Hey, recently, I've discovered that I may have contracted a virus. My AV won't run, along with other misc. applications such as origin and windows desktop gadgets. All help is appreciated - Rkill and MalwareByte was also run smoothly, but had no effect on these issues.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:01:36 PM, on 29/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
CHROME: 27.0.1453.94
FIREFOX: 19.0 (en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Alex C\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2954132182-3363387201-177372180-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2954132182-3363387201-177372180-1000\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2954132182-3363387201-177372180-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Kuma_Tray.lnk = C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 17296 bytes
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/10/2011 10:04:23 AM
System Uptime: 29/05/2013 6:48:32 PM (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | QX310/QX410/QX510/SF310/SF410/SF510
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU 1 | 1173/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 81.457 GiB free.
D: is FIXED (NTFS) - 346 GiB total, 345.697 GiB free.
E: is CDROM (UDF)
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
RP197: 26/05/2013 3:41:30 PM - Scheduled Checkpoint
RP198: 29/05/2013 1:12:19 AM - Installed AVG 2013
RP199: 29/05/2013 1:13:39 AM - Installed AVG 2013
RP200: 29/05/2013 1:24:49 AM - Removed AVG 2012
RP201: 29/05/2013 1:28:03 AM - Removed AVG 2013
RP202: 29/05/2013 1:37:07 AM - Windows Update
RP203: 29/05/2013 7:36:53 AM - Installed AVG 2013
RP204: 29/05/2013 7:37:23 AM - Installed AVG 2013
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Messenger
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
???????? ?? Messenger
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
????????? Messenger
?????????? Windows Live
??????????? ?? Windows Live
64 Bit HP CIO Components Installer
AC3Filter 1.63b
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Agatha Christie - Death on the Nile
Akamai NetSession Interface
Messenger pagalbine priemone
Any Video Converter 3.3.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
applicationupdater
µTorrent
Audacity 1.3.14 (Unicode)
AVG 2013
Windows Live Essentials
Windows Live Mail
Windows Live Mesh ActiveX nuotoliniu ryiu valdiklis
Windows Live Messenger
Windows Live fotogalerija
BatteryLifeExtender
Battlefield Heroes (Alex C)
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blender
Bonjour
Broadcom 802.11 Network Adapter
Build-a-lot
Cave Frenzy!
ChargeableUSB
Chuzzle Deluxe
Cisco Connect
Comic Life
Complemento Messenger
Complément Messenger
Contextual Tool Extrafind
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Coupon Printer for Windows
CutePDF Writer 2.8
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink WaveEditor
CyberLink YouCam
D3DX10
DC Universe Online Live
DealPly
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
DivX Setup
DJ_AIO_05_F4400_Software_Min
Doplnok programu Messenger
Driver Detective
Driver Manager
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ETDWare PS/2-X64 8.0.7.1_WHQL
Facebook Messenger 2.1.4814.0
Farm Frenzy
Fast Start
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
FrostWire 5.2.9
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
gamelauncher-ps2-live
GamersFirst LIVE!
GameSpy Arcade
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotspot Shield 2.76
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Deskjet F4400 Printer Driver 14.0 Rel. 5
HP Photo Creations
HP Update
Insaniquarium Deluxe
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 7 Update 3 (64-bit)
John Deere Drive Green
Junk Mail filter update
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
LAME v3.98.3 for Audacity
LogMeIn Hamachi
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStory
Marvell Miniport Driver
Mesh Runtime
Messenger-kumppani
Messenger ??? ??
Messenger ????
Messenger ?????
Messenger Assistent
Messenger Companion
Messenger kíséro
Messenger Pratilac
Messenger Suradnik
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2010
Microsoft Rise Of Nations
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Movie Color Enhancer
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MultimediaPOP
Nexon Game Manager
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Updatus
Opera 12.00
Origin
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
Pando Media Booster
Peggle
Penguins!
Photo Story 3 for Windows
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pomocnik Messenger
Pota Windows Live
PunkBuster Services
QuickTime
Raccolta foto di Windows Live
Rainmeter
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.9
Rise of Nations Script Maker
Rise of Nations Thrones and Patriots
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Kies
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype 5.10
SmartSound Quicktracks 5
Spremljevalec Messenger
SRS Premium Sound Control Panel
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
Steam
swMSM
Toolbox
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
User Guide
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 11.0 (64-bit)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.6
War Inc Battlezone version 1.0.0
WIDCOMM Bluetooth Software
WildTangent Games
WildTangent Games App (HP Games)
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX control for remote connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pota
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.01 (64-bit)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
29/05/2013 6:49:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
29/05/2013 6:49:17 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The system cannot find the file specified.
29/05/2013 1:23:00 AM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753630.
27/05/2013 8:29:02 PM, Error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
26/05/2013 10:52:29 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
25/05/2013 12:12:03 AM, Error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Alex C at 19:53:11 on 2013-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3882.1342 [GMT -4:00]
.
AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\SysWOW64\RunDll32.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\igfxpers.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\Desktop\save\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-killer.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe
C:\windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uDefault_Page_URL = hxxp://samsung.msn.com
uURLSearchHooks: {167d9323-f7cc-48f5-948a-6f012831a69f} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
uRun: [Akamai NetSession Interface] "C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\Alex C\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\ALEXC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \KUMA_T~1.LNK - C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe
StartupFolder: C:\Users\ALEXC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 207.238.87.34 208.77.2.11 64.71.255.204
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F} : DHCPNameServer = 207.238.87.34 208.77.2.11 64.71.255.204
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F}\05968756C60283 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F}\238364F6275637475627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F}\34963736F64323633373 : DHCPNameServer = 207.200.7.21 208.77.2.11 64.71.255.204
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F}\84140505950264143454 : DHCPNameServer = 204.197.191.194 38.117.85.2
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F}\9525443524D274 : DHCPNameServer = 172.18.0.42 172.18.0.60
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex C\AppData\Roaming\Mozilla\Firefox\Profiles\thjoqr1e.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Alex C\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Alex C\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alex C\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2010-10-19 24680]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\windows\System32\drivers\hssdrv6.sys [2012-11-1 42248]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-10-19 13824]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-4-16 13832]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-10-20 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-10-20 39464]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-10-19 118664]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-10-19 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-10-19 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-19 289280]
R3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-5-29 36680]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\windows\System32\drivers\taphss6.sys [2012-11-1 40712]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2010-8-30 394016]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-10-20 48488]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2013-1-10 31800]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-10-22 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
.
=============== Created Last 30 ================
.
2013-05-29 21:23:22 -------- d-----w- C:\Users\Alex C\AppData\Roaming\Malwarebytes
2013-05-29 21:23:00 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-29 21:22:57 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-05-29 21:22:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-29 21:21:18 -------- d-----w- C:\Users\Alex C\AppData\Local\Programs
2013-05-29 11:46:01 -------- d-----w- C:\Users\Alex C\AppData\Roaming\AVG2013
2013-05-29 11:37:42 -------- d--h--w- C:\$AVG
2013-05-29 05:13:18 -------- d-----w- C:\ProgramData\AVG2013
2013-05-29 05:09:50 -------- d-----w- C:\Users\Alex C\AppData\Local\MFAData
2013-05-29 05:09:50 -------- d-----w- C:\Users\Alex C\AppData\Local\Avg2013
2013-05-29 04:47:19 -------- d-----w- C:\Users\Alex C\AppData\Roaming\QuickScan
2013-05-29 04:11:45 -------- d-----w- C:\Users\Alex C\AppData\Roaming\TuneUp Software
2013-05-27 01:10:00 -------- d-----w- C:\ProgramData\Electronic Arts
2013-05-27 01:09:47 -------- d-----w- C:\Program Files (x86)\Origin
2013-05-26 23:42:02 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2013-05-26 23:33:56 -------- d-----w- C:\ProgramData\Cisco Systems
2013-05-26 21:44:17 -------- d-----w- C:\Users\Alex C\AppData\Roaming\Origin
2013-05-26 21:37:56 -------- d-----w- C:\windows\pss
2013-05-26 20:48:12 -------- d-----w- C:\ProgramData\Origin
2013-05-26 20:46:27 -------- d-----w- C:\Users\Alex C\AppData\Local\{9DE2BF8B-C8D7-4F73-8D2B-93F48B85842B}
2013-05-16 19:31:09 -------- d-----w- C:\Users\Alex C\AppData\Local\{C1FDEB6C-D89E-41EE-8A01-B5B0141AA11F}
2013-05-16 07:15:15 -------- d-----w- C:\Users\Alex C\AppData\Local\{8EFBEC95-484A-4A1F-8520-C0DAE0607F97}
2013-05-15 23:46:29 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-05-15 23:46:29 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-05-15 23:46:29 144384 ----a-w- C:\windows\System32\cdd.dll
2013-05-15 23:46:20 1930752 ----a-w- C:\windows\System32\authui.dll
2013-05-15 23:46:18 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-05-15 23:46:18 111448 ----a-w- C:\windows\System32\consent.exe
2013-05-15 23:46:17 70144 ----a-w- C:\windows\System32\appinfo.dll
2013-05-15 23:45:52 48640 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-05-15 23:45:52 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-05-15 23:45:52 230400 ----a-w- C:\windows\System32\wwansvc.dll
2013-05-15 19:14:49 -------- d-----w- C:\Users\Alex C\AppData\Local\{209BCFDF-BBC1-442C-B88F-CB11A0C6AA06}
2013-05-11 16:45:55 -------- d-----w- C:\Users\Alex C\AppData\Local\{41A6F364-0675-41DC-A6BF-2AF4B7E84A76}
.
==================== Find3M ====================
.
2013-05-15 21:03:51 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 21:03:51 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-04-23 03:05:40 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 03:05:40 866720 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-04-23 03:05:40 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-29 01:18:57 77312 ----a-w- C:\windows\System32\tdc.ocx
2013-03-25 07:13:13 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2013-03-25 07:13:12 175616 ----a-w- C:\windows\System32\msclmd.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe
2012-10-05 01:37:21 395991 ----a-w- C:\Program Files (x86)\Uninstall Blacklight Retribution.exe
2012-09-16 16:34:18 3500042907 ----a-w- C:\Program Files (x86)\MSSetupv117.exe
2012-04-25 01:04:50 8548792 ----a-w- C:\Program Files (x86)\Blacklight Retribution.exe
2012-01-04 19:00:36 2821011948 ----a-w- C:\Program Files (x86)\MSSetupv104.exe
2011-10-20 20:19:34 2611185578 ----a-w- C:\Program Files (x86)\MSSetupv101.exe
.
============= FINISH: 19:59:33.16 ===============
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-29 20:35:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596.17GB
Running: k6rjbftn.exe; Driver: C:\Users\ALEXC~1\AppData\Local\Temp\pglorpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800035ed000 8 bytes [00, 00, 11, 00, 4D, 6D, 43, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576 fffff800035ed010 29 bytes [00, 6D, C9, 07, 80, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\windows\SysWOW64\svchost.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\windows\SysWOW64\svchost.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\windows\SysWOW64\PnkBstrA.exe[2508] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073911a22 2 bytes [91, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2508] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073911ad0 2 bytes [91, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2508] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073911b08 2 bytes [91, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2508] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073911bba 2 bytes [91, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2508] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073911bda 2 bytes [91, 73]
.text C:\windows\system32\taskeng.exe[3040] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\windows\system32\taskeng.exe[3040] C:\windows\system32\d3d10.dll!D3D10CreateDevice 00000000023aafcc 9 bytes JMP 00000001022500d8
.text C:\windows\system32\taskeng.exe[3408] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\windows\system32\taskeng.exe[3408] C:\windows\system32\psapi.dll!GetModuleFileNameExW + 8 0000000077a51018 6 bytes JMP 000000016fff0110
.text C:\windows\system32\taskeng.exe[3408] C:\windows\system32\psapi.dll!GetModuleBaseNameW + 8 0000000077a511cc 6 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4308] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4308] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4308] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4308] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4308] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Program Files\Elantech\ETDCtrl.exe[4316] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89e0 8 bytes JMP 000007fff3ab0148
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fff3ab0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\psapi.dll!GetModuleFileNameExW + 8 0000000077a51018 6 bytes JMP 000000016fff0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\psapi.dll!GetModuleBaseNameW + 8 0000000077a511cc 6 bytes JMP 000000016fff00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\windows\system32\igfxext.exe[4636] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\windows\system32\igfxext.exe[4636] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\windows\system32\igfxext.exe[4636] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\windows\system32\igfxext.exe[4636] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4204] C:\windows\system32\d3d10.dll!D3D10CreateDevice 000000000244afcc 9 bytes JMP 00000001023f00d8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5196] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5196] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\windows\SysWOW64\RunDll32.exe[5352] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\windows\SysWOW64\RunDll32.exe[5352] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89e0 8 bytes JMP 000007fff3ab0148
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fff3ab0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\PSAPI.DLL!GetModuleFileNameExW + 8 0000000077a51018 6 bytes JMP 000000016fff0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameW + 8 0000000077a511cc 6 bytes JMP 000000016fff00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\d3d10.dll!D3D10CreateDevice 000000000295afcc 9 bytes JMP 00000001028000d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5808] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5808] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5972] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5972] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
? C:\windows\system32\mssprxy.dll [2624] entry point in ".rdata" section 00000000751f71e6
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x1061e28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x1061e68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x1061da8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x1061d28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x1061f28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x1061f68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x1061ee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x1061ea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x1061c68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x1061ca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x1061c28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x1061de8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x1061d68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x1061ce8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x48ee28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x48ee68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x48eda8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x48ed28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x48ef28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x48ef68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x48eee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x48eea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x48ec68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x48eca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x48ec28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x48ede8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x48ed68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x48ece8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x520228; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x520268; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x5201a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x520128; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x520328; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x520368; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x5202e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x5202a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x520068; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x5200a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x520028; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x5201e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x520168; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x5200e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0xc97e28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0xc97e68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0xc97da8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0xc97d28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0xc97f28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0xc97f68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0xc97ee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0xc97ea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0xc97c68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0xc97ca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0xc97c28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0xc97de8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0xc97d68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0xc97ce8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0xa56e28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0xa56e68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0xa56da8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0xa56d28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0xa56f28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0xa56f68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0xa56ee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0xa56ea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0xa56c68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0xa56ca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0xa56c28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0xa56de8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0xa56d68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0xa56ce8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x42ca28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x42ca68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x42c9a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x42c928; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x42cb28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x42cb68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x42cae8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x42caa8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x42c868; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x42c8a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x42c828; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x42c9e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x42c968; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x42c8e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0xad5e28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0xad5e68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0xad5da8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0xad5d28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0xad5f28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0xad5f68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0xad5ee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0xad5ea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0xad5c68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0xad5ca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0xad5c28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0xad5de8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0xad5d68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0xad5ce8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89e0 8 bytes JMP 000007fff3ab0148
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fff3ab0110
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\psapi.dll!GetModuleFileNameExW + 8 0000000077a51018 6 bytes JMP 000000016fff0110
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\psapi.dll!GetModuleBaseNameW + 8 0000000077a511cc 6 bytes JMP 000000016fff00d8
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\d3d10.dll!D3D10CreateDevice 00000000023eafcc 9 bytes JMP 00000001022900d8
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0xa6b628; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0xa6b668; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0xa6b5a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0xa6b528; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0xa6b728; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0xa6b768; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0xa6b6e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0xa6b6a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0xa6b468; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0xa6b4a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0xa6b428; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0xa6b5e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0xa6b568; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0xa6b4e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x581228; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x581268; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x5811a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x581128; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x581328; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x581368; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x5812e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x5812a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x581068; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x5810a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x581028; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x5811e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x581168; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x5810e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x3bd228; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x3bd268; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x3bd1a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x3bd128; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x3bd328; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x3bd368; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x3bd2e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x3bd2a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x3bd068; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x3bd0a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x3bd028; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x3bd1e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x3bd168; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x3bd0e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x209a28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x209a68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x2099a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x209928; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x209b28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x209b68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x209ae8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x209aa8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x209868; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x2098a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x209828; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x2099e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x209968; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x2098e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89e0 8 bytes JMP 000007fff3ab0148
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fff3ab0110
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\PSAPI.DLL!GetModuleFileNameExW + 8 0000000077a51018 6 bytes JMP 000000016fff0110
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameW + 8 0000000077a511cc 6 bytes JMP 000000016fff00d8
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\d3d10.dll!D3D10CreateDevice 00000000022dafcc 9 bytes JMP 00000001022800d8
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x734e28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x734e68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x734da8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x734d28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x734f28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x734f68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x734ee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x734ea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x734c68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x734ca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x734c28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x734de8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x734d68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x734ce8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4444:1044] 000007fefaf72a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4444:5424] 000007fef049d618
---- Processes - GMER 2.1 ----
Library Ì÷Û*PH (*** suspicious ***) @ C:\windows\Explorer.EXE [3148] 000007fef3600000
Library C:\Program Files (x86)\Microsoft Security Client\MpOAv.dll (*** suspicious ***) @ C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe [2624] 00000000714e0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de562d2b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de562d2b (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:01:36 PM, on 29/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
CHROME: 27.0.1453.94
FIREFOX: 19.0 (en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Alex C\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2954132182-3363387201-177372180-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2954132182-3363387201-177372180-1000\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2954132182-3363387201-177372180-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Kuma_Tray.lnk = C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 17296 bytes
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/10/2011 10:04:23 AM
System Uptime: 29/05/2013 6:48:32 PM (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | QX310/QX410/QX510/SF310/SF410/SF510
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU 1 | 1173/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 81.457 GiB free.
D: is FIXED (NTFS) - 346 GiB total, 345.697 GiB free.
E: is CDROM (UDF)
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
RP197: 26/05/2013 3:41:30 PM - Scheduled Checkpoint
RP198: 29/05/2013 1:12:19 AM - Installed AVG 2013
RP199: 29/05/2013 1:13:39 AM - Installed AVG 2013
RP200: 29/05/2013 1:24:49 AM - Removed AVG 2012
RP201: 29/05/2013 1:28:03 AM - Removed AVG 2013
RP202: 29/05/2013 1:37:07 AM - Windows Update
RP203: 29/05/2013 7:36:53 AM - Installed AVG 2013
RP204: 29/05/2013 7:37:23 AM - Installed AVG 2013
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Messenger
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
???????? ?? Messenger
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
????????? Messenger
?????????? Windows Live
??????????? ?? Windows Live
64 Bit HP CIO Components Installer
AC3Filter 1.63b
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Agatha Christie - Death on the Nile
Akamai NetSession Interface
Messenger pagalbine priemone
Any Video Converter 3.3.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
applicationupdater
µTorrent
Audacity 1.3.14 (Unicode)
AVG 2013
Windows Live Essentials
Windows Live Mail
Windows Live Mesh ActiveX nuotoliniu ryiu valdiklis
Windows Live Messenger
Windows Live fotogalerija
BatteryLifeExtender
Battlefield Heroes (Alex C)
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blender
Bonjour
Broadcom 802.11 Network Adapter
Build-a-lot
Cave Frenzy!
ChargeableUSB
Chuzzle Deluxe
Cisco Connect
Comic Life
Complemento Messenger
Complément Messenger
Contextual Tool Extrafind
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Coupon Printer for Windows
CutePDF Writer 2.8
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink WaveEditor
CyberLink YouCam
D3DX10
DC Universe Online Live
DealPly
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
DivX Setup
DJ_AIO_05_F4400_Software_Min
Doplnok programu Messenger
Driver Detective
Driver Manager
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ETDWare PS/2-X64 8.0.7.1_WHQL
Facebook Messenger 2.1.4814.0
Farm Frenzy
Fast Start
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
FrostWire 5.2.9
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
gamelauncher-ps2-live
GamersFirst LIVE!
GameSpy Arcade
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotspot Shield 2.76
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Deskjet F4400 Printer Driver 14.0 Rel. 5
HP Photo Creations
HP Update
Insaniquarium Deluxe
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 7 Update 3 (64-bit)
John Deere Drive Green
Junk Mail filter update
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
LAME v3.98.3 for Audacity
LogMeIn Hamachi
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStory
Marvell Miniport Driver
Mesh Runtime
Messenger-kumppani
Messenger ??? ??
Messenger ????
Messenger ?????
Messenger Assistent
Messenger Companion
Messenger kíséro
Messenger Pratilac
Messenger Suradnik
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2010
Microsoft Rise Of Nations
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Movie Color Enhancer
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MultimediaPOP
Nexon Game Manager
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Updatus
Opera 12.00
Origin
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
Pando Media Booster
Peggle
Penguins!
Photo Story 3 for Windows
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pomocnik Messenger
Pota Windows Live
PunkBuster Services
QuickTime
Raccolta foto di Windows Live
Rainmeter
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.9
Rise of Nations Script Maker
Rise of Nations Thrones and Patriots
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Kies
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype 5.10
SmartSound Quicktracks 5
Spremljevalec Messenger
SRS Premium Sound Control Panel
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
Steam
swMSM
Toolbox
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
User Guide
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 11.0 (64-bit)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.6
War Inc Battlezone version 1.0.0
WIDCOMM Bluetooth Software
WildTangent Games
WildTangent Games App (HP Games)
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX control for remote connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pota
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.01 (64-bit)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
29/05/2013 6:49:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
29/05/2013 6:49:17 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The system cannot find the file specified.
29/05/2013 1:23:00 AM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753630.
27/05/2013 8:29:02 PM, Error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
26/05/2013 10:52:29 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
25/05/2013 12:12:03 AM, Error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Alex C at 19:53:11 on 2013-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3882.1342 [GMT -4:00]
.
AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\SysWOW64\RunDll32.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\igfxpers.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\Desktop\save\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-killer.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe
C:\windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uDefault_Page_URL = hxxp://samsung.msn.com
uURLSearchHooks: {167d9323-f7cc-48f5-948a-6f012831a69f} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
uRun: [Akamai NetSession Interface] "C:\Users\Alex C\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\Alex C\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\ALEXC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \KUMA_T~1.LNK - C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe
StartupFolder: C:\Users\ALEXC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 207.238.87.34 208.77.2.11 64.71.255.204
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F} : DHCPNameServer = 207.238.87.34 208.77.2.11 64.71.255.204
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F}\05968756C60283 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F}\238364F6275637475627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F}\34963736F64323633373 : DHCPNameServer = 207.200.7.21 208.77.2.11 64.71.255.204
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F}\84140505950264143454 : DHCPNameServer = 204.197.191.194 38.117.85.2
TCP: Interfaces\{BE658B16-37FD-4A11-B00E-372AB9BF190F}\9525443524D274 : DHCPNameServer = 172.18.0.42 172.18.0.60
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex C\AppData\Roaming\Mozilla\Firefox\Profiles\thjoqr1e.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Alex C\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Alex C\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alex C\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2010-10-19 24680]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\windows\System32\drivers\hssdrv6.sys [2012-11-1 42248]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-10-19 13824]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-4-16 13832]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-10-20 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-10-20 39464]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-10-19 118664]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-10-19 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-10-19 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-19 289280]
R3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-5-29 36680]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\windows\System32\drivers\taphss6.sys [2012-11-1 40712]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2010-8-30 394016]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-10-20 48488]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2013-1-10 31800]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-10-22 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
.
=============== Created Last 30 ================
.
2013-05-29 21:23:22 -------- d-----w- C:\Users\Alex C\AppData\Roaming\Malwarebytes
2013-05-29 21:23:00 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-29 21:22:57 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-05-29 21:22:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-29 21:21:18 -------- d-----w- C:\Users\Alex C\AppData\Local\Programs
2013-05-29 11:46:01 -------- d-----w- C:\Users\Alex C\AppData\Roaming\AVG2013
2013-05-29 11:37:42 -------- d--h--w- C:\$AVG
2013-05-29 05:13:18 -------- d-----w- C:\ProgramData\AVG2013
2013-05-29 05:09:50 -------- d-----w- C:\Users\Alex C\AppData\Local\MFAData
2013-05-29 05:09:50 -------- d-----w- C:\Users\Alex C\AppData\Local\Avg2013
2013-05-29 04:47:19 -------- d-----w- C:\Users\Alex C\AppData\Roaming\QuickScan
2013-05-29 04:11:45 -------- d-----w- C:\Users\Alex C\AppData\Roaming\TuneUp Software
2013-05-27 01:10:00 -------- d-----w- C:\ProgramData\Electronic Arts
2013-05-27 01:09:47 -------- d-----w- C:\Program Files (x86)\Origin
2013-05-26 23:42:02 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2013-05-26 23:33:56 -------- d-----w- C:\ProgramData\Cisco Systems
2013-05-26 21:44:17 -------- d-----w- C:\Users\Alex C\AppData\Roaming\Origin
2013-05-26 21:37:56 -------- d-----w- C:\windows\pss
2013-05-26 20:48:12 -------- d-----w- C:\ProgramData\Origin
2013-05-26 20:46:27 -------- d-----w- C:\Users\Alex C\AppData\Local\{9DE2BF8B-C8D7-4F73-8D2B-93F48B85842B}
2013-05-16 19:31:09 -------- d-----w- C:\Users\Alex C\AppData\Local\{C1FDEB6C-D89E-41EE-8A01-B5B0141AA11F}
2013-05-16 07:15:15 -------- d-----w- C:\Users\Alex C\AppData\Local\{8EFBEC95-484A-4A1F-8520-C0DAE0607F97}
2013-05-15 23:46:29 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-05-15 23:46:29 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-05-15 23:46:29 144384 ----a-w- C:\windows\System32\cdd.dll
2013-05-15 23:46:20 1930752 ----a-w- C:\windows\System32\authui.dll
2013-05-15 23:46:18 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-05-15 23:46:18 111448 ----a-w- C:\windows\System32\consent.exe
2013-05-15 23:46:17 70144 ----a-w- C:\windows\System32\appinfo.dll
2013-05-15 23:45:52 48640 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-05-15 23:45:52 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-05-15 23:45:52 230400 ----a-w- C:\windows\System32\wwansvc.dll
2013-05-15 19:14:49 -------- d-----w- C:\Users\Alex C\AppData\Local\{209BCFDF-BBC1-442C-B88F-CB11A0C6AA06}
2013-05-11 16:45:55 -------- d-----w- C:\Users\Alex C\AppData\Local\{41A6F364-0675-41DC-A6BF-2AF4B7E84A76}
.
==================== Find3M ====================
.
2013-05-15 21:03:51 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 21:03:51 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-04-23 03:05:40 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 03:05:40 866720 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-04-23 03:05:40 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-29 01:18:57 77312 ----a-w- C:\windows\System32\tdc.ocx
2013-03-25 07:13:13 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2013-03-25 07:13:12 175616 ----a-w- C:\windows\System32\msclmd.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe
2012-10-05 01:37:21 395991 ----a-w- C:\Program Files (x86)\Uninstall Blacklight Retribution.exe
2012-09-16 16:34:18 3500042907 ----a-w- C:\Program Files (x86)\MSSetupv117.exe
2012-04-25 01:04:50 8548792 ----a-w- C:\Program Files (x86)\Blacklight Retribution.exe
2012-01-04 19:00:36 2821011948 ----a-w- C:\Program Files (x86)\MSSetupv104.exe
2011-10-20 20:19:34 2611185578 ----a-w- C:\Program Files (x86)\MSSetupv101.exe
.
============= FINISH: 19:59:33.16 ===============
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-29 20:35:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596.17GB
Running: k6rjbftn.exe; Driver: C:\Users\ALEXC~1\AppData\Local\Temp\pglorpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800035ed000 8 bytes [00, 00, 11, 00, 4D, 6D, 43, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576 fffff800035ed010 29 bytes [00, 6D, C9, 07, 80, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\windows\SysWOW64\svchost.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\windows\SysWOW64\svchost.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\windows\SysWOW64\PnkBstrA.exe[2508] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073911a22 2 bytes [91, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2508] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073911ad0 2 bytes [91, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2508] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073911b08 2 bytes [91, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2508] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073911bba 2 bytes [91, 73]
.text C:\windows\SysWOW64\PnkBstrA.exe[2508] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073911bda 2 bytes [91, 73]
.text C:\windows\system32\taskeng.exe[3040] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\windows\system32\taskeng.exe[3040] C:\windows\system32\d3d10.dll!D3D10CreateDevice 00000000023aafcc 9 bytes JMP 00000001022500d8
.text C:\windows\system32\taskeng.exe[3408] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\windows\system32\taskeng.exe[3408] C:\windows\system32\psapi.dll!GetModuleFileNameExW + 8 0000000077a51018 6 bytes JMP 000000016fff0110
.text C:\windows\system32\taskeng.exe[3408] C:\windows\system32\psapi.dll!GetModuleBaseNameW + 8 0000000077a511cc 6 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4308] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4308] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4308] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4308] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4308] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Program Files\Elantech\ETDCtrl.exe[4316] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89e0 8 bytes JMP 000007fff3ab0148
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fff3ab0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\psapi.dll!GetModuleFileNameExW + 8 0000000077a51018 6 bytes JMP 000000016fff0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\psapi.dll!GetModuleBaseNameW + 8 0000000077a511cc 6 bytes JMP 000000016fff00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4432] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\History Channel Games\kgsystray\Kuma_tray.exe[4488] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\windows\system32\igfxext.exe[4636] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\windows\system32\igfxext.exe[4636] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\windows\system32\igfxext.exe[4636] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\windows\system32\igfxext.exe[4636] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4204] C:\windows\system32\d3d10.dll!D3D10CreateDevice 000000000244afcc 9 bytes JMP 00000001023f00d8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5132] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5196] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5196] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5204] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5212] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\windows\SysWOW64\RunDll32.exe[5352] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\windows\SysWOW64\RunDll32.exe[5352] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89e0 8 bytes JMP 000007fff3ab0148
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fff3ab0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\PSAPI.DLL!GetModuleFileNameExW + 8 0000000077a51018 6 bytes JMP 000000016fff0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameW + 8 0000000077a511cc 6 bytes JMP 000000016fff00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\d3d10.dll!D3D10CreateDevice 000000000295afcc 9 bytes JMP 00000001028000d8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5772] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5172] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5808] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5808] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5972] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5972] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
? C:\windows\system32\mssprxy.dll [2624] entry point in ".rdata" section 00000000751f71e6
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x1061e28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x1061e68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x1061da8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x1061d28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x1061f28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x1061f68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x1061ee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x1061ea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x1061c68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x1061ca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x1061c28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x1061de8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x1061d68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x1061ce8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5468] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x48ee28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x48ee68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x48eda8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x48ed28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x48ef28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x48ef68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x48eee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x48eea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x48ec68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x48eca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x48ec28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x48ede8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x48ed68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x48ece8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4584] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x520228; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x520268; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x5201a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x520128; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x520328; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x520368; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x5202e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x5202a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x520068; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x5200a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x520028; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x5201e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x520168; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x5200e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6204] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0xc97e28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0xc97e68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0xc97da8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0xc97d28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0xc97f28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0xc97f68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0xc97ee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0xc97ea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0xc97c68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0xc97ca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0xc97c28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0xc97de8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0xc97d68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0xc97ce8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6436] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0xa56e28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0xa56e68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0xa56da8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0xa56d28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0xa56f28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0xa56f68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0xa56ee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0xa56ea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0xa56c68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0xa56ca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0xa56c28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0xa56de8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0xa56d68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0xa56ce8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6476] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x42ca28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x42ca68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x42c9a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x42c928; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x42cb28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x42cb68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x42cae8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x42caa8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x42c868; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x42c8a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x42c828; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x42c9e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x42c968; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x42c8e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6512] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0xad5e28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0xad5e68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0xad5da8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0xad5d28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0xad5f28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0xad5f68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0xad5ee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0xad5ea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0xad5c68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0xad5ca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0xad5c28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0xad5de8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0xad5d68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0xad5ce8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6892] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89e0 8 bytes JMP 000007fff3ab0148
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fff3ab0110
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\psapi.dll!GetModuleFileNameExW + 8 0000000077a51018 6 bytes JMP 000000016fff0110
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\psapi.dll!GetModuleBaseNameW + 8 0000000077a511cc 6 bytes JMP 000000016fff00d8
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\d3d10.dll!D3D10CreateDevice 00000000023eafcc 9 bytes JMP 00000001022900d8
.text C:\windows\system32\wuauclt.exe[2584] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0xa6b628; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0xa6b668; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0xa6b5a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0xa6b528; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0xa6b728; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0xa6b768; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0xa6b6e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0xa6b6a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0xa6b468; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0xa6b4a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0xa6b428; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0xa6b5e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0xa6b568; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0xa6b4e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[4420] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\Desktop\save\firefox.exe[3636] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x581228; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x581268; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x5811a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x581128; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x581328; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x581368; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x5812e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x5812a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x581068; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x5810a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x581028; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x5811e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x581168; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x5810e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[6848] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x3bd228; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x3bd268; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x3bd1a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x3bd128; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x3bd328; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x3bd368; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x3bd2e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x3bd2a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x3bd068; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x3bd0a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x3bd028; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x3bd1e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x3bd168; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x3bd0e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[3136] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x209a28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x209a68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x2099a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x209928; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x209b28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x209b68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x209ae8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x209aa8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x209868; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x2098a8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x209828; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x2099e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x209968; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x2098e8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[5460] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89e0 8 bytes JMP 000007fff3ab0148
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fff3ab0110
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\PSAPI.DLL!GetModuleFileNameExW + 8 0000000077a51018 6 bytes JMP 000000016fff0110
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\PSAPI.DLL!GetModuleBaseNameW + 8 0000000077a511cc 6 bytes JMP 000000016fff00d8
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\d3d9.dll!Direct3DCreate9 000007fef3af96b0 6 bytes JMP 000007fff3ab00d8
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\dxgi.dll!DXGID3D10CreateDevice 000007fef620c638 5 bytes JMP 000007fff61e0148
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef620dc88 5 bytes JMP 000007fff61e00d8
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef620de10 5 bytes JMP 000007fff61e0110
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\d3d10.dll!D3D10CreateDevice 00000000022dafcc 9 bytes JMP 00000001022800d8
.text C:\Users\ALEXC~1\AppData\Local\Temp\{71A355C8-DFCB-4779-9357-CF7AAD10BAF1}\Setup.exe[4848] C:\windows\system32\d3d11.dll!D3D11CreateDevice 000007fef5b6fe88 7 bytes JMP 000007fef61e0180
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a7f991 7 bytes {MOV EDX, 0x734e28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a7fbd5 7 bytes {MOV EDX, 0x734e68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a7fc05 7 bytes {MOV EDX, 0x734da8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a7fc1d 7 bytes {MOV EDX, 0x734d28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a7fc35 7 bytes {MOV EDX, 0x734f28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a7fc65 7 bytes {MOV EDX, 0x734f68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a7fce5 7 bytes {MOV EDX, 0x734ee8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a7fcfd 7 bytes {MOV EDX, 0x734ea8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a7fd49 7 bytes {MOV EDX, 0x734c68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a7fe41 7 bytes {MOV EDX, 0x734ca8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a80099 7 bytes {MOV EDX, 0x734c28; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a810a5 7 bytes {MOV EDX, 0x734de8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a8111d 7 bytes {MOV EDX, 0x734d68; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a81321 7 bytes {MOV EDX, 0x734ce8; JMP RDX}
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe[700] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d9e9a2 5 bytes JMP 0000000174f319c0
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d9ebdc 5 bytes JMP 0000000174f31a40
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW 00000000770d13f0 5 bytes JMP 0000000174f31cb0
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77]
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77]
.text ... * 2
.text C:\Users\Alex C\Downloads\k6rjbftn.exe[1092] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW 00000000770d152c 5 bytes JMP 0000000174f31d00
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4444:1044] 000007fefaf72a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4444:5424] 000007fef049d618
---- Processes - GMER 2.1 ----
Library Ì÷Û*PH (*** suspicious ***) @ C:\windows\Explorer.EXE [3148] 000007fef3600000
Library C:\Program Files (x86)\Microsoft Security Client\MpOAv.dll (*** suspicious ***) @ C:\Users\Alex C\AppData\Local\Google\Chrome\Application\chrome.exe [2624] 00000000714e0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de562d2b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de562d2b (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----