Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

PUP malware detected

(In Progress)
(!)

STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
25-Jan-2013, 03:10 PM #1
PUP malware detected
Hi
PC performance took a real downturn recently. I undertook a Malwarebytes full scan and found PUP.Mywebsearch:


HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Quarantined and deleted successfully.

I deleted as the above indicates, then checked online about this and found that it is very difficult to remove (Malwarebytes only tool that detects it but won't remove it). It now takes forever to load browsers (firefox won't even load unless I close down and reboot) and the PC performance is worse

Many thanks in advance for your help in restoring life back to my PC!

HJT, dds and attach logfiles posted below.
ark.txt to follow


HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:14, on 25/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe
C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\David\Downloads\HijackThis.exe

dds log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by David at 18:09:39 on 2013-01-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2046.595 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\stacsv.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe
C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=hp
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.club-vaio.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrec ordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\google bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Hobbyist Software On-Off Helper] "c:\program files\hobbyist software\off-helper\Off-Helper Configuration.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliType Pro] "c:\program files\microsoft device center\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft device center\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\d ropbox.lnk - c:\users\david\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\e verno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\o nenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\o penof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\p urefl~1.lnk - c:\program files\pure flow server\twonkymediaserverconfig.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\purefl~1.lnk - c:\program files\pure flow server\twonkymediaserverconfig.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8} : NameServer = 192.168.2.1,89.16.173.11
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}\84F6D656 : NameServer = 192.168.2.1,89.16.173.11
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}\84F6D656 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5} : DHCPNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\wf9gy7j5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2354614&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=ku&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\users\david\appdata\roaming\mozilla\firefox\profiles\wf9gy7j5.default\ex tensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\david\appdata\roaming\mozilla\firefox\profiles\wf9gy7j5.default\ex tensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\david\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-16 11:18; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-08-21 07:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-18 217032]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-12-23 65848]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-2 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-2 361032]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-25 26984]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\trusteer\rapport \store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-29 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-12-23 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-12-23 166840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-2 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-2 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-20 44808]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-10-8 299008]
R2 Off-Helper;Off-Helper;c:\program files\hobbyist software\off-helper\Off-Helper Service.exe [2011-3-13 6656]
R2 PURE Flow Server;PURE Flow Server;c:\program files\pure flow server\twonkymediaserverwatchdog.exe -serviceversion 0 --> c:\program files\pure flow server\twonkymediaserverwatchdog.exe -serviceversion 0 [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-12-23 976728]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-10-4 17408]
R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [2007-12-18 841472]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-12-18 43904]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportm s\baseline\RapportIaso.sys [2012-10-29 21520]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-18 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-12-18 812544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-8-9 12400]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-18 30192]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-10-7 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-5-16 155320]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-28 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2013-01-25 15:46:40 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{50b6b934-4861-4920-9c23-8d9ba8608c67}\offreg.dll
2013-01-25 15:41:52 -------- d-----w- c:\users\david\appdata\local\WinZip
2013-01-25 15:38:38 -------- d-----w- c:\users\david\appdata\local\AVG Secure Search
2013-01-25 15:38:32 -------- d-----w- c:\programdata\AVG Secure Search
2013-01-25 15:38:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-01-25 15:38:13 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-01-25 15:38:12 -------- d-----w- c:\program files\AVG Secure Search
2013-01-25 09:23:40 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{50b6b934-4861-4920-9c23-8d9ba8608c67}\mpengine.dll
2013-01-24 11:09:17 -------- d-----w- c:\users\david\appdata\local\Programs
2013-01-20 13:42:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 11:18:56 -------- d-----w- c:\users\david\appdata\roaming\RealNetworks
2013-01-16 11:18:04 -------- d-----w- c:\program files\RealNetworks
2013-01-16 11:17:59 -------- d-----w- c:\programdata\RealNetworks
2013-01-16 11:17:48 -------- d-----w- c:\program files\common files\xing shared
2013-01-09 12:39:41 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 12:39:37 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 12:39:35 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 12:39:08 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 12:37:43 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-09 12:36:32 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 12:36:28 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-04 18:26:13 -------- d-----w- c:\users\david\appdata\local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2013-01-20 13:47:29 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-20 13:47:29 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-20 13:47:14 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-16 11:17:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-01-16 11:17:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-23 22:13:34 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-20 19:15:19 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-20 19:15:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-01-16 17:22:16 293736 ----a-w- c:\program files\iTunesOutlookAddIn.dll
2012-01-16 17:22:12 421736 ----a-w- c:\program files\iTunesHelper.exe
2012-01-16 17:22:12 403304 ----a-w- c:\program files\iTunesAdmin.dll
2012-01-16 17:22:12 156520 ----a-w- c:\program files\iTunesHelper.dll
2012-01-16 17:22:12 124776 ----a-w- c:\program files\iTunesMiniPlayer.dll
2012-01-16 17:22:08 9777000 ----a-w- c:\program files\iTunes.exe
2012-01-16 17:22:04 20868968 ----a-w- c:\program files\iTunes.dll
2012-01-16 17:22:02 803200 ----a-w- c:\program files\gnsdk_sdkmanager.dll
2012-01-16 17:22:02 3035520 ----a-w- c:\program files\gnsdk_dsp.dll
2012-01-16 17:22:02 287104 ----a-w- c:\program files\gnsdk_submit.dll
2012-01-16 17:22:02 246144 ----a-w- c:\program files\gnsdk_musicid.dll
2012-01-16 17:22:02 2010984 ----a-w- c:\program files\iPodUpdaterExt.dll
2011-11-14 20:16:44 112488 ----a-w- c:\program files\ITDetector.ocx
.
============= FINISH: 18:11:43.86 ===============

attach log

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 27/01/2012 20:54:30
System Uptime: 25/01/2013 13:46:36 (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | N/A | 2101/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 306.685 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP152: 08/01/2013 09:15:47 - Windows Update
RP153: 09/01/2013 22:08:07 - Windows Update
RP154: 15/01/2013 14:45:41 - Windows Update
RP155: 20/01/2013 13:39:27 - Installed Java 7 Update 11
RP156: 21/01/2013 19:44:09 - Installed Media Go Video Playback Engine 1.96.112.08260
RP157: 22/01/2013 12:35:10 - Windows Update
RP158: 25/01/2013 15:38:55 - Installed WinZip 17.0
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
.NET Utilities
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.5
Age of Empires III
ALDI Print Software
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AppMon Utility
ArcSoft Magic-i Visual Effects
Atlantis - Sky Patrol (remove only)
avast! Free Antivirus
AVG Security Toolbar
Big Fish Games Center
Big Fish Games Sudoku (remove only)
Bonjour
Browser Address Error Redirector
Browser Defender 2.0.6.15
calibre
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Inkjet Printer Driver Add-On Module
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon My Printer
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CD-LabelPrint
Cisco WebEx Meetings
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Click to Disc
Click to Disc Editor
Corel WinDVD
D3DX10
Disc2Phone
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Dropbox
DSD Direct
DSD Direct Player
DSD Playback Plug-in
Evernote v. 4.5.10
Garmin BaseCamp
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GearDrvs
Google Chrome
Google Desktop
Google Drive
Google Earth
Google Update Helper
Google Updater
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HijackThis 2.0.2
IDT Audio
iTunes
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 30
Junk Mail filter update
Kobo
Mahjong Towers Eternity (remove only)
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
Media Go
Media Go Video Playback Engine 1.96.112.08260
Mesh Runtime
Messenger Companion
Metalogic Finance Explorer 4.0.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works
Mobile Mouse Server
Mozilla Firefox 18.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Club VAIO
MyPoi Manager
Mystery Case Files - Prime Suspects (remove only)
Norton 360
NVIDIA Drivers
Off-Helper 3.03
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
OpenOffice.org 3.3
Picasa 3
PlayStation(R)Network Downloader
PlayStation(R)Store
PrimoPDF -- brought to you by Nitro PDF Software
PS3 Media Server
PURE Flow Server
QuickTime
Quo v2
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.92
Roxio Activation Module
Roxio Easy Media Creator Home
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Setting Utility Series
Shockwave
Sid Meier's Civilization 4 Complete
Sierra Utilities
Skype™ 6.0
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Ericsson Update Engine
Sony PC Companion 2.10.115
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 8
Symyx Draw 4.0.100
System Requirements Lab
Uniblue ProcessQuickLink 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO BD Menu Data
VAIO Camera Capture Utility
VAIO Content Folder Setting
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO Database Converter 1.0
VAIO Database Converter Ver 1.0
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
Vaio Marketing Tools
VAIO Media
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0
VAIO Media Registration Tool
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story 1.3 Upgrade
VAIO Movie Story 1.5 Upgrade
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Settings
VAIO Power Management
VAIO Smart Network
VAIO Update
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.4053
Virtual Villagers (remove only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VU5x86
WD SmartWare
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 17.0
Yahoo! Detect
.
==== End Of File ===========================
STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
25-Jan-2013, 03:18 PM #2
ark.txt follow-on
and the GMER ark.txt logfile.......

NB this was scanned with IAT/EAT unchecked


ark.txt log file

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-25 18:28:37
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST350083 rev.3.AA 465.76GB
Running: 3dv0l9nk.exe; Driver: C:\Users\David\AppData\Local\Temp\pgloapod.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8EF264BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E9B5C22]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8E8DC0DA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8EF31FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8EF31FF4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8E8DCCA6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8EF32176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8EF31F16]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x89172EEE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x891730E0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E9B5FA6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8EF31F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8EF2711C]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\Rappor tCerberus32_43926.sys ZwCreateThreadEx [0x891D56C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8EF32130]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x891732E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8EF2793E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8EF26508]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8E8DCEB8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8E8E0714]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8E8E0756]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E9B5CEA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E9B43EC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8E8E08FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8EF26556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8EF2B534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8EF283A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8EF31FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8EF32016]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8E8DCDCA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8EF3219A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8EF31F3C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8E8DC282]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8EF320BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8EF31F86]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8E8DC482]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8EF32154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E9B5E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8EF28272]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8E8E085E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8EF27F86]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8E8E07A8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8E8E07EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8E8E0824]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8EF265A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8EF265F2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8E8DC068]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8E8DCF6A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8EF261FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8EF263AA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8E8E069C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8EF26350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8EF27AF8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8E8DBFE6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8EF2641A]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x89172B5C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8E8DBF46]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8E9B441C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8EF26640]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E9B5D96]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83042A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307C4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83083500 4 Bytes [BA, 64, F2, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83083528 4 Bytes [22, 5C, 9B, 8E] {AND BL, [EBX+EBX*4-0x72]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83083588 4 Bytes [DA, C0, 8D, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 830835DC 16 Bytes [A8, 1F, F3, 8E, F4, 1F, F3, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83083604 4 Bytes [16, 1F, F3, 8E]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83211C88 5 Bytes JMP 8E9CBCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8322A2B0 5 Bytes JMP 8E9CD828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8323F3F7 4 Bytes CALL 8EF28A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8325920E 4 Bytes CALL 8EF28AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91211360, 0x35B0A2, 0xE8000020]
? C:\Users\David\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text user32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes [E9, 0A, 5C, 2E, 8A] {JMP 0x8a2e5c0f}
.text user32.dll!UnhookWinEvent 7601B750 5 Bytes [E9, A7, 4C, 2E, 8A] {JMP 0x8a2e4cac}
.text user32.dll!SetWindowsHookExW 7601E30C 5 Bytes [E9, F3, 24, 2E, 8A] {JMP 0x8a2e24f8}
.text user32.dll!SetWinEventHook 760224DC 5 Bytes [E9, 17, DD, 2D, 8A] {JMP 0x8a2ddd1c}
.text user32.dll!SetWindowsHookExA 76046D0C 5 Bytes [E9, EF, 98, 2B, 8A] {JMP 0x8a2b98f4}
.text kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text sechost.dll!SetServiceObjectSecurity 75825181 5 Bytes [E9, 8E, BE, AC, 8A] {JMP 0x8aacbe93}
.text sechost.dll!ChangeServiceConfigA 75825254 5 Bytes [E9, AB, B5, AC, 8A] {JMP 0x8aacb5b0}
.text sechost.dll!ChangeServiceConfigW 758253D5 5 Bytes [E9, 2E, B6, AC, 8A] {JMP 0x8aacb633}
.text sechost.dll!ChangeServiceConfig2A 758254C2 5 Bytes [E9, 45, B7, AC, 8A] {JMP 0x8aacb74a}
.text sechost.dll!ChangeServiceConfig2W 758255E2 5 Bytes [E9, 29, B8, AC, 8A] {JMP 0x8aacb82e}
.text sechost.dll!CreateServiceA 7582567C 5 Bytes [E9, 77, AB, AC, 8A] {JMP 0x8aacab7c}
.text sechost.dll!CreateServiceW 7582589F 5 Bytes [E9, 58, AB, AC, 8A] {JMP 0x8aacab5d}
.text sechost.dll!DeleteService 75825A22 5 Bytes [E9, D9, AB, AC, 8A] {JMP 0x8aacabde}
STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
25-Jan-2013, 03:24 PM #3
more of ark.txt (part 2)
....hopefully


---- User code sections - GMER 2.0 ----

.text C:\Windows\system32\svchost.exe[420] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Sony\Network Utility\NSUService.exe[444] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[468] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[540] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[552] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text ...
.text C:\Program Files\Microsoft Device Center\itype.exe[728] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000803FC
.text C:\Program Files\Microsoft Device Center\itype.exe[728] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000801F8
.text C:\Program Files\Microsoft Device Center\itype.exe[728] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00150A08
.text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001503FC
.text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00150804
.text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001501F8
.text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] ntdll.dll!KiUserApcDispatcher 77176F38 5 Bytes JMP 00414FF0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] WS2_32.dll!getaddrinfo 77284296 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] WS2_32.dll!gethostbyname 77297673 5 Bytes JMP 71AE0022
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[956] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\rundll32.exe[1032] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC
.text C:\Windows\System32\rundll32.exe[1032] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8
.text C:\Windows\System32\rundll32.exe[1032] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[1032] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\rundll32.exe[1032] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\rundll32.exe[1032] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\rundll32.exe[1032] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\rundll32.exe[1032] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] ntdll.dll!KiUserApcDispatcher 77176F38 5 Bytes JMP 0043A7C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] WS2_32.dll!getaddrinfo 77284296 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] WS2_32.dll!gethostbyname 77297673 5 Bytes JMP 71AE0022
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1304] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1452] kernel32.dll!SetUnhandledExceptionFilter 75C2F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1452] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001803FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00180804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001801F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00180600
.text C:\Windows\System32\spoolsv.exe[1596] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\notepad.exe[1620] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC
.text C:\Windows\notepad.exe[1620] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8
.text C:\Windows\notepad.exe[1620] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\notepad.exe[1620] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00240A08
.text C:\Windows\notepad.exe[1620] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002403FC
.text C:\Windows\notepad.exe[1620] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00240804
.text C:\Windows\notepad.exe[1620] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002401F8
.text C:\Windows\notepad.exe[1620] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00240600
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1752] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1808] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1844] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 94, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 97, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 94, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 95, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76185738 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 96, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 95, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 96, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761857C9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 94, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 76185987 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 95, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 96, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 97, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 010603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 010601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 01180A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 011803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 01180804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 011801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 01180600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1864] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\stacsv.exe[1912] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1944] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000803FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000801F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000903FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00090804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000901F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00090600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 002003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 002001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00220A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002203FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00220804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002201F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00220600
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000A0A08
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000A03FC
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000A0804
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000A01F8
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000A0600
.text C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe[2136] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2160] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskeng.exe[2160] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskeng.exe[2160] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2160] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\taskeng.exe[2160] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001303FC
.text C:\Windows\system32\taskeng.exe[2160] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00130804
.text C:\Windows\system32\taskeng.exe[2160] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\taskeng.exe[2160] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00130600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, C4, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, C7, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, C4, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, C5, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76186368 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, C6, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, C5, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, C6, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761863F9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, C4, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761865B7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, C5, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, C6, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, C7, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 010B03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 010B01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 01240A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 012403FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 01240804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 012401F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 01240600
.text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[2220] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2296] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[2428] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\taskeng.exe[2472] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskeng.exe[2472] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskeng.exe[2472] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2472] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[2472] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[2472] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[2472] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[2472] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2552] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2724] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[2880] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00140804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00140600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, B4, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, B7, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, B4, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, B5, E6, 00] {TEST AL, 0xb5; OUT 0x0, AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76184458 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, B6, E6, 00] {TEST AL, 0xb6; OUT 0x0, AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, B5, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, B6, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761844E9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, B4, E6, 00] {TEST AL, 0xb4; OUT 0x0, AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761846A7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, B5, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, B6, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, B7, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00EB03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00EB01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00ED0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00ED03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00ED0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00ED01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00ED0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00210A08
STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
25-Jan-2013, 03:25 PM #4
more of ark.txt (part 3)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00210600
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, C4, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, C7, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, C4, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, C5, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76183468 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, C6, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, C5, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, C6, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761834F9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, C4, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761836B7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, C5, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, C6, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, C7, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00E103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00E101F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00E20A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00E203FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00E20804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00E201F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00E20600
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000D03FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000D01F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] KERNEL32.dll!SetUnhandledExceptionFilter 75C2F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000E0A08
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000E03FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000E0804
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000E01F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000E0600
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[3400] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3472] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[3480] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC
.text C:\Windows\System32\rundll32.exe[3480] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8
.text C:\Windows\System32\rundll32.exe[3480] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[3480] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\rundll32.exe[3480] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\rundll32.exe[3480] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\rundll32.exe[3480] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\rundll32.exe[3480] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Windows\System32\WUDFHost.exe[3484] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000F03FC
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000F0804
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000F01F8
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 003003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00300804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 003001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00300600
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001803FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00180804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001801F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00180600
.text C:\Windows\system32\NOTEPAD.EXE[3996] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\NOTEPAD.EXE[3996] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\NOTEPAD.EXE[3996] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00A703FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00A701F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00AA0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00AA03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00AA0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00AA01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00AA0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, AC, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, AF, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, AC, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, AD, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, AE, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, AD, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, AE, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, AC, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, AD, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, AE, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, AF, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 008103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 008101F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00830A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 008303FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00830804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 008301F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00830600
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001803FC
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00180804
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00180600
.text C:\Windows\System32\svchost.exe[4668] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001203FC
.text C:\Windows\System32\svchost.exe[4668] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001201F8
.text C:\Windows\System32\svchost.exe[4668] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4668] user32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\svchost.exe[4668] user32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001403FC
.text C:\Windows\System32\svchost.exe[4668] user32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00140804
.text C:\Windows\System32\svchost.exe[4668] user32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\svchost.exe[4668] user32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00140600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, B4, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, B7, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, B4, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, B5, B2, 00] {TEST AL, 0xb5; MOV DL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76181058 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, B6, B2, 00] {TEST AL, 0xb6; MOV DL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, B5, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, B6, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761810E9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, B4, B2, 00] {TEST AL, 0xb4; MOV DL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761812A7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, B5, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, B6, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, B7, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00CF03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00CF01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00D50A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00D503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00D50804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00D501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00D50600
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 04, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 07, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 04, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 05, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 761800A8 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 06, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 05, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 06, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 76180139 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 04, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761802F7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 05, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 06, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 07, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00AF03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00AF01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00B60A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00B603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00B60804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00B601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00B60600
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\taskhost.exe[4832] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000A03FC
STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
25-Jan-2013, 03:27 PM #5
more of ark.txt (part 4)
.text C:\Windows\system32\taskhost.exe[4832] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\taskhost.exe[4832] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[4832] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00220A08
.text C:\Windows\system32\taskhost.exe[4832] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002203FC
.text C:\Windows\system32\taskhost.exe[4832] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00220804
.text C:\Windows\system32\taskhost.exe[4832] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002201F8
.text C:\Windows\system32\taskhost.exe[4832] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00220600
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 002E03FC
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 002E01F8
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] KERNEL32.dll!SetUnhandledExceptionFilter 75C2F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002F03FC
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 002F0804
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002F01F8
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 002F0600
.text C:\Windows\system32\SearchIndexer.exe[5100] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[5100] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[5100] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00090804
.text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00090600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, D8, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, DB, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, D8, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, D9, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 7618347C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, DA, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, D9, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, DA, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 7618350D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, D8, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761836CB C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, D9, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, DA, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, DB, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00DC03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00DC01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00DE0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00DE03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00DE0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00DE01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00DE0600
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000D03FC
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000D01F8
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[5488] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[5488] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[5488] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[5488] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\svchost.exe[5488] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\svchost.exe[5488] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\svchost.exe[5488] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\svchost.exe[5488] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\conhost.exe[5520] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000B03FC
.text C:\Windows\system32\conhost.exe[5520] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000B01F8
.text C:\Windows\system32\conhost.exe[5520] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\conhost.exe[5520] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\conhost.exe[5520] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\conhost.exe[5520] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\conhost.exe[5520] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\conhost.exe[5520] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00140600
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001F03FC
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001F01F8
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, A4, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, A7, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, A4, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, A5, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76181A48 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, A6, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, A5, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, A6, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 76181AD9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, A4, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 76181C97 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, A5, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, A6, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, A7, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00C903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00C901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00CB0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00CB03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00CB0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00CB01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00CB0600
.text C:\Windows\system32\NOTEPAD.EXE[6496] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\NOTEPAD.EXE[6496] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\NOTEPAD.EXE[6496] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00300A08
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 003003FC
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00300804
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 003001F8
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00300600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, D8, 8B, 00] {SUB AL, BL; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, DB, 8B, 00] {SUB BL, BL; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, D8, 8B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, D9, 8B, 00] {TEST AL, 0xd9; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, DA, 8B, 00] {TEST AL, 0xda; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, D9, 8B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, DA, 8B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, D8, 8B, 00] {TEST AL, 0xd8; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, D9, 8B, 00] {SUB CL, BL; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, DA, 8B, 00] {SUB DL, BL; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, DB, 8B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 009803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 009801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 009A0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 009A03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 009A0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 009A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 009A0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 7C, 77, 00] {SUB [EDI+ESI*2+0x0], BH}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 7F, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 7C, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 7D, 77, 00] {TEST AL, 0x7d; JA 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 7E, 77, 00] {TEST AL, 0x7e; JA 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 7D, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 7E, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 7C, 77, 00] {TEST AL, 0x7c; JA 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 7D, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 7E, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 7F, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 008403FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 008401F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00860A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 008603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00860804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 008601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00860600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 98, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 9B, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 98, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 99, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 7618053C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 9A, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 99, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 9A, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761805CD C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 98, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 7618078B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 99, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 9A, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 9B, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00AD03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00AD01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00AF0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00AF03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00AF0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00AF01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00AF0600
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!NtMapViewOfSection 77175C28 5 Bytes JMP 719F0022
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!KiUserApcDispatcher + E 77176F46 5 Bytes JMP 0121E740 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CreateProcessW 75BE204D 6 Bytes PUSH 71470022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CreateNamedPipeW 75C12D97 6 Bytes PUSH 71530022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!GetQueuedCompletionStatus 75C14E90 6 Bytes PUSH 71630022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CreateIoCompletionPort 75C18ED1 6 Bytes PUSH 714F0022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!ReadFile 75C29BAE 6 Bytes PUSH 714B0022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CloseHandle 75C2E868 6 Bytes PUSH 715F0022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!SetUnhandledExceptionFilter 75C2F4FB 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!WriteFile 75C353EE 6 Bytes PUSH 71570022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CancelIo 75C412BE 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] WS2_32.dll!getaddrinfo 77284296 5 Bytes JMP 716B0022
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] GDI32.dll!BitBlt 75E272C0 6 Bytes PUSH 71890022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] GDI32.dll!StretchDIBits 75E2A53E 6 Bytes PUSH 71850022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetParent 76018314 6 Bytes PUSH 717B0022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!CreateWindowExA 7601BF40 6 Bytes JMP 7192000A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00110804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!CreateWindowExW 7601EC7C 6 Bytes JMP 7196000A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!RegisterClassW 7601ED4A 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!ShowWindow 7601F2A9 6 Bytes PUSH 71730022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!RegisterClassExW 76020162 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001101F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowLongW 76024449 6 Bytes PUSH 71770022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!PeekMessageW 7602634A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!TranslateMessage 760264C7 6 Bytes PUSH 716F0022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetClipboardData 76032BA7 6 Bytes PUSH 71810022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00110600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] CRYPT32.dll!CertVerifyCertificateChainPolicy 7543A74E 6 Bytes PUSH 718D0022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ADVAPI32.dll!CreateProcessAsUserW 772CC592 6 Bytes PUSH 71430022; RET
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 5C, E4, 00] {SUB [ESP+0x0], BL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 5F, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 5C, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 5D, E4, 00] {TEST AL, 0x5d; IN AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76184200 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 5E, E4, 00] {TEST AL, 0x5e; IN AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 5D, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 5E, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 76184291 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 5C, E4, 00] {TEST AL, 0x5c; IN AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 7618444F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 5D, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 5E, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 5F, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00EA03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00EA01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00EC0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00EC03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00EC0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00EC01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00EC0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600

---- EOF - GMER 2.0 ----

(maybe I should have used an attachment after all......)
STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
27-Jan-2013, 06:56 AM #6
Bump
Not sure if computer performance is related to PUP:mywebsearch or other issues, but ability to use browsers has become more frustrating even since first post.

Thanks for any help or advice you can provide
STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
29-Jan-2013, 05:36 AM #7
Have I been overlooked?
Hi
I've not had a response yet - and it may be because of the manner in which I have presented my problem (ie posting all necessary log files across 4 posts)

If my (assumed) problem isn't relevant for this forum, please let me know

Thanks in advance
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jan-2013, 06:09 AM #8
Download http://general-changelog-team.fr/fr/...e/2-adwcleaner by Xplode onto your Desktop.
  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/comb...o-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
29-Jan-2013, 02:11 PM #9
Partial Response - ComboFix infected on bleepingcomputer site
Kevin

I can only provide a partial response for now.
Bleeping computer have suffered from an infected ComboFix (Sality virus) and have pulled the application from their site today.

They also advise users on steps to take if they have used a recent ComboFix (which is likely to be infected):
http://www.bleepingcomputer.com/forums/topic483431.html

Hope this is helpful - i guess you guys will experience some outcomes from this.

Here is my first log

David


# AdwCleaner v2.109 - Logfile created 01/29/2013 at 16:58:19
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : David - DAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\David\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\se archplugins\Askcom.xml
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\se archplugins\Conduit.xml
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\se archplugins\mywebsearch.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\David\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\David\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\David\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\David\AppData\LocalLow\MyWebSearch

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-GB)

File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\pr efs.js

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\us er.js ... Deleted !

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.userId", "{9c4ce659-37b7-47a0-8efc-2153ff9218e9}");
Deleted : user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://www.bbc.co.uk/\",\"title\":\"BBC - Homepa[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "Free Radio TV Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2354614&Sea[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE1[...]
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg[...]
Deleted : user_pref("extensions.opensearch@ask.com.install-event-fired", true);
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&m[...]

-\\ Google Chrome v24.0.1312.56

File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7240 octets] - [29/01/2013 16:58:19]

########## EOF - C:\AdwCleaner[S1].txt - [7300 octets] ##########
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jan-2013, 02:58 PM #10
Yep Combofix is on hold until the Developer gives us the all clear. For now run the following and post its log...

Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept


  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan


  • When the scan completes select Report, copy and paste that to your reply.


  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Kevin
STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
29-Jan-2013, 03:53 PM #11
RogueKiller
Hmmm,
I got as far as running the scan following your instruction precisely.
Then got an error message saying windows stopped running RogueKiller.

Thought I would ask you first before I tried again.....?
D
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jan-2013, 04:00 PM #12
Run ESET online AV scan, see what that log turns up...

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Kevin...
STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
29-Jan-2013, 06:54 PM #13
ESET Scan
Kevin

2 threats found. I think I know the source of both of them.
I used HFS for a while to wireless convey pictures from PC to TV (by way of PS3)
I just downloaded trial version of winzip a couple of days ago (but since the PC slow-down)

I am happy to remove either/both


ESET SCAN

C:\Users\David\Downloads\hfs.exe a variant of Win32/Server-Web.HFS.A application
C:\Users\David\Downloads\WinZip170.exe a variant of Win32/OpenInstall application

David
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
30-Jan-2013, 03:53 AM #14
Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

Code:
@echo off
del /f /s /q "C:\Users\David\Downloads\hfs.exe"
del /f /s /q "C:\Users\David\Downloads\WinZip170.exe"
del %0
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: <--XP <--vista or windows 7
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Next,

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Let me see those logs please, also give an update on current issues or concerns..

Kevin
STIG_DH's Avatar
STIG_DH STIG_DH is offline
Member with 58 posts.
THREAD STARTER
 
Join Date: Jan 2013
30-Jan-2013, 05:30 AM #15
Log file from OTL
Kevin

as requested in your last post this morning. I will try to send in 2 successive files as i continue to experience a problem in previewing or sending this post - it (seems to take too long to submit / accept and then I get timed out. (A symptom of my general problems- if not imposed by a text file limit on your forum).

I will send on Extras log file than reboot PC and report what more fully I see wrt performance etc in ca 30mins.
Thanks

David



OTL.txt log file

OTL logfile created on: 30/01/2013 08:30:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.64% Memory free
4.00 Gb Paging File | 1.79 Gb Available in Paging File | 44.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 304.50 Gb Free Space | 66.95% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 08:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
PRC - [2013/01/25 15:37:51 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2013/01/18 08:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/01/16 11:17:16 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/01/10 15:58:22 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/01/10 15:48:32 | 000,395,616 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteTray.exe
PRC - [2013/01/10 15:48:30 | 011,771,744 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\Evernote.exe
PRC - [2013/01/04 22:29:06 | 028,539,232 | ---- | M] (Dropbox, Inc.) -- C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/23 22:13:16 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 18:16:12 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe
PRC - [2012/10/26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2012/09/23 19:44:16 | 001,600,512 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2012/06/26 20:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Device Center\ipoint.exe
PRC - [2012/06/26 20:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Device Center\itype.exe
PRC - [2011/08/08 11:12:42 | 000,039,080 | ---- | M] (RPA Technology) -- C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
PRC - [2011/03/10 00:50:38 | 000,565,248 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
PRC - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
PRC - [2009/10/29 10:11:14 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe
PRC - [2009/10/29 10:11:12 | 000,665,232 | ---- | M] () -- C:\Program Files\PURE Flow Server\twonkymediaserver.exe
PRC - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/11/05 07:32:40 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 04:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/29 17:04:49 | 000,086,016 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_elementtree.pyd
MOD - [2013/01/29 17:04:49 | 000,040,448 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_socket.pyd
MOD - [2013/01/29 17:04:48 | 001,024,616 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\windows._cacheinvalidation.pyd
MOD - [2013/01/29 17:04:48 | 000,792,576 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._gdi_.pyd
MOD - [2013/01/29 17:04:48 | 000,571,392 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\pysqlite2._sqlite.pyd
MOD - [2013/01/29 17:04:48 | 000,263,168 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32com.shell.shell.pyd
MOD - [2013/01/29 17:04:48 | 000,153,088 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\pyexpat.pyd
MOD - [2013/01/29 17:04:48 | 000,096,256 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32api.pyd
MOD - [2013/01/29 17:04:48 | 000,070,656 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._html2.pyd
MOD - [2013/01/29 17:04:48 | 000,023,040 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32ts.pyd
MOD - [2013/01/29 17:04:48 | 000,017,920 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32profile.pyd
MOD - [2013/01/29 17:04:48 | 000,011,776 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32crypt.pyd
MOD - [2013/01/29 17:04:47 | 000,731,136 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._misc_.pyd
MOD - [2013/01/29 17:04:47 | 000,354,304 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\pythoncom26.dll
MOD - [2013/01/29 17:04:47 | 000,073,728 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_ctypes.pyd
MOD - [2013/01/29 17:04:46 | 001,169,408 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._core_.pyd
MOD - [2013/01/29 17:04:46 | 000,807,424 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._windows_.pyd
MOD - [2013/01/29 17:04:46 | 000,645,120 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_ssl.pyd
MOD - [2013/01/29 17:04:46 | 000,311,808 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_hashlib.pyd
MOD - [2013/01/29 17:04:46 | 000,110,592 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32security.pyd
MOD - [2013/01/29 17:04:46 | 000,110,592 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\PyWinTypes26.dll
MOD - [2013/01/29 17:04:46 | 000,036,352 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32process.pyd
MOD - [2013/01/29 17:04:46 | 000,022,528 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32pdh.pyd
MOD - [2013/01/29 17:04:45 | 000,121,856 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._wizard.pyd
MOD - [2013/01/29 17:04:45 | 000,111,104 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32file.pyd
MOD - [2013/01/29 17:04:45 | 000,039,424 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32inet.pyd
MOD - [2013/01/29 17:04:44 | 001,056,256 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._controls_.pyd
MOD - [2013/01/29 17:04:44 | 000,585,728 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\unicodedata.pyd
MOD - [2013/01/29 17:04:44 | 000,017,920 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32event.pyd
MOD - [2013/01/29 17:04:44 | 000,011,776 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\select.pyd
MOD - [2013/01/18 08:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
MOD - [2013/01/18 08:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 08:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 08:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013/01/18 08:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013/01/18 08:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2013/01/11 10:28:47 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e779 5ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/11 10:18:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d 0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/11 10:17:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d2081 1a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 10:17:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617c af670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/11 10:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6 e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:15:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4 f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 10:11:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf 19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 10:09:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a 5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:09:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce 0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 10:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bc f0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 10:08:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec0319 88b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:08:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77f cc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:05:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d1 8dea582912c\System.ni.dll
MOD - [2013/01/11 10:05:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88 f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/29 11:50:00 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/09/23 19:44:16 | 001,600,512 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/08/29 06:50:42 | 021,009,920 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libcef.dll
MOD - [2012/08/29 06:50:28 | 000,133,134 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avutil-51.dll
MOD - [2012/08/29 06:50:26 | 000,189,454 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avformat-54.dll
MOD - [2012/08/29 06:50:24 | 000,983,054 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avcodec-54.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/27 22:17:09 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/14 13:19:56 | 000,025,600 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\BonjourService.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2013/01/25 15:37:51 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2013/01/20 13:47:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 10:24:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 18:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/01/28 06:21:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe -- (Off-Helper)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe -- (PURE Flow Server)
SRV - [2009/09/08 17:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/30 10:49:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareReso urceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2013/01/29 19:48:54 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2013/01/25 15:37:52 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/12/23 22:13:34 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/12/23 22:13:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/12/23 22:13:32 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/29 11:50:33 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCer berus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/09 13:55:05 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/08/09 13:55:05 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/10/07 17:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/20 15:52:06 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/11/23 14:59:43 | 000,841,472 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2007/11/08 03:04:27 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/11/08 03:04:27 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/11/07 00:16:12 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/27 00:22:55 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/20 00:12:57 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/19 21:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/08/29 01:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 08:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/24 08:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007/04/24 08:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 08:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 08:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://club.vaio.sony.co.uk/clubva [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0717AC97-BDB4-4CEB-85B7-0CA63B554F35}: "URL" = http://www.cnet.com/4244-5_1-0.html?query={searchTerms}&tag=srch&target=nw
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en-GB
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{D8B9925B-7A40-427C-A6EA-191BC3A43307}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/20 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]

[2012/01/27 19:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/01/14 18:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\ex tensions
[2012/12/01 13:19:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\ex tensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\ex tensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\ex tensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/01/14 17:09:38 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\ex tensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/02/10 15:52:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\ex tensions\piclens@cooliris.com
[2013/01/14 18:31:15 | 000,579,823 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\ex tensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi
[2012/11/26 08:18:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\ex tensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/19 10:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 10:24:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2013/01/16 11:17:26 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/12/05 18:48:18 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/10/15 09:10:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/05 18:48:18 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/12/05 18:48:18 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/15 09:10:53 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/12/05 18:48:18 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.bbc.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggesti on}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bbc.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\David\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kingdom Rush = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\
CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Wave theme = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgahidbcmoibbodajeakkjpocflpnad\1.32_0\
CHR - Extension: SlideRocket = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.5_0\
CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe (Microsoft)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PUREFlow Server.lnk = C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe (PacketVideo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX9\dxsetup.exe
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/29 22:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/01/29 20:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
[2013/01/29 18:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/01/26 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\AstraZeneca Employment
[2013/01/25 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip
[2013/01/25 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/01/25 15:40:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Add-in Express
[2013/01/25 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/01/25 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/01/25 15:38:20 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/01/25 15:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/01/24 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
[2013/01/21 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Sony
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/20 13:42:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/16 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RealNetworks
[2013/01/16 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/01/16 11:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/16 11:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/01/16 11:17:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/16 11:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/16 11:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/09 12:39:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 12:38:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 12:38:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 12:38:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 12:38:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 12:38:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 12:38:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 12:38:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 12:38:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 12:38:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 12:38:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 12:38:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 12:38:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 12:38:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 12:38:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 12:37:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 12:37:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 12:37:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 12:37:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 12:37:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 12:37:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 12:37:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 12:37:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 12:37:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 12:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 12:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 12:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 12:37:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 12:37:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 12:36:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 12:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/04 18:26:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ElevatedDiagnostics
[2012/01/16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/01/16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/01/16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/01/16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/01/16 17:22:12 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2012/01/16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/01/16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/01/16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/01/16 17:22:02 | 002,010,984 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
[2012/01/16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/01/16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/01/16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/30 08:20:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/30 08:20:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/30 08:17:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/30 08:15:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/29 22:19:12 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/01/29 22:19:12 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/01/29 19:48:54 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/01/29 17:17:38 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 17:17:38 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 17:04:31 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.001
[2013/01/29 17:03:24 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/29 16:59:11 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/29 15:36:26 | 000,086,586 | ---- | M] () -- C:\Users\David\Desktop\ideaTraX expanded item.png
[2013/01/29 14:45:56 | 000,063,511 | ---- | M] () -- C:\Users\David\Desktop\ideaTraX TB.png
[2013/01/29 10:52:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/01/28 18:18:30 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/01/26 18:18:16 | 000,639,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/26 18:18:16 | 000,115,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/25 15:41:22 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/25 15:37:52 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/01/25 09:10:20 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (weekly scan).job
[2013/01/24 11:44:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:47:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/20 13:47:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/20 13:47:14 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/20 13:30:53 | 000,002,205 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2013/01/20 13:27:36 | 000,007,605 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/19 11:25:19 | 000,000,963 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/16 11:18:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/16 11:17:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/11 10:12:15 | 000,001,049 | ---- | M] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/11 10:09:46 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\Dropbox.lnk
[2013/01/11 09:59:01 | 000,484,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/29 22:19:12 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/01/29 19:48:53 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/01/29 16:58:45 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/29 14:51:52 | 000,086,586 | ---- | C] () -- C:\Users\David\Desktop\ideaTraX expanded item.png
[2013/01/29 14:44:12 | 000,063,511 | ---- | C] () -- C:\Users\David\Desktop\ideaTraX TB.png
[2013/01/25 15:41:22 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:38:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 13:27:36 | 000,007,605 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/16 11:18:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/11 10:12:15 | 000,001,049 | ---- | C] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/02 09:14:03 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012/01/27 19:49:01 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011/04/30 07:27:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/30 07:27:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/01/30 10:11:12 | 000,025,773 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
[2009/12/08 21:14:18 | 000,000,255 | ---- | C] () -- C:\Users\David\SyncDocs.conf
[2009/03/13 16:51:59 | 000,003,272 | ---- | C] () -- C:\Users\David\TutorialOpen.xba
[2008/10/22 14:33:00 | 000,001,414 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.001

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\calibre
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\CD-LabelPrint
[2012/01/27 19:19:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Chilirec
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702 B320485DF8CE.1
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DriverCure
[2013/01/29 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
[2012/05/12 18:11:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GARMIN
[2012/09/23 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICAClient
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
[2012/02/05 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IsolatedStorage
[2012/01/27 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MessengerGadget
[2012/01/27 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
[2010/01/30 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PeerNetworking
[2013/01/16 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PrimoPDF
[2012/02/14 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Quo2
[2012/05/18 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sony
[2012/02/05 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Symyx
[2012/01/31 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Teleca
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2013/01/29 13:06:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\webex
[2012/03/06 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\wsInspector

========== Purity Check ==========



< End of report >
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
malwarebytes, mywebsearch, pup

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑