HI I am very happy to have found this site. Two days ago Malware bites found some malware (36 to be exact), I used the software to fix it and rebooted and re-scanned and the same Malware was still there. I did a search and found Ad Aware and used this software and found 1016 new malware-trojans ect. Used that software to remove the threats and re booted. The next day using Ad Aware more malware was found and I decided to look for help elsewhere, and found this site, hope you can help
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:21 AM, on 8/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Steve\Desktop\Baby Pictures\HijackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.4.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 15341 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Steve at 10:54:01 on 2013-08-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5486 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uSearch Page = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Ask and Record FLV Service] "C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe" /run
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{4AAB0D68-2B52-4402-85D2-0167D9CA476B} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6DF1C101-173D-447E-BCFE-85F7C95CEA74} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6DF1C101-173D-447E-BCFE-85F7C95CEA74}\24967644F676D27657563747 : DHCPNameServer = 192.168.7.254
TCP: Interfaces\{6DF1C101-173D-447E-BCFE-85F7C95CEA74}\34963736F66493039313 : DHCPNameServer = 192.168.7.254
TCP: Interfaces\{6DF1C101-173D-447E-BCFE-85F7C95CEA74}\55E636C6563747566756 : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\llk4etit.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN41873303892646827&UM=2&SearchSource=3& q={searchTerms}
FF - prefs.js: browser.startup.homepage -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 2cab6669000000000000222682315fa8
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15928
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.023:04:54
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4971
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-8-11 14456]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-2-21 45856]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-21 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-9-1 192512]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2008-6-24 605464]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-7-29 1616048]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\System32\drivers\hcw72ADFilter.sys [2010-4-23 38656]
R3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\System32\drivers\hcw72ATV.sys [2010-4-23 1631488]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\System32\drivers\hcw72DTV.sys [2010-4-23 1634176]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-20 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-8 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-28 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-6 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-11 07:29:50 -------- d-----w- C:\Users\Steve\AppData\Roaming\LavasoftStatistics
2013-08-11 07:29:46 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-08-11 07:24:37 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-11 07:23:45 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-08-11 07:23:41 -------- d-----w- C:\ProgramData\blekko toolbars
2013-08-11 07:23:40 -------- d-----w- C:\Users\Steve\AppData\Local\adawarebp
2013-08-11 07:23:40 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-08-11 07:23:27 -------- d-----w- C:\Program Files (x86)\Lavasoft
2013-08-11 07:23:25 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-08-11 07:22:03 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-08-11 07:22:02 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-08-11 07:21:55 -------- d-----w- C:\Users\Steve\AppData\Roaming\Ad-Aware Antivirus
2013-08-11 04:10:30 -------- d-----w- C:\Users\Steve\AppData\Local\Conduit
2013-08-11 04:10:09 -------- d-----w- C:\Users\Steve\AppData\Local\CRE
2013-08-11 04:10:09 -------- d-----w- C:\Program Files (x86)\Conduit
2013-08-11 04:04:17 -------- d-----w- C:\Users\Steve\AppData\Roaming\DSite
2013-08-11 03:52:09 -------- d-----w- C:\ProgramData\CheckPoint
2013-07-31 20:00:22 -------- d-----w- C:\Users\Steve\.MCReferenceSdk
2013-07-31 19:59:23 -------- d-----w- C:\ProgramData\Geevs
2013-07-31 19:57:24 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2013-07-31 19:57:24 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2013-07-31 19:57:22 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2013-07-31 19:57:22 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2013-07-31 19:57:20 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2013-07-31 19:57:20 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2013-07-31 19:57:16 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2013-07-31 19:57:16 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2013-07-31 19:56:44 -------- d-----w- C:\Program Files\Lightworks
2013-07-28 10:59:02 -------- d-----w- C:\Users\Steve\AppData\Roaming\GetRight
2013-07-20 06:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 06:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 06:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 06:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 08:04:29 -------- d-----w- C:\Windows\System32\MRT
2013-07-13 08:08:59 2241024 ----a-w- C:\Windows\System32\wininet.dll
.
==================== Find3M ====================
.
2013-07-29 14:31:12 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-07-10 06:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-01 06:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-06-13 02:48:23 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-13 02:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-13 02:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 19:04:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 19:04:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 10:54:36.12 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2009 9:14:36 PM
System Uptime: 8/11/2013 10:30:52 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Eureka3
Processor: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz | CPU 1 | 2670/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 396.17 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.185 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 1397 GiB total, 484.525 GiB free.
L: is FIXED (NTFS) - 149 GiB total, 75.748 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP821: 8/4/2013 3:31:53 AM - Scheduled Checkpoint
RP822: 8/11/2013 7:56:19 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activate Norton Online Backup
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader X (10.1.7)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SVG Viewer
Adobe Update Manager CS3
Anti-Twin (Installation 12/26/2012)
Any Video Converter 3.2.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian Director
Applian FLV and Media Player 3.1.1.12
ATI Catalyst Install Manager
Avery Wizard 3.1
AVG 2013
AVG PC Tuneup 2011
Babylon toolbar on IE
Belkin Setup and Router Monitor
Bing Bar
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
DVD Flick 1.3.0.7
Ezvid
FileZilla Client 3.6.0.2
Final Media Player 2010
FLV Player
FoxTab Video Converter
Free Convert All Movie Video Converter Gold 5.8
Free DVD Ripper Version 2.25
FVD Converter 1.0.2
Google Chrome
Google Drive
Google Earth
Google Earth Plug-in
Google Update Helper
Hauppauge English Help Files and Resources
Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
Hauppauge Signal Monitor Utility
Hauppauge WinTV
Hauppauge WinTV Scheduler
Hauppauge WinTV Soft PVR
HP Advisor
HP Customer Experience Enhancements
HP Easy Backup
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HydraVision
iCloud
InstallIQ Updater
Internet TV for Windows Media Center
InterVideo FilterSDK for Hauppauge
iTunes
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 20 (64-bit)
Java(TM) 6 Update 32
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Full)
LabelPrint
LightScribe System Software
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 3
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft GIF Animator
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 20.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Octoshape add-in for Adobe Flash Player
Pazera Free FLV to AVI Converter 1.5
Photo Common
PictureMover
PlayReady PC Runtime amd64
Power2Go
PowerDirector
PowerRecover
Prism Video File Converter
Quick Zip 4.60.019
Quick Zip 5.1
QuickTime
Realtek High Definition Audio Driver
RealUpgrade 1.0
Recuva
Replay Media Catcher
Replay Video Capture
Replay Video Capture 6
Riva FLV Encoder 2.0
Seagate*DiscWizard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
The Logo Creator v5.2
TUGZip 3.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veetle TV 0.9.18
Video Edit Master
VideoPad Video Editor
VidSplitter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VSDC Free Video Editor version 1.2.1.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
WinHTTrack Website Copier 3.43-7
WinPcap 4.1.1
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/7/2013 4:42:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/7/2013 4:42:34 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2013 8:53:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
8/5/2013 11:54:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff88004d6ad21, 0xfffff8800b9e8940, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080513-45349-01.
8/11/2013 10:31:32 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
8/10/2013 11:17:44 PM, Error: Service Control Manager [7031] - The WebCakeUpdater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-11 11:05:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EADS-65M2B0 rev.01.00A01 931.51GB
Running: 9kt54usf.exe; Driver: C:\Users\Steve\AppData\Local\Temp\fxldiuow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002e03000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002e03042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076ee3f3c 5 bytes JMP 00000001002f2150
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\kernel32.dll!GetTempFileNameW 0000000076f0d1a6 5 bytes JMP 00000001002f18e0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076fe4406 6 bytes JMP 719d0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceNextW 0000000076fe4cbc 6 bytes JMP 71a90f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceEnd 0000000076fe5239 6 bytes JMP 71a60f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000076fe575a 6 bytes JMP 71af0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!recv 0000000076fe6b0e 6 bytes JMP 71a00f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!send 0000000076fe6f01 6 bytes JMP 71a30f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076fe7089 6 bytes JMP 719a0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076fe7489 6 bytes JMP 71970f5a
? C:\Windows\system32\mssprxy.dll [5952] entry point in ".rdata" section 0000000074dd71e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xaed628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xaed668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xaed5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xaed528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xaed728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xaed768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xaed6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xaed6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xaed468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xaed4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xaed428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xaed5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xaed568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xaed4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076ee3f3c 5 bytes JMP 0000000110002150
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\kernel32.dll!GetTempFileNameW 0000000076f0d1a6 5 bytes JMP 00000001100018e0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076fe4406 6 bytes JMP 719d0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceNextW 0000000076fe4cbc 6 bytes JMP 71a90f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceEnd 0000000076fe5239 6 bytes JMP 71a60f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000076fe575a 6 bytes JMP 71af0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!recv 0000000076fe6b0e 6 bytes JMP 71a00f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!send 0000000076fe6f01 6 bytes JMP 71a30f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076fe7089 6 bytes JMP 719a0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076fe7489 6 bytes JMP 71970f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0x402e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0x402e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0x402da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0x402d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0x402f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0x402f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0x402ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0x402ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0x402c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0x402ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0x402c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0x402de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0x402d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0x402ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0x26be28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0x26be68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0x26bda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0x26bd28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0x26bf28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0x26bf68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0x26bee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0x26bea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0x26bc68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0x26bca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0x26bc28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0x26bde8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0x26bd68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0x26bce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xfc5228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xfc5268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xfc51a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xfc5128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xfc5328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xfc5368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xfc52e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xfc52a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xfc5068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xfc50a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xfc5028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xfc51e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xfc5168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xfc50e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xf2a228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xf2a268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xf2a1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xf2a128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xf2a328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xf2a368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xf2a2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xf2a2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xf2a068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xf2a0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xf2a028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xf2a1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xf2a168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xf2a0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0x344228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0x344268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0x3441a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0x344128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0x344328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0x344368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0x3442e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0x3442a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0x344068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0x3440a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0x344028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0x3441e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0x344168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0x3440e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xac4a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xac4a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xac49a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xac4928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xac4b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xac4b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xac4ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xac4aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xac4868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xac48a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xac4828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xac49e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xac4968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xac48e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xfd8228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xfd8268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xfd81a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xfd8128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xfd8328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xfd8368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xfd82e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xfd82a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xfd8068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xfd80a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xfd8028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xfd81e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xfd8168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xfd80e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076ee3f3c 5 bytes JMP 0000000110002150
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\kernel32.dll!GetTempFileNameW 0000000076f0d1a6 5 bytes JMP 00000001100018e0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076fe4406 6 bytes JMP 719d0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceNextW 0000000076fe4cbc 6 bytes JMP 71a90f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceEnd 0000000076fe5239 6 bytes JMP 71a60f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000076fe575a 6 bytes JMP 71af0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!recv 0000000076fe6b0e 6 bytes JMP 71a00f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!send 0000000076fe6f01 6 bytes JMP 71a30f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076fe7089 6 bytes JMP 719a0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076fe7489 6 bytes JMP 71970f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0x817228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0x817268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0x8171a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0x817128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0x817328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0x817368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0x8172e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0x8172a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0x817068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0x8170a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0x817028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0x8171e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0x817168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0x8170e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xb00e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xb00e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xb00da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xb00d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xb00f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xb00f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xb00ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xb00ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xb00c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xb00ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xb00c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xb00de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xb00d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xb00ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0x42ce28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0x42ce68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0x42cda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0x42cd28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0x42cf28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0x42cf68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0x42cee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0x42cea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0x42cc68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0x42cca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0x42cc28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0x42cde8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0x42cd68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0x42cce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:21 AM, on 8/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Steve\Desktop\Baby Pictures\HijackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.4.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 15341 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Steve at 10:54:01 on 2013-08-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5486 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uSearch Page = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Ask and Record FLV Service] "C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe" /run
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{4AAB0D68-2B52-4402-85D2-0167D9CA476B} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6DF1C101-173D-447E-BCFE-85F7C95CEA74} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6DF1C101-173D-447E-BCFE-85F7C95CEA74}\24967644F676D27657563747 : DHCPNameServer = 192.168.7.254
TCP: Interfaces\{6DF1C101-173D-447E-BCFE-85F7C95CEA74}\34963736F66493039313 : DHCPNameServer = 192.168.7.254
TCP: Interfaces\{6DF1C101-173D-447E-BCFE-85F7C95CEA74}\55E636C6563747566756 : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\llk4etit.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN41873303892646827&UM=2&SearchSource=3& q={searchTerms}
FF - prefs.js: browser.startup.homepage -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 2cab6669000000000000222682315fa8
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15928
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.023:04:54
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4971
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-8-11 14456]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-2-21 45856]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-21 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-9-1 192512]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2008-6-24 605464]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-7-29 1616048]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\System32\drivers\hcw72ADFilter.sys [2010-4-23 38656]
R3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\System32\drivers\hcw72ATV.sys [2010-4-23 1631488]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\System32\drivers\hcw72DTV.sys [2010-4-23 1634176]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-20 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-8 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-28 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-6 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-11 07:29:50 -------- d-----w- C:\Users\Steve\AppData\Roaming\LavasoftStatistics
2013-08-11 07:29:46 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-08-11 07:24:37 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-11 07:23:45 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-08-11 07:23:41 -------- d-----w- C:\ProgramData\blekko toolbars
2013-08-11 07:23:40 -------- d-----w- C:\Users\Steve\AppData\Local\adawarebp
2013-08-11 07:23:40 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-08-11 07:23:27 -------- d-----w- C:\Program Files (x86)\Lavasoft
2013-08-11 07:23:25 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-08-11 07:22:03 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-08-11 07:22:02 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-08-11 07:21:55 -------- d-----w- C:\Users\Steve\AppData\Roaming\Ad-Aware Antivirus
2013-08-11 04:10:30 -------- d-----w- C:\Users\Steve\AppData\Local\Conduit
2013-08-11 04:10:09 -------- d-----w- C:\Users\Steve\AppData\Local\CRE
2013-08-11 04:10:09 -------- d-----w- C:\Program Files (x86)\Conduit
2013-08-11 04:04:17 -------- d-----w- C:\Users\Steve\AppData\Roaming\DSite
2013-08-11 03:52:09 -------- d-----w- C:\ProgramData\CheckPoint
2013-07-31 20:00:22 -------- d-----w- C:\Users\Steve\.MCReferenceSdk
2013-07-31 19:59:23 -------- d-----w- C:\ProgramData\Geevs
2013-07-31 19:57:24 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2013-07-31 19:57:24 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2013-07-31 19:57:22 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2013-07-31 19:57:22 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2013-07-31 19:57:20 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2013-07-31 19:57:20 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2013-07-31 19:57:16 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2013-07-31 19:57:16 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2013-07-31 19:56:44 -------- d-----w- C:\Program Files\Lightworks
2013-07-28 10:59:02 -------- d-----w- C:\Users\Steve\AppData\Roaming\GetRight
2013-07-20 06:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 06:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 06:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 06:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 08:04:29 -------- d-----w- C:\Windows\System32\MRT
2013-07-13 08:08:59 2241024 ----a-w- C:\Windows\System32\wininet.dll
.
==================== Find3M ====================
.
2013-07-29 14:31:12 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-07-10 06:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-01 06:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-06-13 02:48:23 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-13 02:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-13 02:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 19:04:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 19:04:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 10:54:36.12 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2009 9:14:36 PM
System Uptime: 8/11/2013 10:30:52 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Eureka3
Processor: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz | CPU 1 | 2670/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 396.17 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.185 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 1397 GiB total, 484.525 GiB free.
L: is FIXED (NTFS) - 149 GiB total, 75.748 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP821: 8/4/2013 3:31:53 AM - Scheduled Checkpoint
RP822: 8/11/2013 7:56:19 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activate Norton Online Backup
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader X (10.1.7)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SVG Viewer
Adobe Update Manager CS3
Anti-Twin (Installation 12/26/2012)
Any Video Converter 3.2.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian Director
Applian FLV and Media Player 3.1.1.12
ATI Catalyst Install Manager
Avery Wizard 3.1
AVG 2013
AVG PC Tuneup 2011
Babylon toolbar on IE
Belkin Setup and Router Monitor
Bing Bar
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
DVD Flick 1.3.0.7
Ezvid
FileZilla Client 3.6.0.2
Final Media Player 2010
FLV Player
FoxTab Video Converter
Free Convert All Movie Video Converter Gold 5.8
Free DVD Ripper Version 2.25
FVD Converter 1.0.2
Google Chrome
Google Drive
Google Earth
Google Earth Plug-in
Google Update Helper
Hauppauge English Help Files and Resources
Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
Hauppauge Signal Monitor Utility
Hauppauge WinTV
Hauppauge WinTV Scheduler
Hauppauge WinTV Soft PVR
HP Advisor
HP Customer Experience Enhancements
HP Easy Backup
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HydraVision
iCloud
InstallIQ Updater
Internet TV for Windows Media Center
InterVideo FilterSDK for Hauppauge
iTunes
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 20 (64-bit)
Java(TM) 6 Update 32
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Full)
LabelPrint
LightScribe System Software
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 3
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft GIF Animator
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 20.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Octoshape add-in for Adobe Flash Player
Pazera Free FLV to AVI Converter 1.5
Photo Common
PictureMover
PlayReady PC Runtime amd64
Power2Go
PowerDirector
PowerRecover
Prism Video File Converter
Quick Zip 4.60.019
Quick Zip 5.1
QuickTime
Realtek High Definition Audio Driver
RealUpgrade 1.0
Recuva
Replay Media Catcher
Replay Video Capture
Replay Video Capture 6
Riva FLV Encoder 2.0
Seagate*DiscWizard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
The Logo Creator v5.2
TUGZip 3.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veetle TV 0.9.18
Video Edit Master
VideoPad Video Editor
VidSplitter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VSDC Free Video Editor version 1.2.1.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
WinHTTrack Website Copier 3.43-7
WinPcap 4.1.1
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/7/2013 4:42:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/7/2013 4:42:34 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2013 8:53:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
8/5/2013 11:54:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff88004d6ad21, 0xfffff8800b9e8940, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080513-45349-01.
8/11/2013 10:31:32 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
8/10/2013 11:17:44 PM, Error: Service Control Manager [7031] - The WebCakeUpdater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-11 11:05:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EADS-65M2B0 rev.01.00A01 931.51GB
Running: 9kt54usf.exe; Driver: C:\Users\Steve\AppData\Local\Temp\fxldiuow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002e03000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002e03042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076ee3f3c 5 bytes JMP 00000001002f2150
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\kernel32.dll!GetTempFileNameW 0000000076f0d1a6 5 bytes JMP 00000001002f18e0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076fe4406 6 bytes JMP 719d0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceNextW 0000000076fe4cbc 6 bytes JMP 71a90f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceEnd 0000000076fe5239 6 bytes JMP 71a60f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000076fe575a 6 bytes JMP 71af0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!recv 0000000076fe6b0e 6 bytes JMP 71a00f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!send 0000000076fe6f01 6 bytes JMP 71a30f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076fe7089 6 bytes JMP 719a0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076fe7489 6 bytes JMP 71970f5a
? C:\Windows\system32\mssprxy.dll [5952] entry point in ".rdata" section 0000000074dd71e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xaed628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xaed668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xaed5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xaed528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xaed728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xaed768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xaed6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xaed6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xaed468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xaed4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xaed428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xaed5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xaed568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xaed4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076ee3f3c 5 bytes JMP 0000000110002150
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\kernel32.dll!GetTempFileNameW 0000000076f0d1a6 5 bytes JMP 00000001100018e0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076fe4406 6 bytes JMP 719d0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceNextW 0000000076fe4cbc 6 bytes JMP 71a90f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceEnd 0000000076fe5239 6 bytes JMP 71a60f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000076fe575a 6 bytes JMP 71af0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!recv 0000000076fe6b0e 6 bytes JMP 71a00f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!send 0000000076fe6f01 6 bytes JMP 71a30f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076fe7089 6 bytes JMP 719a0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6140] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076fe7489 6 bytes JMP 71970f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0x402e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0x402e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0x402da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0x402d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0x402f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0x402f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0x402ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0x402ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0x402c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0x402ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0x402c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0x402de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0x402d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0x402ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0x26be28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0x26be68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0x26bda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0x26bd28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0x26bf28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0x26bf68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0x26bee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0x26bea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0x26bc68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0x26bca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0x26bc28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0x26bde8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0x26bd68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0x26bce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xfc5228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xfc5268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xfc51a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xfc5128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xfc5328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xfc5368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xfc52e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xfc52a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xfc5068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xfc50a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xfc5028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xfc51e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xfc5168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xfc50e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xf2a228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xf2a268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xf2a1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xf2a128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xf2a328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xf2a368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xf2a2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xf2a2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xf2a068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xf2a0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xf2a028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xf2a1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xf2a168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xf2a0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0x344228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0x344268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0x3441a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0x344128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0x344328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0x344368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0x3442e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0x3442a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0x344068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0x3440a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0x344028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0x3441e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0x344168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0x3440e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xac4a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xac4a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xac49a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xac4928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xac4b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xac4b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xac4ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xac4aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xac4868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xac48a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xac4828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xac49e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xac4968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xac48e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xfd8228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xfd8268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xfd81a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xfd8128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xfd8328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xfd8368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xfd82e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xfd82a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xfd8068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xfd80a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xfd8028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xfd81e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xfd8168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xfd80e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076ee3f3c 5 bytes JMP 0000000110002150
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\kernel32.dll!GetTempFileNameW 0000000076f0d1a6 5 bytes JMP 00000001100018e0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076fe4406 6 bytes JMP 719d0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceNextW 0000000076fe4cbc 6 bytes JMP 71a90f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceEnd 0000000076fe5239 6 bytes JMP 71a60f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000076fe575a 6 bytes JMP 71af0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!recv 0000000076fe6b0e 6 bytes JMP 71a00f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!send 0000000076fe6f01 6 bytes JMP 71a30f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076fe7089 6 bytes JMP 719a0f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4116] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076fe7489 6 bytes JMP 71970f5a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0x817228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0x817268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0x8171a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0x817128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0x817328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0x817368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0x8172e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0x8172a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0x817068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0x8170a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0x817028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0x8171e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0x817168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0x8170e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0xb00e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0xb00e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0xb00da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0xb00d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0xb00f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0xb00f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0xb00ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0xb00ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0xb00c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0xb00ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0xb00c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0xb00de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0xb00d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0xb00ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007776f991 7 bytes {MOV EDX, 0x42ce28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007776fbd5 7 bytes {MOV EDX, 0x42ce68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007776fc05 7 bytes {MOV EDX, 0x42cda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007776fc1d 7 bytes {MOV EDX, 0x42cd28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007776fc35 7 bytes {MOV EDX, 0x42cf28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007776fc65 7 bytes {MOV EDX, 0x42cf68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007776fce5 7 bytes {MOV EDX, 0x42cee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007776fcfd 7 bytes {MOV EDX, 0x42cea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007776fd49 7 bytes {MOV EDX, 0x42cc68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007776fe41 7 bytes {MOV EDX, 0x42cca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077770099 7 bytes {MOV EDX, 0x42cc28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777710a5 7 bytes {MOV EDX, 0x42cde8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007777111d 7 bytes {MOV EDX, 0x42cd68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077771321 7 bytes {MOV EDX, 0x42cce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000752d1465 2 bytes [2D, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752d14bb 2 bytes [2D, 75]
.text ... * 2
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----