Hi. When searching in google and then selecting a link result, I am getting random pages rather than the links I'm clicking on. I've tried removal of malware but that doesn't seem to be working and I'm still plagued with the issue. I am using Chrome predominately and that's where I observed the behavior.
Looking forward to getting rid of this!
thanks in advance for your help,
Pghgirl
Logs from instructions are below.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:06:44 PM, on 7/14/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
O4 - HKCU\..\Run: [{64131784-E866-475D-8355-3B805A82189F}] rundll32 ",DllRegisterServer
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: MaxMerger - Max Secure Software - C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe
O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12136 bytes
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/26/2011 8:41:59 PM
System Uptime: 7/14/2013 4:12:52 PM (3 hours ago)
.
Motherboard: Gateway | | DX4860
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz | CPU 1 | 3100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 799.552 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP175: 7/5/2013 5:52:53 PM - Removed AVG 2013
RP176: 7/5/2013 5:55:31 PM - Removed AVG 2013
RP177: 7/6/2013 3:32:53 PM - Windows Update
RP178: 7/12/2013 3:00:29 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader 9.1 MUI
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet
Audacity 2.0.3
AVG SafeGuard toolbar
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Best Buy pc app
Best Buy pc app - 1
Bing Bar
Bonjour
Content Transfer
Contrôle ActiveX Windows Live Mesh pour connexions à distance
CyberLink PowerDVD 10
D3DX10
Galerie de photos Windows Live
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
HitmanPro 3.7
Hotkey Utility
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 35
JNLP
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Max Spyware Detector
Media Go
Media Go Video Playback Engine 1.84.108.07010
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.2.0.1116
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NWZ-S540 WALKMAN Guide
Open Yahtzee
OpenOffice.org 3.3
Pazera Free MP4 to AVI Converter 1.6
PlayStation(R)Network Downloader
PlayStation(R)Store
Quicken 2009
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wpaiper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wpaiper
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 x64 Redistributables
Visual Studio C++ 10.0 Runtime
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/14/2013 4:16:13 PM, Error: Service Control Manager [7003] - The Intel(R) Management and Security Application User Notification Service service depends the following service: LMS. This service might not be installed.
7/14/2013 4:15:54 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2811996591/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/14/2013 4:15:54 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/14/2013 4:13:11 PM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
7/14/2013 3:34:34 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by home at 19:07:27 on 2013-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.3790 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe
C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
C:\Program Files\Max Spyware Detector\MaxActMon.exe
C:\Program Files\Max Spyware Detector\MaxDBServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Max Spyware Detector\MaxSDTray.exe
C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SnippingTool.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Google Update] "C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [{64131784-E866-475D-8355-3B805A82189F}] rundll32 ",DllRegisterServer
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
StartupFolder: C:\Users\home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OP ENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{094AD559-4E78-4E6D-9B5E-F7EF410BECFF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E69D75FF-BF6B-487F-A13F-1BD5ED50F158} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SDActiveMonitor] "C:\Program Files\Max Spyware Detector\MaxSDTray.exe" -AUTO
x64-Run: [SDAutoScan] <no file>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MaxMgr;MaxMgr;C:\Windows\System32\drivers\MaxMgr.sys [2013-6-15 84448]
R0 MaxProc64;MaxProc64;C:\Windows\System32\drivers\MaxProc64.sys [2013-6-15 79840]
R0 MaxProtector64;MaxProtector64;C:\Windows\System32\drivers\MaxProtector64.sy s [2013-6-15 91616]
R0 SDActMon;SDActMon;C:\Windows\System32\drivers\SDActMon.sys [2013-6-15 144864]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-6-21 45856]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-5-20 27760]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-20 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-20 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-5-20 465360]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-5-20 98848]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-29 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-3-29 244624]
R2 MaxMerger;MaxMerger;C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe [2013-6-15 305120]
R2 MaxWatchDogService;MaxWatchDogService;C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [2013-6-15 835552]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-11 701512]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-7-14 32000]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-29 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-11 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-3-29 1014624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-25 428136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-6-15 109352]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-25 2656280]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-14 20:13:04 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-07-13 07:04:44 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E14BAC4-E5C6-48B5-9050-2545C0748334}\offreg.dll
2013-07-12 14:31:20 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E14BAC4-E5C6-48B5-9050-2545C0748334}\mpengine.dll
2013-07-11 09:21:04 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 09:21:04 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-11 09:21:04 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 09:21:04 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 09:21:04 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-11 09:21:04 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 09:21:04 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 09:21:04 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 09:21:04 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-11 09:21:04 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 09:21:04 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 09:20:58 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 09:20:57 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 09:20:57 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 09:20:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 09:20:57 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 09:20:57 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 09:20:51 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 09:20:51 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-05 21:55:26 -------- d-----w- C:\Users\home\AppData\Local\Avg2013
2013-06-28 13:30:17 -------- d-----w- C:\Users\home\AppData\Local\{CDDD6D8E-881F-4F37-956B-D8847D120C41}
2013-06-21 15:30:17 -------- d-----w- C:\Users\home\AppData\Local\AVG SafeGuard toolbar
2013-06-21 15:30:03 -------- d-----w- C:\Users\home\AppData\Roaming\TuneUp Software
2013-06-21 15:30:02 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-06-21 15:29:56 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-21 15:29:53 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-06-21 15:29:51 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-21 15:24:47 -------- d-----w- C:\Users\home\AppData\Local\MFAData
2013-06-21 15:24:47 -------- d-----w- C:\ProgramData\MFAData
2013-06-15 21:42:48 -------- d-----w- C:\Program Files\Max Spyware Detector
2013-06-15 21:42:48 -------- d-----w- C:\Program Files (x86)\Max Spyware Detector
2013-06-15 21:38:24 -------- d-----w- C:\ProgramData\Max Secure
2013-06-15 21:38:19 91616 ----a-w- C:\Windows\System32\drivers\MaxProtector64.sys
2013-06-15 21:38:19 84448 ----a-w- C:\Windows\System32\drivers\MaxMgr.sys
2013-06-15 21:38:19 79840 ----a-w- C:\Windows\System32\drivers\MaxProc64.sys
2013-06-15 21:38:19 144864 ----a-w- C:\Windows\System32\drivers\SDActMon.sys
2013-06-15 21:33:12 -------- d-----w- C:\Users\home\AppData\Local\Max Secure Software
2013-06-15 21:32:33 -------- d-----w- C:\Users\home\AppData\Roaming\GetRightToGo
2013-06-15 21:09:19 -------- d-----w- C:\Program Files\HitmanPro
2013-06-15 21:08:58 -------- d-----w- C:\ProgramData\HitmanPro
2013-06-15 14:50:55 0 ----a-w- C:\Users\home\jucheck.exe
2013-06-15 14:50:55 0 ----a-w- C:\Users\home\acrobatreader.exe
2013-06-15 13:00:41 -------- d-----w- C:\Users\home\AppData\Roaming\wabEventSupport16
.
==================== Find3M ====================
.
2013-06-14 04:25:46 0 ----a-w- C:\Users\home\teamviewer.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
.
============= FINISH: 19:07:43.44 ===============
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-14 19:13:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.77.0 931.51GB
Running: z3ssfh2r.exe; Driver: C:\Users\home\AppData\Local\Temp\kgldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[3208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[3208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4524] entry point in ".rdata" section 00000000737e71e6
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007746f991 7 bytes {MOV EDX, 0x43fa28; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007746fbd5 7 bytes {MOV EDX, 0x43fa68; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007746fc05 7 bytes {MOV EDX, 0x43f9a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007746fc1d 7 bytes {MOV EDX, 0x43f928; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007746fc35 7 bytes {MOV EDX, 0x43fb28; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007746fc65 7 bytes {MOV EDX, 0x43fb68; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007746fce5 7 bytes {MOV EDX, 0x43fae8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007746fcfd 7 bytes {MOV EDX, 0x43faa8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007746fd49 7 bytes {MOV EDX, 0x43f868; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007746fe41 7 bytes {MOV EDX, 0x43f8a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077470099 7 bytes {MOV EDX, 0x43f828; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774710a5 7 bytes {MOV EDX, 0x43f9e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007747111d 7 bytes {MOV EDX, 0x43f968; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077471321 7 bytes {MOV EDX, 0x43f8e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007746f991 7 bytes {MOV EDX, 0xd08228; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007746fbd5 7 bytes {MOV EDX, 0xd08268; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007746fc05 7 bytes {MOV EDX, 0xd081a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007746fc1d 7 bytes {MOV EDX, 0xd08128; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007746fc35 7 bytes {MOV EDX, 0xd08328; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007746fc65 7 bytes {MOV EDX, 0xd08368; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007746fce5 7 bytes {MOV EDX, 0xd082e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007746fcfd 7 bytes {MOV EDX, 0xd082a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007746fd49 7 bytes {MOV EDX, 0xd08068; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007746fe41 7 bytes {MOV EDX, 0xd080a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077470099 7 bytes {MOV EDX, 0xd08028; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774710a5 7 bytes {MOV EDX, 0xd081e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007747111d 7 bytes {MOV EDX, 0xd08168; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077471321 7 bytes {MOV EDX, 0xd080e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007746f991 7 bytes {MOV EDX, 0xe19228; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007746fbd5 7 bytes {MOV EDX, 0xe19268; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007746fc05 7 bytes {MOV EDX, 0xe191a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007746fc1d 7 bytes {MOV EDX, 0xe19128; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007746fc35 7 bytes {MOV EDX, 0xe19328; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007746fc65 7 bytes {MOV EDX, 0xe19368; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007746fce5 7 bytes {MOV EDX, 0xe192e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007746fcfd 7 bytes {MOV EDX, 0xe192a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007746fd49 7 bytes {MOV EDX, 0xe19068; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007746fe41 7 bytes {MOV EDX, 0xe190a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077470099 7 bytes {MOV EDX, 0xe19028; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774710a5 7 bytes {MOV EDX, 0xe191e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007747111d 7 bytes {MOV EDX, 0xe19168; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077471321 7 bytes {MOV EDX, 0xe190e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007746f991 7 bytes {MOV EDX, 0x591628; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007746fbd5 7 bytes {MOV EDX, 0x591668; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007746fc05 7 bytes {MOV EDX, 0x5915a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007746fc1d 7 bytes {MOV EDX, 0x591528; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007746fc35 7 bytes {MOV EDX, 0x591728; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007746fc65 7 bytes {MOV EDX, 0x591768; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007746fce5 7 bytes {MOV EDX, 0x5916e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007746fcfd 7 bytes {MOV EDX, 0x5916a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007746fd49 7 bytes {MOV EDX, 0x591468; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007746fe41 7 bytes {MOV EDX, 0x5914a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077470099 7 bytes {MOV EDX, 0x591428; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774710a5 7 bytes {MOV EDX, 0x5915e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007747111d 7 bytes {MOV EDX, 0x591568; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077471321 7 bytes {MOV EDX, 0x5914e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
Looking forward to getting rid of this!
thanks in advance for your help,
Pghgirl
Logs from instructions are below.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:06:44 PM, on 7/14/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
O4 - HKCU\..\Run: [{64131784-E866-475D-8355-3B805A82189F}] rundll32 ",DllRegisterServer
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: MaxMerger - Max Secure Software - C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe
O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12136 bytes
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/26/2011 8:41:59 PM
System Uptime: 7/14/2013 4:12:52 PM (3 hours ago)
.
Motherboard: Gateway | | DX4860
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz | CPU 1 | 3100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 799.552 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP175: 7/5/2013 5:52:53 PM - Removed AVG 2013
RP176: 7/5/2013 5:55:31 PM - Removed AVG 2013
RP177: 7/6/2013 3:32:53 PM - Windows Update
RP178: 7/12/2013 3:00:29 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader 9.1 MUI
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet
Audacity 2.0.3
AVG SafeGuard toolbar
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Best Buy pc app
Best Buy pc app - 1
Bing Bar
Bonjour
Content Transfer
Contrôle ActiveX Windows Live Mesh pour connexions à distance
CyberLink PowerDVD 10
D3DX10
Galerie de photos Windows Live
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
HitmanPro 3.7
Hotkey Utility
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 35
JNLP
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Max Spyware Detector
Media Go
Media Go Video Playback Engine 1.84.108.07010
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.2.0.1116
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NWZ-S540 WALKMAN Guide
Open Yahtzee
OpenOffice.org 3.3
Pazera Free MP4 to AVI Converter 1.6
PlayStation(R)Network Downloader
PlayStation(R)Store
Quicken 2009
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wpaiper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wpaiper
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 x64 Redistributables
Visual Studio C++ 10.0 Runtime
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/14/2013 4:16:13 PM, Error: Service Control Manager [7003] - The Intel(R) Management and Security Application User Notification Service service depends the following service: LMS. This service might not be installed.
7/14/2013 4:15:54 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2811996591/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/14/2013 4:15:54 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/14/2013 4:13:11 PM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
7/14/2013 3:34:34 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by home at 19:07:27 on 2013-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.3790 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe
C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
C:\Program Files\Max Spyware Detector\MaxActMon.exe
C:\Program Files\Max Spyware Detector\MaxDBServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Max Spyware Detector\MaxSDTray.exe
C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SnippingTool.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Google Update] "C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [{64131784-E866-475D-8355-3B805A82189F}] rundll32 ",DllRegisterServer
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
StartupFolder: C:\Users\home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OP ENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{094AD559-4E78-4E6D-9B5E-F7EF410BECFF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E69D75FF-BF6B-487F-A13F-1BD5ED50F158} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SDActiveMonitor] "C:\Program Files\Max Spyware Detector\MaxSDTray.exe" -AUTO
x64-Run: [SDAutoScan] <no file>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MaxMgr;MaxMgr;C:\Windows\System32\drivers\MaxMgr.sys [2013-6-15 84448]
R0 MaxProc64;MaxProc64;C:\Windows\System32\drivers\MaxProc64.sys [2013-6-15 79840]
R0 MaxProtector64;MaxProtector64;C:\Windows\System32\drivers\MaxProtector64.sy s [2013-6-15 91616]
R0 SDActMon;SDActMon;C:\Windows\System32\drivers\SDActMon.sys [2013-6-15 144864]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-6-21 45856]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-5-20 27760]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-20 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-20 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-5-20 465360]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-5-20 98848]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-29 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-3-29 244624]
R2 MaxMerger;MaxMerger;C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe [2013-6-15 305120]
R2 MaxWatchDogService;MaxWatchDogService;C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [2013-6-15 835552]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-11 701512]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-7-14 32000]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-29 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-11 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-3-29 1014624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-25 428136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-6-15 109352]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-25 2656280]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-14 20:13:04 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-07-13 07:04:44 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E14BAC4-E5C6-48B5-9050-2545C0748334}\offreg.dll
2013-07-12 14:31:20 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E14BAC4-E5C6-48B5-9050-2545C0748334}\mpengine.dll
2013-07-11 09:21:04 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 09:21:04 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-11 09:21:04 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 09:21:04 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 09:21:04 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-11 09:21:04 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 09:21:04 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 09:21:04 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 09:21:04 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-11 09:21:04 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 09:21:04 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 09:20:58 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 09:20:57 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 09:20:57 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 09:20:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 09:20:57 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 09:20:57 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 09:20:51 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 09:20:51 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-05 21:55:26 -------- d-----w- C:\Users\home\AppData\Local\Avg2013
2013-06-28 13:30:17 -------- d-----w- C:\Users\home\AppData\Local\{CDDD6D8E-881F-4F37-956B-D8847D120C41}
2013-06-21 15:30:17 -------- d-----w- C:\Users\home\AppData\Local\AVG SafeGuard toolbar
2013-06-21 15:30:03 -------- d-----w- C:\Users\home\AppData\Roaming\TuneUp Software
2013-06-21 15:30:02 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-06-21 15:29:56 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-21 15:29:53 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-06-21 15:29:51 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-21 15:24:47 -------- d-----w- C:\Users\home\AppData\Local\MFAData
2013-06-21 15:24:47 -------- d-----w- C:\ProgramData\MFAData
2013-06-15 21:42:48 -------- d-----w- C:\Program Files\Max Spyware Detector
2013-06-15 21:42:48 -------- d-----w- C:\Program Files (x86)\Max Spyware Detector
2013-06-15 21:38:24 -------- d-----w- C:\ProgramData\Max Secure
2013-06-15 21:38:19 91616 ----a-w- C:\Windows\System32\drivers\MaxProtector64.sys
2013-06-15 21:38:19 84448 ----a-w- C:\Windows\System32\drivers\MaxMgr.sys
2013-06-15 21:38:19 79840 ----a-w- C:\Windows\System32\drivers\MaxProc64.sys
2013-06-15 21:38:19 144864 ----a-w- C:\Windows\System32\drivers\SDActMon.sys
2013-06-15 21:33:12 -------- d-----w- C:\Users\home\AppData\Local\Max Secure Software
2013-06-15 21:32:33 -------- d-----w- C:\Users\home\AppData\Roaming\GetRightToGo
2013-06-15 21:09:19 -------- d-----w- C:\Program Files\HitmanPro
2013-06-15 21:08:58 -------- d-----w- C:\ProgramData\HitmanPro
2013-06-15 14:50:55 0 ----a-w- C:\Users\home\jucheck.exe
2013-06-15 14:50:55 0 ----a-w- C:\Users\home\acrobatreader.exe
2013-06-15 13:00:41 -------- d-----w- C:\Users\home\AppData\Roaming\wabEventSupport16
.
==================== Find3M ====================
.
2013-06-14 04:25:46 0 ----a-w- C:\Users\home\teamviewer.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
.
============= FINISH: 19:07:43.44 ===============
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-14 19:13:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.77.0 931.51GB
Running: z3ssfh2r.exe; Driver: C:\Users\home\AppData\Local\Temp\kgldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[3208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[3208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4524] entry point in ".rdata" section 00000000737e71e6
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007746f991 7 bytes {MOV EDX, 0x43fa28; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007746fbd5 7 bytes {MOV EDX, 0x43fa68; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007746fc05 7 bytes {MOV EDX, 0x43f9a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007746fc1d 7 bytes {MOV EDX, 0x43f928; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007746fc35 7 bytes {MOV EDX, 0x43fb28; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007746fc65 7 bytes {MOV EDX, 0x43fb68; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007746fce5 7 bytes {MOV EDX, 0x43fae8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007746fcfd 7 bytes {MOV EDX, 0x43faa8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007746fd49 7 bytes {MOV EDX, 0x43f868; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007746fe41 7 bytes {MOV EDX, 0x43f8a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077470099 7 bytes {MOV EDX, 0x43f828; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774710a5 7 bytes {MOV EDX, 0x43f9e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007747111d 7 bytes {MOV EDX, 0x43f968; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077471321 7 bytes {MOV EDX, 0x43f8e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007746f991 7 bytes {MOV EDX, 0xd08228; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007746fbd5 7 bytes {MOV EDX, 0xd08268; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007746fc05 7 bytes {MOV EDX, 0xd081a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007746fc1d 7 bytes {MOV EDX, 0xd08128; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007746fc35 7 bytes {MOV EDX, 0xd08328; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007746fc65 7 bytes {MOV EDX, 0xd08368; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007746fce5 7 bytes {MOV EDX, 0xd082e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007746fcfd 7 bytes {MOV EDX, 0xd082a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007746fd49 7 bytes {MOV EDX, 0xd08068; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007746fe41 7 bytes {MOV EDX, 0xd080a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077470099 7 bytes {MOV EDX, 0xd08028; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774710a5 7 bytes {MOV EDX, 0xd081e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007747111d 7 bytes {MOV EDX, 0xd08168; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077471321 7 bytes {MOV EDX, 0xd080e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007746f991 7 bytes {MOV EDX, 0xe19228; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007746fbd5 7 bytes {MOV EDX, 0xe19268; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007746fc05 7 bytes {MOV EDX, 0xe191a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007746fc1d 7 bytes {MOV EDX, 0xe19128; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007746fc35 7 bytes {MOV EDX, 0xe19328; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007746fc65 7 bytes {MOV EDX, 0xe19368; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007746fce5 7 bytes {MOV EDX, 0xe192e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007746fcfd 7 bytes {MOV EDX, 0xe192a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007746fd49 7 bytes {MOV EDX, 0xe19068; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007746fe41 7 bytes {MOV EDX, 0xe190a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077470099 7 bytes {MOV EDX, 0xe19028; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774710a5 7 bytes {MOV EDX, 0xe191e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007747111d 7 bytes {MOV EDX, 0xe19168; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077471321 7 bytes {MOV EDX, 0xe190e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007746f991 7 bytes {MOV EDX, 0x591628; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007746fbd5 7 bytes {MOV EDX, 0x591668; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007746fc05 7 bytes {MOV EDX, 0x5915a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007746fc1d 7 bytes {MOV EDX, 0x591528; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007746fc35 7 bytes {MOV EDX, 0x591728; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007746fc65 7 bytes {MOV EDX, 0x591768; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007746fce5 7 bytes {MOV EDX, 0x5916e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007746fcfd 7 bytes {MOV EDX, 0x5916a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007746fd49 7 bytes {MOV EDX, 0x591468; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007746fe41 7 bytes {MOV EDX, 0x5914a8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077470099 7 bytes {MOV EDX, 0x591428; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774710a5 7 bytes {MOV EDX, 0x5915e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007747111d 7 bytes {MOV EDX, 0x591568; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077471321 7 bytes {MOV EDX, 0x5914e8; JMP RDX}
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ad1465 2 bytes [AD, 76]
.text C:\Users\home\AppData\Local\Google\Chrome\Application\chrome.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ad14bb 2 bytes [AD, 76]
.text ... * 2
---- EOF - GMER 2.1 ----