Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E-450 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 7672 Mb
Graphics Card: AMD Radeon HD 6300 series Graphics, 512 Mb
Hard Drives: C: Total - 456838 MB, Free - 321843 MB;
Motherboard: Acer, Aspire X1430
Antivirus: AVG AntiVirus Free Edition 2013, Updated and Enabled
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:09:25 AM, on 8/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera_crashreporter.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Wallpaper Changer] C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Wallpaper Changer] C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12619 bytes
____________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/6/2013 12:17:42 PM
System Uptime: 8/13/2013 3:28:59 AM (2 hours ago)
.
Motherboard: Acer | | Aspire X1430
Processor: AMD E-450 APU with Radeon(tm) HD Graphics | CPU 1 | 1650/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 314.517 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP88: 8/12/2013 6:46:25 PM - Removed Vimicro USB2.0 UVC PC Camera
.
==== Installed Programs ======================
.
Leawo DVD Creator version 5.2.0.0
Leawo DVD Ripper version 5.1.0.0
Leawo Video Converter version 5.3.0.0
1-abc.net File Encrypter (Remove only)
3D PageFlip Standard
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 12.0
AMD APP SDK Runtime
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.22.1
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
AVG 2013
Bonjour
Boxoft Screen Video Capture 1.6
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Citrix Online Launcher
clear.fi
clear.fi Client
D3DX10
Data Wipe
Dropbox
DVD Copy DVD Clone DVD Burn DVD Backup 1.03
Epubor Ultimate version 1.50.5.4
Evernote v. 4.6.7
FileStream Take-1 Recorder
Free YouTube Download version 3.2.8.717
Galerie de photos Windows Live
GIMP 2.8.4
Google Chrome
Google Drive
Google Earth
Google Update Helper
GoToMeeting 5.5.0.1132
Hotkey Utility
iCloud
Identity Card
Internet Explorer Toolbar 4.8 by SweetPacks
iTunes
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 9.4.0 (Basic)
Kiwix 0.9 rc2
Lexmark 1200 Series
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ Run Time Lib Setup
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
ooVoo
Oovoo Toolbar
Opera 12.16
Opera Stable 15.0.1147.153
PDFZilla V3.0.1
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Shredder
Sigil 0.7.2
SIW 2011 Home Edition
Skitch
Skype 6.6
SnagIt 7
Stamina 2.5
swMSM
The KMPlayer (remove only)
TheSage
TreeSheets
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Video Booth
Visual Studio 2010 x64 Redistributables
WikidPad 2.1_01
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
yWriter5
.
==== Event Viewer Messages From Past Week ========
.
8/9/2013 12:58:23 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/9/2013 1:09:01 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2013 1:07:35 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
8/9/2013 1:07:34 AM, Error: Service Control Manager [7022] - The Server service hung on starting.
8/9/2013 1:05:44 AM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
8/13/2013 3:29:45 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
8/12/2013 6:50:58 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
8/12/2013 6:50:55 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
8/12/2013 5:44:22 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Michael at 5:11:44 on 2013-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7672.4627 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera_crashreporter.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Wallpaper Changer] C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F75EB447-7B5D-4D9E-BA6A-E9176F408CF1} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-17 77952]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-17 37504]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-6 39768]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-9-9 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-9-9 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-9-9 62776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-14 204288]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-7-26 168400]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-9-9 244624]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-14 231440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-6 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-9 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-9 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-7 1255736]
S4 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-3-6 968880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-08-13 00:05:44 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2013-08-13 00:05:44 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2013-08-13 00:05:35 -------- d-----w- C:\ProgramData\APN
2013-08-13 00:05:30 -------- d-----w- C:\Program Files (x86)\ooVoo
2013-08-11 10:09:42 -------- d-----w- C:\Users\Michael\AppData\Local\Skitch
2013-08-09 08:09:08 0 ----a-w- C:\Windows\SysWow64\WUDFHost.exe
2013-08-09 08:09:08 0 ----a-w- C:\Windows\SysWow64\taskhost.exe
2013-08-09 08:09:08 0 ----a-w- C:\Windows\SysWow64\dwm.exe
2013-08-09 08:09:08 0 ----a-w- C:\Windows\SysWow64\conhost.exe
2013-08-09 08:08:59 0 ----a-w- C:\Windows\SysWow64\spoolsv.exe
2013-08-09 08:08:59 0 ----a-w- C:\Windows\SysWow64\atieclxx.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\winlogon.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\smss.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\services.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\lsm.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\lsass.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\csrss.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\atiesrxx.exe
2013-08-08 18:42:44 -------- d-----w- C:\Users\Michael\AppData\Local\Citrix
2013-08-08 16:11:36 -------- d-----w- C:\Program Files (x86)\Stamina
2013-08-08 16:09:38 -------- d-----w- C:\Users\Michael\AppData\Roaming\RapidTyping
2013-08-08 16:09:38 -------- d-----w- C:\ProgramData\RapidTyping
2013-08-05 04:34:24 -------- d-----w- C:\Windows\System32\MRT
2013-08-04 17:11:35 -------- d-----w- C:\Users\Michael\AppData\Roaming\Acapela Group
2013-08-03 09:45:50 -------- d-----w- C:\Users\Michael\AppData\Roaming\VideoBooth
2013-08-03 09:45:36 -------- d-----w- C:\Program Files (x86)\VideoBooth
2013-07-31 15:13:45 -------- d-----w- C:\Users\Michael\AppData\Local\{E18BDA4F-F25D-4637-B67F-AB6324F9C275}
2013-07-31 15:13:45 -------- d-----w- C:\Users\Michael\AppData\Local\{ACB28400-FFC9-471A-A5B4-6B375FDFD720}
2013-07-29 02:36:10 -------- d-----w- C:\Users\Michael\AppData\Roaming\Opera Software
2013-07-29 02:36:10 -------- d-----w- C:\Users\Michael\AppData\Local\Opera Software
2013-07-27 01:29:18 -------- d-----w- C:\Users\Michael\AppData\Local\Scrivener
2013-07-22 23:59:34 -------- d-----w- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
2013-07-22 23:59:09 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2013-07-22 23:59:06 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2013-07-22 23:58:13 -------- d-----w- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2013-07-22 10:26:49 -------- d-----w- C:\Users\Michael\AppData\Roaming\TypingMaster7
2013-07-21 08:15:42 -------- d-----w- C:\Users\Michael\AppData\Roaming\calibre
2013-07-21 00:10:33 -------- d-----w- C:\ProgramData\StarApp
2013-07-21 00:09:18 -------- d-----w- C:\ProgramData\InstallMate
2013-07-20 00:00:54 -------- d-----w- C:\Users\Michael\AppData\Roaming\Spacejock Software
2013-07-19 23:56:13 -------- d-----w- C:\Users\Michael\AppData\Roaming\LibreOffice
2013-07-19 22:46:07 -------- d-----w- C:\Users\Michael\AppData\Local\sigil-ebook
2013-07-19 22:34:46 -------- d-----w- C:\Users\Michael\AppData\Roaming\TheSage
2013-07-19 22:34:33 -------- d-----w- C:\Program Files (x86)\TheSage
2013-07-19 22:34:07 -------- d-----w- C:\Program Files (x86)\Sigil
2013-07-19 22:33:42 -------- d-----w- C:\Users\Michael\AppData\Roaming\TreeSheetsdbs
2013-07-19 22:33:41 -------- d-----w- C:\Program Files (x86)\TreeSheets
2013-07-19 22:32:33 -------- d-----w- C:\Users\Michael\AppData\Roaming\www.kiwix.org
2013-07-19 22:32:33 -------- d-----w- C:\Users\Michael\AppData\Local\www.kiwix.org
2013-07-19 22:32:19 -------- d-----w- C:\Program Files (x86)\Kiwix
2013-07-19 22:31:05 -------- d-----w- C:\Users\Michael\AppData\Roaming\WikidPad
2013-07-19 22:30:54 -------- d-----w- C:\Program Files (x86)\WikidPad
2013-07-19 22:30:18 -------- d-----w- C:\Program Files (x86)\yWriter5
2013-07-19 07:53:18 -------- d-----w- C:\Users\Michael\AppData\Roaming\YCanPDF
2013-07-19 07:53:18 -------- d-----w- C:\tmp
2013-07-18 23:13:05 -------- d-----w- C:\Program Files (x86)\Evernote
2013-07-14 15:00:14 703 ----a-w- C:\Users\Michael\AppData\Roaming\pdfsound.dll
2013-07-14 15:00:13 -------- d-----w- C:\Program Files (x86)\PDFZilla
.
==================== Find3M ====================
.
2013-07-09 21:54:26 33958 ----a-w- C:\ProgramData\uninstaller.exe
2013-06-13 02:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-13 02:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-13 02:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 06:52:01 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-06-07 06:52:01 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-07 06:52:00 226304 ----a-w- C:\Windows\System32\elshyph.dll
2013-06-07 06:52:00 158720 ----a-w- C:\Windows\SysWow64\msls31.dll
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 17:16:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-01 17:16:24 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 5:12:12.32 ===============
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-13 05:41:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005a WDC_WD50 rev.17.0 465.76GB
Running: c4twg1sg.exe; Driver: C:\Users\Michael\AppData\Local\Temp\kxliifow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fa5000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002fa502f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3540] entry point in ".rdata" section 00000000702c71e6
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera_crashreporter.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera_crashreporter.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x1a0228; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x1a0268; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x1a01a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x1a0128; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x1a0328; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x1a0368; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x1a02e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x1a02a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x1a0068; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x1a00a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x1a0028; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x1a01e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x1a0168; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x1a00e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xb2228; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xb2268; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xb21a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xb2128; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xb2328; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xb2368; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xb22e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xb22a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xb2068; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xb20a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xb2028; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xb21e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xb2168; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xb20e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x512628; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x512668; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x5125a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x512528; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x512728; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x512768; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x5126e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x5126a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x512468; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x5124a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x512428; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x5125e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x512568; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x5124e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x6d1a28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x6d1a68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x6d19a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x6d1928; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x6d1b28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x6d1b68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x6d1ae8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x6d1aa8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x6d1868; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x6d18a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x6d1828; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x6d19e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x6d1968; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x6d18e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x923e28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x923e68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x923da8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x923d28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x923f28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x923f68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x923ee8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x923ea8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x923c68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x923ca8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x923c28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x923de8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x923d68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x923ce8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xad0a28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xad0a68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xad09a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xad0928; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xad0b28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xad0b68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xad0ae8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xad0aa8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xad0868; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xad08a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xad0828; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xad09e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xad0968; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xad08e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xf31628; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xf31668; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xf315a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xf31528; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xf31728; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xf31768; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xf316e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xf316a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xf31468; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xf314a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xf31428; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xf315e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xf31568; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xf314e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x443628; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x443668; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x4435a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x443528; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x443728; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x443768; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x4436e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x4436a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x443468; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x4434a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x443428; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x4435e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x443568; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x4434e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x666228; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x666268; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x6661a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x666128; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x666328; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x666368; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x6662e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x6662a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x666068; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x6660a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x666028; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x6661e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x666168; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x6660e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xbb6228; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xbb6268; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xbb61a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xbb6128; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xbb6328; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xbb6368; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xbb62e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xbb62a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xbb6068; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xbb60a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xbb6028; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xbb61e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xbb6168; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xbb60e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xf7de28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xf7de68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xf7dda8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xf7dd28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xf7df28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xf7df68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xf7dee8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xf7dea8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xf7dc68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xf7dca8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xf7dc28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xf7dde8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xf7dd68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xf7dce8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3172:4444] 000007fefa592a7c
---- EOF - GMER 2.1 ----
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E-450 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 7672 Mb
Graphics Card: AMD Radeon HD 6300 series Graphics, 512 Mb
Hard Drives: C: Total - 456838 MB, Free - 321843 MB;
Motherboard: Acer, Aspire X1430
Antivirus: AVG AntiVirus Free Edition 2013, Updated and Enabled
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:09:25 AM, on 8/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera_crashreporter.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Wallpaper Changer] C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Wallpaper Changer] C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12619 bytes
____________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/6/2013 12:17:42 PM
System Uptime: 8/13/2013 3:28:59 AM (2 hours ago)
.
Motherboard: Acer | | Aspire X1430
Processor: AMD E-450 APU with Radeon(tm) HD Graphics | CPU 1 | 1650/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 314.517 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP88: 8/12/2013 6:46:25 PM - Removed Vimicro USB2.0 UVC PC Camera
.
==== Installed Programs ======================
.
Leawo DVD Creator version 5.2.0.0
Leawo DVD Ripper version 5.1.0.0
Leawo Video Converter version 5.3.0.0
1-abc.net File Encrypter (Remove only)
3D PageFlip Standard
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 12.0
AMD APP SDK Runtime
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.22.1
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
AVG 2013
Bonjour
Boxoft Screen Video Capture 1.6
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Citrix Online Launcher
clear.fi
clear.fi Client
D3DX10
Data Wipe
Dropbox
DVD Copy DVD Clone DVD Burn DVD Backup 1.03
Epubor Ultimate version 1.50.5.4
Evernote v. 4.6.7
FileStream Take-1 Recorder
Free YouTube Download version 3.2.8.717
Galerie de photos Windows Live
GIMP 2.8.4
Google Chrome
Google Drive
Google Earth
Google Update Helper
GoToMeeting 5.5.0.1132
Hotkey Utility
iCloud
Identity Card
Internet Explorer Toolbar 4.8 by SweetPacks
iTunes
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 9.4.0 (Basic)
Kiwix 0.9 rc2
Lexmark 1200 Series
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ Run Time Lib Setup
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
ooVoo
Oovoo Toolbar
Opera 12.16
Opera Stable 15.0.1147.153
PDFZilla V3.0.1
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Shredder
Sigil 0.7.2
SIW 2011 Home Edition
Skitch
Skype 6.6
SnagIt 7
Stamina 2.5
swMSM
The KMPlayer (remove only)
TheSage
TreeSheets
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Video Booth
Visual Studio 2010 x64 Redistributables
WikidPad 2.1_01
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
yWriter5
.
==== Event Viewer Messages From Past Week ========
.
8/9/2013 12:58:23 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/9/2013 1:09:01 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2013 1:07:35 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
8/9/2013 1:07:34 AM, Error: Service Control Manager [7022] - The Server service hung on starting.
8/9/2013 1:05:44 AM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
8/13/2013 3:29:45 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
8/12/2013 6:50:58 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
8/12/2013 6:50:55 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
8/12/2013 5:44:22 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Michael at 5:11:44 on 2013-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7672.4627 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera_crashreporter.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Wallpaper Changer] C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F75EB447-7B5D-4D9E-BA6A-E9176F408CF1} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-17 77952]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-17 37504]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-6 39768]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-9-9 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-9-9 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-9-9 62776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-14 204288]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-7-26 168400]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-9-9 244624]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-14 231440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-6 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-9 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-9 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-7 1255736]
S4 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-3-6 968880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-08-13 00:05:44 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2013-08-13 00:05:44 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2013-08-13 00:05:35 -------- d-----w- C:\ProgramData\APN
2013-08-13 00:05:30 -------- d-----w- C:\Program Files (x86)\ooVoo
2013-08-11 10:09:42 -------- d-----w- C:\Users\Michael\AppData\Local\Skitch
2013-08-09 08:09:08 0 ----a-w- C:\Windows\SysWow64\WUDFHost.exe
2013-08-09 08:09:08 0 ----a-w- C:\Windows\SysWow64\taskhost.exe
2013-08-09 08:09:08 0 ----a-w- C:\Windows\SysWow64\dwm.exe
2013-08-09 08:09:08 0 ----a-w- C:\Windows\SysWow64\conhost.exe
2013-08-09 08:08:59 0 ----a-w- C:\Windows\SysWow64\spoolsv.exe
2013-08-09 08:08:59 0 ----a-w- C:\Windows\SysWow64\atieclxx.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\winlogon.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\smss.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\services.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\lsm.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\lsass.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\csrss.exe
2013-08-09 08:08:02 0 ----a-w- C:\Windows\SysWow64\atiesrxx.exe
2013-08-08 18:42:44 -------- d-----w- C:\Users\Michael\AppData\Local\Citrix
2013-08-08 16:11:36 -------- d-----w- C:\Program Files (x86)\Stamina
2013-08-08 16:09:38 -------- d-----w- C:\Users\Michael\AppData\Roaming\RapidTyping
2013-08-08 16:09:38 -------- d-----w- C:\ProgramData\RapidTyping
2013-08-05 04:34:24 -------- d-----w- C:\Windows\System32\MRT
2013-08-04 17:11:35 -------- d-----w- C:\Users\Michael\AppData\Roaming\Acapela Group
2013-08-03 09:45:50 -------- d-----w- C:\Users\Michael\AppData\Roaming\VideoBooth
2013-08-03 09:45:36 -------- d-----w- C:\Program Files (x86)\VideoBooth
2013-07-31 15:13:45 -------- d-----w- C:\Users\Michael\AppData\Local\{E18BDA4F-F25D-4637-B67F-AB6324F9C275}
2013-07-31 15:13:45 -------- d-----w- C:\Users\Michael\AppData\Local\{ACB28400-FFC9-471A-A5B4-6B375FDFD720}
2013-07-29 02:36:10 -------- d-----w- C:\Users\Michael\AppData\Roaming\Opera Software
2013-07-29 02:36:10 -------- d-----w- C:\Users\Michael\AppData\Local\Opera Software
2013-07-27 01:29:18 -------- d-----w- C:\Users\Michael\AppData\Local\Scrivener
2013-07-22 23:59:34 -------- d-----w- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
2013-07-22 23:59:09 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2013-07-22 23:59:06 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2013-07-22 23:58:13 -------- d-----w- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2013-07-22 10:26:49 -------- d-----w- C:\Users\Michael\AppData\Roaming\TypingMaster7
2013-07-21 08:15:42 -------- d-----w- C:\Users\Michael\AppData\Roaming\calibre
2013-07-21 00:10:33 -------- d-----w- C:\ProgramData\StarApp
2013-07-21 00:09:18 -------- d-----w- C:\ProgramData\InstallMate
2013-07-20 00:00:54 -------- d-----w- C:\Users\Michael\AppData\Roaming\Spacejock Software
2013-07-19 23:56:13 -------- d-----w- C:\Users\Michael\AppData\Roaming\LibreOffice
2013-07-19 22:46:07 -------- d-----w- C:\Users\Michael\AppData\Local\sigil-ebook
2013-07-19 22:34:46 -------- d-----w- C:\Users\Michael\AppData\Roaming\TheSage
2013-07-19 22:34:33 -------- d-----w- C:\Program Files (x86)\TheSage
2013-07-19 22:34:07 -------- d-----w- C:\Program Files (x86)\Sigil
2013-07-19 22:33:42 -------- d-----w- C:\Users\Michael\AppData\Roaming\TreeSheetsdbs
2013-07-19 22:33:41 -------- d-----w- C:\Program Files (x86)\TreeSheets
2013-07-19 22:32:33 -------- d-----w- C:\Users\Michael\AppData\Roaming\www.kiwix.org
2013-07-19 22:32:33 -------- d-----w- C:\Users\Michael\AppData\Local\www.kiwix.org
2013-07-19 22:32:19 -------- d-----w- C:\Program Files (x86)\Kiwix
2013-07-19 22:31:05 -------- d-----w- C:\Users\Michael\AppData\Roaming\WikidPad
2013-07-19 22:30:54 -------- d-----w- C:\Program Files (x86)\WikidPad
2013-07-19 22:30:18 -------- d-----w- C:\Program Files (x86)\yWriter5
2013-07-19 07:53:18 -------- d-----w- C:\Users\Michael\AppData\Roaming\YCanPDF
2013-07-19 07:53:18 -------- d-----w- C:\tmp
2013-07-18 23:13:05 -------- d-----w- C:\Program Files (x86)\Evernote
2013-07-14 15:00:14 703 ----a-w- C:\Users\Michael\AppData\Roaming\pdfsound.dll
2013-07-14 15:00:13 -------- d-----w- C:\Program Files (x86)\PDFZilla
.
==================== Find3M ====================
.
2013-07-09 21:54:26 33958 ----a-w- C:\ProgramData\uninstaller.exe
2013-06-13 02:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-13 02:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-13 02:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 06:52:01 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-06-07 06:52:01 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-07 06:52:00 226304 ----a-w- C:\Windows\System32\elshyph.dll
2013-06-07 06:52:00 158720 ----a-w- C:\Windows\SysWow64\msls31.dll
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 17:16:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-01 17:16:24 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 5:12:12.32 ===============
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-13 05:41:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005a WDC_WD50 rev.17.0 465.76GB
Running: c4twg1sg.exe; Driver: C:\Users\Michael\AppData\Local\Temp\kxliifow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fa5000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002fa502f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3540] entry point in ".rdata" section 00000000702c71e6
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera_crashreporter.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera_crashreporter.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x1a0228; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x1a0268; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x1a01a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x1a0128; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x1a0328; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x1a0368; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x1a02e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x1a02a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x1a0068; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x1a00a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x1a0028; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x1a01e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x1a0168; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x1a00e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xb2228; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xb2268; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xb21a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xb2128; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xb2328; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xb2368; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xb22e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xb22a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xb2068; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xb20a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xb2028; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xb21e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xb2168; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xb20e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x512628; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x512668; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x5125a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x512528; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x512728; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x512768; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x5126e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x5126a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x512468; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x5124a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x512428; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x5125e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x512568; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x5124e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x6d1a28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x6d1a68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x6d19a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x6d1928; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x6d1b28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x6d1b68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x6d1ae8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x6d1aa8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x6d1868; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x6d18a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x6d1828; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x6d19e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x6d1968; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x6d18e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x923e28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x923e68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x923da8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x923d28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x923f28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x923f68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x923ee8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x923ea8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x923c68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x923ca8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x923c28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x923de8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x923d68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x923ce8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xad0a28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xad0a68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xad09a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xad0928; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xad0b28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xad0b68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xad0ae8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xad0aa8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xad0868; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xad08a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xad0828; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xad09e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xad0968; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xad08e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xf31628; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xf31668; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xf315a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xf31528; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xf31728; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xf31768; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xf316e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xf316a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xf31468; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xf314a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xf31428; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xf315e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xf31568; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xf314e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x443628; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x443668; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x4435a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x443528; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x443728; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x443768; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x4436e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x4436a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x443468; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x4434a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x443428; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x4435e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x443568; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x4434e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x666228; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x666268; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x6661a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x666128; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x666328; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x666368; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x6662e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x6662a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x666068; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x6660a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x666028; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x6661e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x666168; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x6660e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xbb6228; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xbb6268; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xbb61a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xbb6128; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xbb6328; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xbb6368; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xbb62e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xbb62a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xbb6068; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xbb60a8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xbb6028; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xbb61e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xbb6168; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xbb60e8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xf7de28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xf7de68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xf7dda8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xf7dd28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xf7df28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xf7df68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xf7dee8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xf7dea8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xf7dc68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xf7dca8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xf7dc28; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xf7dde8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xf7dd68; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xf7dce8; JMP RDX}
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
.text C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3172:4444] 000007fefa592a7c
---- EOF - GMER 2.1 ----