1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer running slow...

Discussion in 'Virus & Other Malware Removal' started by DonnieR, Jan 18, 2013.

Thread Status:
Not open for further replies.
  1. DonnieR

    DonnieR Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    5
    I've noticed my PC is running a little slow esp. while I am on the internet; tabs open slow, pages load slow, etc

    I think I have some malware/spyware issues.

    Thanks in advance!


    HiJack Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:03:26 PM, on 1/18/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system\wcdvtray.exe
    C:\Program Files\Norton GoBack\GBPoll.exe
    C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\DS\dskl.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    C:\WINDOWS\system32\lxdicoms.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\lxducoms.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Documents and Settings\Donnie\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Documents and Settings\Donnie\Application Data\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Norton GoBack\GBTray.exe
    C:\Documents and Settings\Donnie\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Donnie\My Documents\Downloads\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    O3 - Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
    O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
    O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [dskl] C:\DS\dskl.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Donnie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Donnie\Local Settings\Application Data\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Donnie\Application Data\Spotify\Data\SpotifyWebHelper.exe"
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.youtube.com
    O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215652211593
    O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
    O20 - AppInit_DLLs:
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
    O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
    O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 19952 bytes


    -----------------
    DSS Log

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Donnie at 22:06:06 on 2013-01-18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.426 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: User Protection *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system\wcdvtray.exe
    C:\Program Files\Norton GoBack\GBPoll.exe
    C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
    C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\DS\dskl.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    C:\WINDOWS\system32\lxdicoms.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\lxducoms.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Documents and Settings\Donnie\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Documents and Settings\Donnie\Application Data\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Norton GoBack\GBTray.exe
    C:\Documents and Settings\Donnie\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
    uURLSearchHooks: {03402f96-3dc7-4285-bc50-9e81fefafe43} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\donnie\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [Akamai NetSession Interface] "c:\documents and settings\donnie\local settings\application data\akamai\netsession_win.exe"
    uRun: [Spotify Web Helper] "c:\documents and settings\donnie\application data\spotify\data\SpotifyWebHelper.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [WINDVDPatch] CTHELPER.EXE
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [OWCWebCamDV] c:\windows\system\wcdvtray.exe
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
    mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
    mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
    mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [FaxCenterServer] "c:\program files\\lexmark fax solutions\fm3032.exe" /s
    mRun: [dskl] c:\ds\dskl.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 8\drag to disc\DrgToDsc.exe"
    mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\donnie\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\norton~1.lnk - c:\program files\norton goback\GBTray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoCDBurning = dword:1
    mPolicies-Explorer: BackupNoCDBurning = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - <no file>
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215652211593
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{5CEBA84A-7B8C-48E9-B923-387B1EFACEC8} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    AppInit_DLLs=
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\donnie\application data\mozilla\firefox\profiles\lhf0vqva.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\donnie\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\documents and settings\donnie\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\donnie\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\donnie\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\donnie\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\donnie\local settings\application data\robloxversions\version-5fb0645efa584e24\NPRobloxProxy.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\NPSWF32.dll
    FF - ExtSQL: !HIDDEN! 2009-09-01 18:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(protocol-handler.warn-external.dnUpdate, false);user_pref(extensions.autoDisableScopes, 14
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 35552]
    R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-12-25 10624]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 164832]
    R2 agentcd;DriverAgent Class Driver;c:\windows\system32\AgentCD.sys [2009-9-20 196096]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-12 14336]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
    R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
    R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
    R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-5-11 98984]
    R2 Mojave;Dazzle Mojave Device;c:\windows\system32\drivers\Mojave.sys [2002-9-25 120352]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-9-17 212608]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
    S3 dump_wmimmc;dump_wmimmc;\??\c:\aeriagames\wolfteam\gameguard\dump_wmimmc.sys --> c:\aeriagames\wolfteam\gameguard\dump_wmimmc.sys [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 udfpt;udfpt;c:\windows\system32\drivers\udfpt.sys --> c:\windows\system32\drivers\udfpt.sys [?]
    S3 vtdg46xx;vtdg46xx;\??\c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys --> c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [?]
    S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-9-17 12672]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"
    ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia extreme\digital theatre\uDTStart.exe" "%1"
    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2012-12-26 18:50:15 -------- d-----w- c:\program files\iPod
    2012-12-26 18:50:06 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-12-26 18:50:05 -------- d-----w- c:\program files\iTunes
    .
    ==================== Find3M ====================
    .
    2013-01-09 19:37:22 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 19:37:22 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
    2012-10-22 19:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2010-10-09 23:40:03 1166003456 ----a-w- c:\program files\CombatArmsSetupV51.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe GoBack2K.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
    c:\windows\system32\drivers\GoBack2K.sys Symantec Corporation Norton GoBack
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A508AB8]
    3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000076[0x8A586F18]
    5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8A53BD98]
    kernel: MBR read successfully
    _asm { CALL 0x56; }
    user != kernel MBR !!!
    .
    ============= FINISH: 22:08:00.46 ===============

    ATTACH LOG

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/9/2008 7:53:27 PM
    System Uptime: 1/15/2013 6:17:33 PM (76 hours ago)
    .
    Motherboard: Intel Corporation | | D845PT
    Processor: Intel(R) Pentium(R) 4 CPU 1.70GHz | J1E1 | 1694/100mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 298 GiB total, 229.226 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 150 GiB total, 88.378 GiB free.
    G: is FIXED (NTFS) - 148 GiB total, 145.445 GiB free.
    H: is Removable
    I: is FIXED (NTFS) - 149 GiB total, 102.94 GiB free.
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1758: 10/23/2012 4:31:36 AM - System Checkpoint
    RP1759: 10/24/2012 5:28:10 AM - System Checkpoint
    RP1760: 10/27/2012 6:00:36 PM - Software Distribution Service 3.0
    RP1761: 10/28/2012 7:58:13 PM - System Checkpoint
    RP1762: 11/1/2012 1:15:32 PM - System Checkpoint
    RP1763: 11/3/2012 3:40:47 PM - Installed Java 7 Update 9
    RP1764: 11/12/2012 3:36:16 AM - System Checkpoint
    RP1765: 11/15/2012 6:01:44 PM - Software Distribution Service 3.0
    RP1766: 11/16/2012 10:04:23 PM - System Checkpoint
    RP1767: 11/17/2012 2:20:02 AM - Installed AVG PC TuneUp
    RP1768: 11/18/2012 10:45:03 PM - System Checkpoint
    RP1769: 11/20/2012 2:47:40 PM - System Checkpoint
    RP1770: 11/22/2012 10:25:34 PM - System Checkpoint
    RP1771: 11/24/2012 8:55:50 PM - System Checkpoint
    RP1772: 11/28/2012 2:29:42 AM - System Checkpoint
    RP1773: 12/10/2012 3:50:40 PM - Removed AVG PC TuneUp
    RP1774: 12/10/2012 3:55:11 PM - Removed AVG PC TuneUp Language Pack (en-US)
    RP1775: 12/12/2012 6:01:14 PM - Software Distribution Service 3.0
    RP1776: 12/13/2012 6:00:30 PM - Software Distribution Service 3.0
    RP1777: 12/14/2012 10:26:32 AM - Software Distribution Service 3.0
    RP1778: 12/14/2012 6:05:09 PM - Installed DirectX
    RP1779: 12/15/2012 5:09:41 PM - Installed AVG 2013
    RP1780: 12/15/2012 5:12:02 PM - Installed AVG 2013
    RP1781: 12/16/2012 10:55:00 AM - Software Distribution Service 3.0
    RP1782: 12/16/2012 8:26:38 PM - Removed Google Earth.
    RP1783: 12/17/2012 9:09:02 PM - System Checkpoint
    RP1784: 12/19/2012 4:04:34 AM - System Checkpoint
    RP1785: 12/21/2012 6:00:33 PM - Software Distribution Service 3.0
    RP1786: 12/22/2012 7:41:36 PM - System Checkpoint
    RP1787: 12/23/2012 10:08:10 PM - System Checkpoint
    RP1788: 12/24/2012 10:50:41 PM - System Checkpoint
    RP1789: 12/26/2012 4:54:49 AM - System Checkpoint
    RP1790: 12/26/2012 12:11:33 PM - Removed iTunes
    RP1791: 12/26/2012 12:47:46 PM - Installed iTunes
    RP1792: 12/27/2012 1:21:34 PM - System Checkpoint
    RP1793: 12/28/2012 3:43:48 PM - System Checkpoint
    RP1794: 12/29/2012 4:27:37 PM - System Checkpoint
    RP1795: 12/30/2012 7:43:27 PM - System Checkpoint
    RP1796: 12/31/2012 10:58:21 PM - System Checkpoint
    RP1797: 1/1/2013 11:03:49 PM - System Checkpoint
    RP1798: 1/3/2013 5:51:02 AM - System Checkpoint
    RP1799: 1/4/2013 12:51:56 PM - System Checkpoint
    RP1800: 1/4/2013 6:00:33 PM - Software Distribution Service 3.0
    RP1801: 1/7/2013 12:58:36 AM - System Checkpoint
    RP1802: 1/7/2013 7:16:56 AM - System Checkpoint
    RP1803: 1/7/2013 6:02:20 PM - Software Distribution Service 3.0
    RP1804: 1/8/2013 7:47:37 PM - System Checkpoint
    RP1805: 1/9/2013 3:13:57 PM - Software Distribution Service 3.0
    RP1806: 1/10/2013 3:23:14 PM - System Checkpoint
    RP1807: 1/11/2013 4:34:40 PM - System Checkpoint
    RP1808: 1/12/2013 5:37:53 PM - System Checkpoint
    RP1809: 1/12/2013 6:00:24 PM - Software Distribution Service 3.0
    RP1810: 1/13/2013 6:42:57 PM - System Checkpoint
    RP1811: 1/14/2013 7:22:04 PM - System Checkpoint
    RP1812: 1/15/2013 6:00:30 PM - Software Distribution Service 3.0
    RP1813: 1/16/2013 6:09:52 PM - System Checkpoint
    RP1814: 1/17/2013 7:04:54 PM - System Checkpoint
    RP1815: 1/18/2013 7:15:54 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Acronis*Disk Director Suite
    Add or Remove Adobe Creative Suite 3 Design Premium
    Adobe Acrobat 5.0
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.3.1 - CPSID_83708
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Design Premium
    Adobe CS4 American English Speech Analysis Models
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe Device Central CS4
    Adobe Dreamweaver CS3
    Adobe Dynamiclink Support
    Adobe Encore CS4
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS3
    Adobe Extension Manager CS4
    Adobe Flash CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files
    Adobe OnLocation CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS3
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader X (10.1.5)
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    AdobeColorCommonSetRGB
    AHV content for Acrobat and Flash
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Any Video Converter 3.2.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 4
    ArcSoft TotalMedia Extreme
    Ask Toolbar
    Ask Toolbar Updater
    Audacity 2.0
    Avery Template
    AVG 2013
    Bing Bar
    Bonjour
    CCleaner
    Conexant HSF V92 56K Data Fax PCI Modem
    ConvertHelper 2.2
    Cool 3GP To MPEG Converter 1.0
    Cool FLV To MPEG Converter 1.0
    Cool MOV To MPEG Converter 1.0
    Cool VOB To MPEG Converter 1.0
    Defraggler
    DesignPro 5.4 Limited Edition
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DVD Architect Pro 5.2
    Finale NotePad 2012
    FLV Converter 3.2
    FTP Commander
    FVD Suite 3.0.0
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToMeeting 4.0.0.320
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB942288-v3)
    iLivid
    InstallMgr
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 33
    Java(TM) 6 Update 7
    JavaFX 2.1.1
    Lexmark 5600-6600 Series
    Lexmark Fax Solutions
    Lexmark Printable Web
    Lexmark Toolbar
    Lexmark Tools for Office
    LiveUpdate 2.5 (Symantec Corporation)
    MahJongg Solitaire 3D
    Memorex exPressit Label Design Studio
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office FrontPage 2003
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Windows Media Video 9 VCM
    Microsoft XML Parser
    Microsoft XNA Framework Redistributable 4.0
    Move Media Player
    Movie Studio Pro Hardware
    Mozilla Firefox 16.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MPlugin_USA
    MSN
    MSN Toolbar
    MSVCRT Redists
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    Norton GoBack 4.02 (Symantec Corporation)
    NVIDIA Display Driver
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Open Yahtzee
    Pando Media Booster
    PDF Settings
    Photoshop Camera Raw
    QuickTime
    Recuva
    Roxio Easy Media Creator 8 Suite
    Sea Battle
    Seagate*DiscWizard
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB982132)
    Shareaza 2.4.0.0
    SmartMusic 2011
    SOAP3 and XML4
    SoftV90 Data Fax Modem
    Sony ACID Music Studio 7.0
    Sony DVD Architect 4.0
    Sony Media Manager 2.2
    Sony Vegas 7.0
    Sound Blaster Live! Web 2K/XP
    Spotify
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    swMSM
    System Requirements Lab
    TWC User Controls
    Unlocker 1.8.8
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB971029)
    VASST PIPSelection 1.2.0
    VC80CRTRedist - 8.0.50727.6195
    Viewpoint Media Player
    Web-Based Email Tools
    WebFldrs XP
    Windows Defender
    Windows Driver Package - MARS (MR97310_USB_DUAL_CAMERA) Image (12/03/2002 1.2.9.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Presentation Foundation
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Service Pack 3
    WinZip 11.2
    Xara Dreamweaver Extension 1.02
    Xara FrontPage Add-in 1.01
    Xara Webstyle 4
    Xara Xtreme 3.2
    Xara Xtreme 5
    Xara3D6
    XML Paper Specification Shared Components Pack 1.0
    Xvid 1.2.1 final uninstall
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Messenger
    Zoo Tycoon 2 - Ultimate Collection
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/14/2013 7:36:37 PM, error: System Error [1003] - Error code 00000050, parameter1 e17a901c, parameter2 00000000, parameter3 bf82ebc1, parameter4 00000001.
    1/12/2013 6:23:32 PM, error: DM9102 [5002] - \DEVICE\{5CEBA84A-7B8C-48E9-B923-387B1EFACEC8} : Has determined that the adapter is not functioning properly.
    1/12/2013 6:21:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    1/12/2013 6:20:45 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    1/12/2013 6:20:45 PM, error: Service Control Manager [7000] - The WebCamDV DV to Webcam Converter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/12/2013 6:20:45 PM, error: Service Control Manager [7000] - The TrackerCam Video Capture Driver 4.0 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/12/2013 4:52:12 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================

    GMER LOG

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-18 22:33:17
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 rev. 298.09GB
    Running: bezndinu.exe; Driver: C:\DOCUME~1\Donnie\LOCALS~1\Temp\uwtdipow.sys


    ---- System - GMER 2.0 ----

    SSDT GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) ZwClose [0xF7440EC0]
    SSDT GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) ZwFsControlFile [0xF7440F50]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xBA6DD14A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xBA6DD21A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBA6DCD7C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0xBA6DCF6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0xBA6DD000]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xBA6DCE32]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBA6DCECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBA6DD09C]

    ---- Kernel code sections - GMER 2.0 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB92D6340, 0x121A5F, 0xF8000020]
    .text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
    ? C:\DOCUME~1\Donnie\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 44, 16, 00] {SUB [ESI+EDX+0x0], AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 47, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 44, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 45, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC5E
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 46, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 45, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 46, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ECCF
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 44, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDFD
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 45, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 46, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 47, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3156] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B911326
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B911397
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9114C5
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, 3D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 78, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7B, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 78, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 79, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913792
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7A, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 79, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7A, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913803
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 78, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913931
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 79, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7A, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7B, 61, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes CALL 5F8FD156
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EB, 9D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes CALL 5F8FD646
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes JMP 5F8FD6A6
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917402
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes JMP E2FF009D
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes JMP 5F8FD706
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes JMP E2FF009D
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917473
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes CALL 5F8FD7B6
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9175A1
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes JMP 5F8FDD06
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes JMP E2FF009D
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EB, 9D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4716] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 90, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 93, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 90, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 91, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C9AA
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 92, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 91, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 92, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CA1B
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 90, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CB49
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 91, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 92, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 93, F3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5008] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A49A
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A50B
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A639
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, CE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\ControlSet001\Control\Session [email protected] ???H?????????????H???????????I???;???????????P???l??????:\???????O???a???????????&????8??I?????????????????H????? ???????H?????????????F??????(???????????????s36E??C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour?o??usb\class_06&subclass_01&prot_01?????????P???6???????6???_??DiskDrive???? ???????H???????????????????????????????f??C:\Documents and Settings\Donnie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin????PCI\VEN_123F&DEV_8120&SUBSYS_00021655&REV_B1\5&139d2370&0&4060F0?3??????!?????????????????????????N??P???????e????6??O???i??r?????X??N???K???e???????????5???????????5???????J???6???????6???????????????5?=?=???6?6?B?B?B?B?B?B?B?B?B?G?G??????USB?????? ???????G???????????7?????????????????PPe??? 0??J?????????8????????????????????????C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:printer Status Window Interface?????.??N??????l???{36FC9E60-C465-11CF-8056-444553540000}??nc???????0???O???O??mr97310c.sys?\??139:TCP:Loc
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -2110066406
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30275035
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -2109910156
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30275035
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-1965331169-1801674531-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 553879818
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-1965331169-1801674531-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30275042
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-1965331169-1801674531-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 554036068
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-73586283-1965331169-1801674531-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30275042
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\[email protected] 1110509976
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\[email protected] 1110515378
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109AB0090400000000000F01FEC\[email protected]_1033 1110509975
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA330100007706000000000030\[email protected] 1110515295
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040711900063D11C8EF10054038389C\[email protected] 1110512812
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040711900063D11C8EF10054038389C\[email protected] 1110517492
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AFCA67F1EF226F94CB504FCE38F584CC\[email protected] 1110513114
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EE109868708798F41A43C707D5439FF1\[email protected] 1110513502
    Reg HKLM\SOFTWARE\Classes\[email protected] SpybotSD.DisabledFile
    Reg HKLM\SOFTWARE\Classes\[email protected] SpybotSD.SBEFile
    Reg HKLM\SOFTWARE\Classes\[email protected] SpybotSD.SBIFile
    Reg HKLM\SOFTWARE\Classes\[email protected] SpybotSD.SBSFile
    Reg HKLM\SOFTWARE\Classes\[email protected] SpybotSD.TInfoFile
    Reg HKLM\SOFTWARE\Classes\[email protected] SpybotSD.UTIFile
    Reg HKLM\SOFTWARE\Classes\[email protected] SpybotSD.UTSFile
    Reg HKLM\SOFTWARE\Classes\[email protected] MBAMShlExt Class
    Reg HKLM\SOFTWARE\Classes\MBAMExt.MBAMShlExt\CLSID
    Reg HKLM\SOFTWARE\Classes\MBAMExt.MBAMShlExt\[email protected] {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    Reg HKLM\SOFTWARE\Classes\MBAMExt.MBAMShlExt\CurVer
    Reg HKLM\SOFTWARE\Classes\MBAMExt.MBAMShlExt\[email protected] MBAMExt.MBAMShlExt.1
    Reg HKLM\SOFTWARE\Classes\[email protected] MBAMShlExt Class
    Reg HKLM\SOFTWARE\Classes\MBAMExt.MBAMShlExt.1\CLSID
    Reg HKLM\SOFTWARE\Classes\MBAMExt.MBAMShlExt.1\[email protected] {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    Reg HKLM\SOFTWARE\Classes\[email protected] Disabled startup file
    Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\[email protected] "C:\Program Files\Spybot - Search & Destroy\blindman.exe",0
    Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell
    Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open
    Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open\[email protected] "C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
    Reg HKLM\SOFTWARE\Classes\[email protected] Spyware exclude file
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\De[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
    Reg HKLM\SOFTWARE\Classes\[email protected] Spyware include file
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
    Reg HKLM\SOFTWARE\Classes\[email protected] Spyware supplemental file
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
    Reg HKLM\SOFTWARE\Classes\[email protected] Internal informations
    Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
    Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell
    Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open
    Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\open\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
    Reg HKLM\SOFTWARE\Classes\[email protected] Usage tracks include file
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
    Reg HKLM\SOFTWARE\Classes\[email protected] Usage tracks supplemental file
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open\[email protected] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1"
    Reg HKLM\SOFTWARE\Classes\[email protected] SSubTimer6.CTimer
    Reg HKLM\SOFTWARE\Classes\SSubTimer6.CTimer\Clsid
    Reg HKLM\SOFTWARE\Classes\SSubTimer6.CTimer\[email protected] {71A27034-C7D8-11D2-BEF8-525400DFB47A}
    Reg HKLM\SOFTWARE\Classes\[email protected] SSubTimer6.GSubclass
    Reg HKLM\SOFTWARE\Classes\SSubTimer6.GSubclass\Clsid
    Reg HKLM\SOFTWARE\Classes\SSubTimer6.GSubclass\[email protected] {71A27032-C7D8-11D2-BEF8-525400DFB47A}
    Reg HKLM\SOFTWARE\Classes\[email protected] SSubTimer6.ISubclass
    Reg HKLM\SOFTWARE\Classes\SSubTimer6.ISubclass\Clsid
    Reg HKLM\SOFTWARE\Classes\SSubTimer6.ISubclass\[email protected] {71A2702F-C7D8-11D2-BEF8-525400DFB47A}
    Reg HKLM\SOFTWARE\Classes\[email protected] vbAcceleratorSGrid6.cGridCell
    Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridCell\Clsid
    Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridCell\[email protected] {9BD3A001-42A2-491E-AACA-9512F6CF4CDB}
    Reg HKLM\SOFTWARE\Classes\[email protected] vbAcceleratorSGrid6.cGridSortObject
    Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridSortObject\Clsid
    Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridSortObject\[email protected] {D2129738-6A78-4BCB-915A-412982CAA23D}
    Reg HKLM\SOFTWARE\Classes\[email protected] vbAcceleratorSGrid6.IGridCellOwnerDraw
    Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid
    Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.IGridCellOwnerDraw\[email protected] {DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}
    Reg HKLM\SOFTWARE\Classes\[email protected] vbAccelerator Grid Control
    Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.vbalGrid\Clsid
    Reg HKLM\SOFTWARE\Classes\vbAcceleratorSGrid6.vbalGrid\[email protected] {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

    ---- Disk sectors - GMER 2.0 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 2.0 ----
     
  2. DonnieR

    DonnieR Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    5
    Bump to Top
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085896

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice