335998}" = rport=445 | protocol=6 | dir=out | app=system |
"{3794B49C-795B-4747-9AE9-AF2B0B9332BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{38482DF0-BB89-4199-B3C2-113975F66ACC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39179CF7-4E1F-4EC1-81DE-0BE93EF42ACC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39D6C28C-F851-4D28-B66D-8EAA873D1C4C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{40C857AD-50DB-4A68-A190-8327EFA3A8F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{43849666-3512-47BA-981F-3FC4C4CE4621}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4F526F8D-5CEC-44AE-BF2A-3D24BCB10A4F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{58AC8081-E7C6-4C8A-8F86-2FC5DC780F6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97E823BB-F564-4834-AB63-E8C032FC28A8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98BF637D-9E9C-485F-8D28-1763761869DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1C76092-85E2-4B8F-890E-E3A064C24E4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B44DAC0A-162A-43B6-A90C-BB0999816557}" = rport=138 | protocol=17 | dir=out | app=system |
"{CB4EE116-011C-494E-BCC9-3BD613D5FBE1}" = lport=139 | protocol=6 | dir=in | app=system |
"{D976218F-6C9C-4621-A0EE-927315256B33}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E44D56ED-7669-4AAE-8234-C26912DF83A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F511076B-0919-49F9-A384-5309DAC638B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB96E991-86BE-4566-AE67-E64B044039E9}" = lport=445 | protocol=6 | dir=in | app=system |
"{FFAD57DA-673B-4B13-B04C-EB52C6D57F6F}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A68A5E1-1E15-4A9B-8439-E0EE7F0233C3}" = protocol=58 | dir=out | [email protected],-28546 |
"{0ADA1501-3398-42B8-AD02-110E4AEC2419}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{11BD71B7-272B-422E-A3C5-F8632016F0F8}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{1752D226-3D8D-47D7-94B8-D7C0F7F168E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{17D68E93-4EA3-4A07-89B3-D3599A837816}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18A72B25-9B35-4CAE-9136-E085B0564551}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{21CA5AEA-9D40-4176-9F48-A3009273FB28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2D5FC66E-E51B-4DE3-9731-7036565DA2EC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E5F3152-459E-4175-9F41-D410CB7F8B15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{31CFB03D-0636-488F-9FF1-685E33FC1981}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39D7A044-934D-4896-A774-FB9E4DC06AAE}" = protocol=1 | dir=in | [email protected],-28543 |
"{3BDB0CF5-0789-40B1-B8EC-9A9EF43619A8}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{3D2446B7-C294-42D9-B85B-9F933B94DDD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{3EDD4389-4271-4889-B6A1-46C45B5C5736}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{454ABA0E-05BB-4970-A188-B5AF5FD839E2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{49C9CEFA-2690-4219-87ED-2940512B150C}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{6203A2DB-CF83-4D22-B896-2D1A28B8385A}" = protocol=6 | dir=out | app=system |
"{65D0FB6A-943E-4B48-AA34-C6C5D35B7A66}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{6DE90227-92FE-491D-B2B9-41E5EE46FEAE}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{72CA0DAE-5D96-4AC9-81C0-40E94A8C9386}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80BB47A1-6525-48C0-9B0C-90E912CA066D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{872C83AC-2305-4CCD-82A6-F5861613A678}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{88380F63-4AF6-4587-9C99-BFC318FB812C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{88DCDFAD-35F7-4151-A3D9-5A63E4205991}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{89829672-BACE-4C83-A8DF-EE6DF66496F1}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{916D3069-AC9F-4A89-98B2-B3C5E2753182}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{979233BB-D771-4B25-BB3E-8F3B86D98F6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{9870FD69-87C8-4119-9EC3-6BB4BC39D243}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9B8A21B4-ADBF-43AF-B8DA-3909D43FF54E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CC75AB9-90B8-4868-BBEB-75A8E8D2B701}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A6DA81CD-F105-4DAE-813C-1CA8D392F170}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADCD1EF8-88AE-47DE-AFCE-58F161D74DDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE0FC136-802A-441E-978C-36F52CA16B47}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{B790FB5C-C82F-4C2E-9362-05E4D0964782}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C55F1C78-938D-4B91-A4E6-81018528C440}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C891600C-D55A-4D33-8C64-E490A7A10AE0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C9690F2D-A05A-466F-AFFB-8C9B4DCA31CD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CB055463-0743-43C2-A71F-F40D211D7F60}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{CDA6D25E-DA36-4266-8C5C-C7578CD2430B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D6297443-4D1C-40FA-83D8-B146E157E75C}" = protocol=1 | dir=out | [email protected],-28544 |
"{D8ECC80D-B22B-4301-934A-454CC812C984}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{DA359AAB-58B5-4C8D-81FF-233CDCFA9C24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DAE60680-30C3-4AC9-98FE-BEEDA56553C0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DE607943-675A-4D53-B5C7-10F77859C11E}" = protocol=58 | dir=in | [email protected],-28545 |
"{E1139A92-12D9-4CCC-B7B5-8779FEF0A9E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E72A7317-E945-434B-9B51-557384400B8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{EB30C319-11BF-400D-907D-7EBA2E24A6F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBE74416-1CBE-4CA5-BD73-1983EB313A98}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F175305D-4D08-476C-9D40-78ABDDF4DA9B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F89701B3-7A40-4DEA-B77E-920F3B28A596}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{FA83E1FF-8453-4B24-B71B-FD6F3A94AD2E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{FAB97294-ECC4-490D-9C55-336A338B74D1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FD1AC680-04E8-4117-B8D0-457065249A46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FED4C52E-927C-4856-A9F9-4B208040B502}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{7DF0D0DF-8996-4F8D-A8ED-A471773FAF8F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{9CDCA28C-5CEE-4D72-AFBA-DD63B4B10D50}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{09188941-C100-418D-A084-A00E65215F4C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{3A6D3CF9-2BD2-42D8-8C33-627F87FEB84B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{792920BD-8D8D-4868-AE2F-16F4B05D3AE9}" = Lenovo Solution Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8CAC260-092D-41DA-A38F-73AF4226B021}" = Lenovo Graphics Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B57D4097-F2FE-4222-BA02-46C6EC8B7944}" = DisplayLink Core Software
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF8F4026-E6DC-474C-90D2-BCE9888786F8}" = AuthenTec TrueSuite
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software
"{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032)
"76052A6680822C2132A1EB4E64568F3C9591560E" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"E3535F123E7F666D573665142F90D3E5004DC326" = Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"Reimage Repair" = Reimage Repair
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = ThinkPad UltraNav Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3002C8EB-2A7E-419B-B77F-5AD7E9F54A5A}" = Strongvault Online Backup
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5B5DEF99-85E9-423D-A1A3-B83202697B09}" = Lenovo Solutions for Small Business Customizations
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
"{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Lenovo Solutions for Small Business
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73043E19-0155-49C0-ACB4-8138D25007B4}" = Snap.Do
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}" = Message Center Plus
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.16
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1" = PC Fix Speed 1.2.0.24
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Browser Bar" = Amazon Browser Bar
"AOL Toolbar" = AOL Toolbar
"Chica Password Manager 2.0_is1" = Chica Password Manager 2.0 2.0.0.8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"couponamazing" = couponamazing
"exent_532150" = Heroes of Hellas
"exent_554750" = Cradle of Rome
"exent_586350" = 7 Wonders II
"exent_683150" = Time Riddles: The Mansion
"Fastboot" = RapidBoot HDD Accelerator
"Flash Player Pro_is1" = Flash Player Pro V5.4
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InfoAtoms" = InfoAtoms
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Origin" = Origin
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 16.0" = RealPlayer
"Sendori" = Sendori
"Shopping Sidekick" = Shopping Sidekick
"sl-adk" = SelectionLinks
"SMPlayer" = SMPlayer 0.6.9
"SugarSync" = SugarSync Manager
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"[email protected]" = Unfriend Checker
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! NanoClient" = Yahoo! Axis
"Yahoo! Software Update" = Yahoo! Software Update
"ZDManager" = ZD Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{cf0efec8-c035-4b57-9080-ba9758291d99}" = Snap.Do Engine
"AOL Toolbar" = AOL Toolbar
"Mozilla Firefox Packages" = Mozilla Firefox Packages
"VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11.01.2013 08:07:09 | Computer Name = francisca-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 11.01.2013 08:14:22 | Computer Name = francisca-THINK | Source = WinMgmt | ID = 10
Description =

Error - 11.01.2013 18:15:31 | Computer Name = francisca-THINK | Source = WinMgmt | ID = 10
Description =

Error - 11.01.2013 18:17:15 | Computer Name = francisca-THINK | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 17e4 Startzeit: 01cdf0493e725361 Endzeit: 16 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:

Error - 11.01.2013 18:27:24 | Computer Name = francisca-THINK | Source = MsiInstaller | ID = 1002
Description =

Error - 11.01.2013 18:52:51 | Computer Name = francisca-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11.01.2013 18:52:51 | Computer Name = francisca-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11528

Error - 11.01.2013 18:52:51 | Computer Name = francisca-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11528

Error - 12.01.2013 13:08:12 | Computer Name = francisca-THINK | Source = WinMgmt | ID = 10
Description =

Error - 12.01.2013 13:22:08 | Computer Name = francisca-THINK | Source = MsiInstaller | ID = 1002
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 23.09.2012 16:45:33 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
-> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
gefunden.

Error - 10.02.2013 18:08:26 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
Der Vorgang wurde erfolgreich beendet

Error - 10.02.2013 18:08:26 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
Der Vorgang wurde erfolgreich beendet

Error - 10.02.2013 18:08:26 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
Der Vorgang wurde erfolgreich beendet

Error - 10.02.2013 20:48:22 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
Der Vorgang wurde erfolgreich beendet

Error - 10.02.2013 20:48:22 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
Der Vorgang wurde erfolgreich beendet

Error - 10.02.2013 20:48:22 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
Der Vorgang wurde erfolgreich beendet

Error - 10.02.2013 21:41:53 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
Der Vorgang wurde erfolgreich beendet

Error - 10.02.2013 21:41:53 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
Der Vorgang wurde erfolgreich beendet

Error - 10.02.2013 21:41:53 | Computer Name = francisca-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der Vorgang wurde erfolgreich beendet -> Exception message:
Der Vorgang wurde erfolgreich beendet

[ System Events ]
Error - 17.12.2012 19:00:32 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LENOVO.CAMMUTE erreicht.

Error - 18.12.2012 20:57:54 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LENOVO.CAMMUTE erreicht.

Error - 18.12.2012 20:57:54 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AeLookupSvc erreicht.

Error - 19.12.2012 23:50:21 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LENOVO.CAMMUTE erreicht.

Error - 21.12.2012 19:09:36 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7034
Description = Dienst "Bluetooth Media Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

Error - 23.12.2012 17:25:59 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7034
Description = Dienst "Bluetooth Media Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

Error - 23.12.2012 19:20:54 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.

Error - 23.12.2012 19:21:09 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.

Error - 23.12.2012 19:22:09 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056

Error - 08.01.2013 21:46:03 | Computer Name = francisca-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LENOVO.CAMMUTE erreicht.


< End of report >
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,046
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 

sweety_pie

Thread Starter
Joined
Feb 3, 2013
Messages
20
Here´s the JRT log: :)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Professional x64
Ran by francisca on 24.02.2013 at 13:54:32,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services
Successfully stopped: [Service] defaulttabupdate
Successfully deleted: [Service] defaulttabupdate

~~~ Registry Values
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\optimizer pro
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\pcfixspeed
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\smessaging
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
Successfully deleted: [Registry Value] hkey_local_machine\software\wow6432node\microsoft\internet explorer\toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
Successfully deleted: [Registry Value] hkey_local_machine\software\wow6432node\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088704973-2131027104-1757421381-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088704973-2131027104-1757421381-1000\software\microsoft\internet explorer\searchurl\\Default
Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B?
Val Name Type Value Data
======== ==== ==========
BTMTrayAgent REG_SZ rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp


~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_current_user\software\aol toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\default tab
Successfully deleted: [Registry Key] hkey_current_user\software\defaulttab
Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater
Successfully deleted: [Registry Key] hkey_current_user\software\optimizer pro
Successfully deleted: [Registry Key] hkey_current_user\software\visualbee
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\defaulttab
Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{103089da-0f31-4a8b-843f-7d24a7fe8345}
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{103089da-0f31-4a8b-843f-7d24a7fe8345}
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{1036ad63-aeac-460b-9060-c96005d4dc86}
Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe}
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe}
Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_classes_root\wow6432node\clsid\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}

~~~ Files

~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"
Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\ProgramData\pcfixspeed"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\francisca\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\francisca\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\francisca\AppData\Roaming\pcfixspeed"
Successfully deleted: [Folder] "C:\Users\francisca\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\aol toolbar"
Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\couponamazing"
Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\strongvault"
Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\visualbeeclient"
Successfully deleted: [Folder] "C:\Users\francisca\appdata\local\visualbeeexe"
Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\infoatoms"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\pcfixspeed"
Successfully deleted: [Folder] "C:\Program Files (x86)\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\strongvault online backup"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]"
Successfully deleted: [Registry Value] hkey_local_machine\software\wow6432node\mozilla\firefox\extensions\\[email protected]
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Users\francisca\AppData\Roaming\mozilla\firefox\profiles\iwrs8z2w.default\prefs.js
user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n \"google\" : {\n \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n \"rankometer\
Emptied folder: C:\Users\francisca\AppData\Roaming\mozilla\firefox\profiles\iwrs8z2w.default\minidumps [5 files]

~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Users\francisca\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\geggofhlfbcmanadhknllmlajiafopoh
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\google\chrome\extensions\geggofhlfbcmanadhknllmlajiafopoh

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.02.2013 at 13:57:58,51
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top