1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PUP malware detected

Discussion in 'Virus & Other Malware Removal' started by STIG_DH, Jan 25, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    Hi
    PC performance took a real downturn recently. I undertook a Malwarebytes full scan and found PUP.Mywebsearch:


    HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Quarantined and deleted successfully.

    I deleted as the above indicates, then checked online about this and found that it is very difficult to remove (Malwarebytes only tool that detects it but won't remove it). It now takes forever to load browsers (firefox won't even load unless I close down and reboot) and the PC performance is worse

    Many thanks in advance for your help in restoring life back to my PC! :)

    HJT, dds and attach logfiles posted below.
    ark.txt to follow


    HJT log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:05:14, on 25/01/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Sony\Network Utility\NSUService.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\system32\stacsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Device Center\itype.exe
    C:\Program Files\Microsoft Device Center\ipoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Sony\Network Utility\LANUtil.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
    C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
    C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe
    C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
    C:\Program Files\Sony\VAIO Update\VUAgent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
    C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\David\Downloads\HijackThis.exe

    dds log

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by David at 18:09:39 on 2013-01-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2046.595 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Sony\Network Utility\NSUService.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\system32\stacsv.exe
    C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Device Center\itype.exe
    C:\Program Files\Microsoft Device Center\ipoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Sony\Network Utility\LANUtil.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
    C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
    C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe
    C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
    C:\Program Files\Sony\VAIO Update\VUAgent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
    C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\notepad.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=hp
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.club-vaio.com
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\google bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [Hobbyist Software On-Off Helper] "c:\program files\hobbyist software\off-helper\Off-Helper Configuration.exe" /startup
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IntelliType Pro] "c:\program files\microsoft device center\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft device center\ipoint.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\david\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
    StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\purefl~1.lnk - c:\program files\pure flow server\twonkymediaserverconfig.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\purefl~1.lnk - c:\program files\pure flow server\twonkymediaserverconfig.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8} : NameServer = 192.168.2.1,89.16.173.11
    TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}\84F6D656 : NameServer = 192.168.2.1,89.16.173.11
    TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}\84F6D656 : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5} : DHCPNameServer = 192.168.2.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\wf9gy7j5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2354614&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=hp
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=ku&q=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\users\david\appdata\roaming\mozilla\firefox\profiles\wf9gy7j5.default\extensions\[email protected]\components\cooliris.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\mozilla plugins\npitunes.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\sony\media go\npmediago.dll
    FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
    FF - plugin: c:\users\david\appdata\roaming\mozilla\firefox\profiles\wf9gy7j5.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\users\david\appdata\roaming\mozilla\plugins\npatgpc.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - ExtSQL: 2013-01-16 11:18; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
    FF - ExtSQL: !HIDDEN! 2009-08-21 07:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-18 217032]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-12-23 65848]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-2 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-2 361032]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-25 26984]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
    R1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-29 272216]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-12-23 71480]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-12-23 166840]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-2 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-2 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-20 44808]
    R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-10-8 299008]
    R2 Off-Helper;Off-Helper;c:\program files\hobbyist software\off-helper\Off-Helper Service.exe [2011-3-13 6656]
    R2 PURE Flow Server;PURE Flow Server;c:\program files\pure flow server\twonkymediaserverwatchdog.exe -serviceversion 0 --> c:\program files\pure flow server\twonkymediaserverwatchdog.exe -serviceversion 0 [?]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-12-23 976728]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-10-4 17408]
    R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [2007-12-18 841472]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-12-18 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-12-18 43904]
    R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2012-10-29 21520]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-18 9344]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-12-18 812544]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-2 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-8-9 12400]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-18 30192]
    S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-10-7 21504]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
    S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-5-16 155320]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-28 52224]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== File Associations ===============
    .
    ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-25 15:46:40 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{50b6b934-4861-4920-9c23-8d9ba8608c67}\offreg.dll
    2013-01-25 15:41:52 -------- d-----w- c:\users\david\appdata\local\WinZip
    2013-01-25 15:38:38 -------- d-----w- c:\users\david\appdata\local\AVG Secure Search
    2013-01-25 15:38:32 -------- d-----w- c:\programdata\AVG Secure Search
    2013-01-25 15:38:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-01-25 15:38:13 -------- d-----w- c:\program files\common files\AVG Secure Search
    2013-01-25 15:38:12 -------- d-----w- c:\program files\AVG Secure Search
    2013-01-25 09:23:40 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{50b6b934-4861-4920-9c23-8d9ba8608c67}\mpengine.dll
    2013-01-24 11:09:17 -------- d-----w- c:\users\david\appdata\local\Programs
    2013-01-20 13:42:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-16 11:18:56 -------- d-----w- c:\users\david\appdata\roaming\RealNetworks
    2013-01-16 11:18:04 -------- d-----w- c:\program files\RealNetworks
    2013-01-16 11:17:59 -------- d-----w- c:\programdata\RealNetworks
    2013-01-16 11:17:48 -------- d-----w- c:\program files\common files\xing shared
    2013-01-09 12:39:41 626688 ----a-w- c:\windows\system32\usp10.dll
    2013-01-09 12:39:37 2345984 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 12:39:35 492032 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 12:39:08 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 12:37:43 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2013-01-09 12:36:32 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 12:36:28 49152 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-04 18:26:13 -------- d-----w- c:\users\david\appdata\local\ElevatedDiagnostics
    .
    ==================== Find3M ====================
    .
    2013-01-20 13:47:29 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-20 13:47:29 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-20 13:47:14 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2013-01-16 11:17:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-01-16 11:17:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-12-23 22:13:34 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-20 19:15:19 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-11-20 19:15:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
    2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
    2012-01-16 17:22:16 293736 ----a-w- c:\program files\iTunesOutlookAddIn.dll
    2012-01-16 17:22:12 421736 ----a-w- c:\program files\iTunesHelper.exe
    2012-01-16 17:22:12 403304 ----a-w- c:\program files\iTunesAdmin.dll
    2012-01-16 17:22:12 156520 ----a-w- c:\program files\iTunesHelper.dll
    2012-01-16 17:22:12 124776 ----a-w- c:\program files\iTunesMiniPlayer.dll
    2012-01-16 17:22:08 9777000 ----a-w- c:\program files\iTunes.exe
    2012-01-16 17:22:04 20868968 ----a-w- c:\program files\iTunes.dll
    2012-01-16 17:22:02 803200 ----a-w- c:\program files\gnsdk_sdkmanager.dll
    2012-01-16 17:22:02 3035520 ----a-w- c:\program files\gnsdk_dsp.dll
    2012-01-16 17:22:02 287104 ----a-w- c:\program files\gnsdk_submit.dll
    2012-01-16 17:22:02 246144 ----a-w- c:\program files\gnsdk_musicid.dll
    2012-01-16 17:22:02 2010984 ----a-w- c:\program files\iPodUpdaterExt.dll
    2011-11-14 20:16:44 112488 ----a-w- c:\program files\ITDetector.ocx
    .
    ============= FINISH: 18:11:43.86 ===============

    attach log

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 27/01/2012 20:54:30
    System Uptime: 25/01/2013 13:46:36 (5 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | N/A | 2101/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 455 GiB total, 306.685 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP152: 08/01/2013 09:15:47 - Windows Update
    RP153: 09/01/2013 22:08:07 - Windows Update
    RP154: 15/01/2013 14:45:41 - Windows Update
    RP155: 20/01/2013 13:39:27 - Installed Java 7 Update 11
    RP156: 21/01/2013 19:44:09 - Installed Media Go Video Playback Engine 1.96.112.08260
    RP157: 22/01/2013 12:35:10 - Windows Update
    RP158: 25/01/2013 15:38:55 - Installed WinZip 17.0
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    .NET Utilities
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 6.0
    Adobe Reader X (10.1.5)
    Adobe Shockwave Player 11.5
    Age of Empires III
    ALDI Print Software
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AppMon Utility
    ArcSoft Magic-i Visual Effects
    Atlantis - Sky Patrol (remove only)
    avast! Free Antivirus
    AVG Security Toolbar
    Big Fish Games Center
    Big Fish Games Sudoku (remove only)
    Bonjour
    Browser Address Error Redirector
    Browser Defender 2.0.6.15
    calibre
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Inkjet Printer Driver Add-On Module
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon My Printer
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.5
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    CD-LabelPrint
    Cisco WebEx Meetings
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Click to Disc
    Click to Disc Editor
    Corel WinDVD
    D3DX10
    Disc2Phone
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    Dropbox
    DSD Direct
    DSD Direct Player
    DSD Playback Plug-in
    Evernote v. 4.5.10
    Garmin BaseCamp
    Garmin Communicator Plugin
    Garmin POI Loader
    Garmin USB Drivers
    Garmin WebUpdater
    GearDrvs
    Google Chrome
    Google Desktop
    Google Drive
    Google Earth
    Google Update Helper
    Google Updater
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    HijackThis 2.0.2
    IDT Audio
    iTunes
    Java 7 Update 11
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 30
    Junk Mail filter update
    Kobo
    Mahjong Towers Eternity (remove only)
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee Security Scan Plus
    Media Go
    Media Go Video Playback Engine 1.96.112.08260
    Mesh Runtime
    Messenger Companion
    Metalogic Finance Explorer 4.0.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Works
    Mobile Mouse Server
    Mozilla Firefox 18.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Club VAIO
    MyPoi Manager
    Mystery Case Files - Prime Suspects (remove only)
    Norton 360
    NVIDIA Drivers
    Off-Helper 3.03
    OGA Notifier 2.0.0048.0
    OpenMG Limited Patch 4.7-07-15-19-01
    OpenMG Secure Module 4.7.00
    OpenOffice.org 3.3
    Picasa 3
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    PrimoPDF -- brought to you by Nitro PDF Software
    PS3 Media Server
    PURE Flow Server
    QuickTime
    Quo v2
    Rapport
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    RealUpgrade 1.1
    Revo Uninstaller 1.92
    Roxio Activation Module
    Roxio Easy Media Creator Home
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Segoe UI
    Setting Utility Series
    Shockwave
    Sid Meier's Civilization 4 Complete
    Sierra Utilities
    Skype™ 6.0
    SonicStage Mastering Studio
    SonicStage Mastering Studio Audio Filter
    SonicStage Mastering Studio Audio Filter Custom Preset
    SonicStage Mastering Studio Plugins
    Sony Ericsson Update Engine
    Sony PC Companion 2.10.115
    Sony Video Shared Library
    Spelling Dictionaries Support For Adobe Reader 8
    Symyx Draw 4.0.100
    System Requirements Lab
    Uniblue ProcessQuickLink 2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VAIO BD Menu Data
    VAIO Camera Capture Utility
    VAIO Content Folder Setting
    VAIO Content Metadata Manager Settings
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO Database Converter 1.0
    VAIO Database Converter Ver 1.0
    VAIO DVD Menu Data Basic
    VAIO Entertainment Platform
    VAIO Event Service
    Vaio Marketing Tools
    VAIO Media
    VAIO Media 6.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Content Collection 6.0
    VAIO Media Integrated Server 6.1
    VAIO Media Redistribution 6.0
    VAIO Media Registration Tool
    VAIO Media Registration Tool 6.0
    VAIO Movie Story
    VAIO Movie Story 1.3 Upgrade
    VAIO Movie Story 1.5 Upgrade
    VAIO Movie Story Template Data
    VAIO MusicBox
    VAIO MusicBox Sample Music
    VAIO Original Function Settings
    VAIO Power Management
    VAIO Smart Network
    VAIO Update
    VAIO Wallpaper Contents
    VC80CRTRedist - 8.0.50727.4053
    Virtual Villagers (remove only)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VU5x86
    WD SmartWare
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinZip 17.0
    Yahoo! Detect
    .
    ==== End Of File ===========================
     
  2. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    and the GMER ark.txt logfile.......

    NB this was scanned with IAT/EAT unchecked


    ark.txt log file

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-25 18:28:37
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST350083 rev.3.AA 465.76GB
    Running: 3dv0l9nk.exe; Driver: C:\Users\David\AppData\Local\Temp\pgloapod.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8EF264BA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E9B5C22]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8E8DC0DA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8EF31FA8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8EF31FF4]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8E8DCCA6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8EF32176]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8EF31F16]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x89172EEE]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x891730E0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E9B5FA6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8EF31F5E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8EF2711C]
    SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ZwCreateThreadEx [0x891D56C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8EF32130]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x891732E8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8EF2793E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8EF26508]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8E8DCEB8]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8E8E0714]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8E8E0756]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E9B5CEA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E9B43EC]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8E8E08FA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8EF26556]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8EF2B534]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8EF283A6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8EF31FD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8EF32016]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8E8DCDCA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8EF3219A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8EF31F3C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8E8DC282]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8EF320BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8EF31F86]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8E8DC482]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8EF32154]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E9B5E4A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8EF28272]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8E8E085E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8EF27F86]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8E8E07A8]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8E8E07EA]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8E8E0824]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8EF265A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8EF265F2]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8E8DC068]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8E8DCF6A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8EF261FA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8EF263AA]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8E8E069C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8EF26350]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8EF27AF8]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8E8DBFE6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8EF2641A]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x89172B5C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8E8DBF46]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8E9B441C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8EF26640]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E9B5D96]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83042A49 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307C4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83083500 4 Bytes [BA, 64, F2, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83083528 4 Bytes [22, 5C, 9B, 8E] {AND BL, [EBX+EBX*4-0x72]}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83083588 4 Bytes [DA, C0, 8D, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 830835DC 16 Bytes [A8, 1F, F3, 8E, F4, 1F, F3, ...]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83083604 4 Bytes [16, 1F, F3, 8E]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83211C88 5 Bytes JMP 8E9CBCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject + 27 8322A2B0 5 Bytes JMP 8E9CD828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8323F3F7 4 Bytes CALL 8EF28A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8325920E 4 Bytes CALL 8EF28AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91211360, 0x35B0A2, 0xE8000020]
    ? C:\Users\David\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    .text user32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes [E9, 0A, 5C, 2E, 8A] {JMP 0x8a2e5c0f}
    .text user32.dll!UnhookWinEvent 7601B750 5 Bytes [E9, A7, 4C, 2E, 8A] {JMP 0x8a2e4cac}
    .text user32.dll!SetWindowsHookExW 7601E30C 5 Bytes [E9, F3, 24, 2E, 8A] {JMP 0x8a2e24f8}
    .text user32.dll!SetWinEventHook 760224DC 5 Bytes [E9, 17, DD, 2D, 8A] {JMP 0x8a2ddd1c}
    .text user32.dll!SetWindowsHookExA 76046D0C 5 Bytes [E9, EF, 98, 2B, 8A] {JMP 0x8a2b98f4}
    .text kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text sechost.dll!SetServiceObjectSecurity 75825181 5 Bytes [E9, 8E, BE, AC, 8A] {JMP 0x8aacbe93}
    .text sechost.dll!ChangeServiceConfigA 75825254 5 Bytes [E9, AB, B5, AC, 8A] {JMP 0x8aacb5b0}
    .text sechost.dll!ChangeServiceConfigW 758253D5 5 Bytes [E9, 2E, B6, AC, 8A] {JMP 0x8aacb633}
    .text sechost.dll!ChangeServiceConfig2A 758254C2 5 Bytes [E9, 45, B7, AC, 8A] {JMP 0x8aacb74a}
    .text sechost.dll!ChangeServiceConfig2W 758255E2 5 Bytes [E9, 29, B8, AC, 8A] {JMP 0x8aacb82e}
    .text sechost.dll!CreateServiceA 7582567C 5 Bytes [E9, 77, AB, AC, 8A] {JMP 0x8aacab7c}
    .text sechost.dll!CreateServiceW 7582589F 5 Bytes [E9, 58, AB, AC, 8A] {JMP 0x8aacab5d}
    .text sechost.dll!DeleteService 75825A22 5 Bytes [E9, D9, AB, AC, 8A] {JMP 0x8aacabde}
     
  3. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    ....hopefully


    ---- User code sections - GMER 2.0 ----

    .text C:\Windows\system32\svchost.exe[420] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Sony\Network Utility\NSUService.exe[444] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\csrss.exe[468] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[540] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\csrss.exe[552] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text ...
    .text C:\Program Files\Microsoft Device Center\itype.exe[728] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000803FC
    .text C:\Program Files\Microsoft Device Center\itype.exe[728] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000801F8
    .text C:\Program Files\Microsoft Device Center\itype.exe[728] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00150A08
    .text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001503FC
    .text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00150804
    .text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001501F8
    .text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00150600
    .text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] ntdll.dll!KiUserApcDispatcher 77176F38 5 Bytes JMP 00414FF0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] WS2_32.dll!getaddrinfo 77284296 5 Bytes JMP 71A50022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] WS2_32.dll!gethostbyname 77297673 5 Bytes JMP 71AE0022
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[956] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
    .text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
    .text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08
    .text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC
    .text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804
    .text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8
    .text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600
    .text C:\Windows\System32\rundll32.exe[1032] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC
    .text C:\Windows\System32\rundll32.exe[1032] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8
    .text C:\Windows\System32\rundll32.exe[1032] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\System32\rundll32.exe[1032] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Windows\System32\rundll32.exe[1032] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Windows\System32\rundll32.exe[1032] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Windows\System32\rundll32.exe[1032] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Windows\System32\rundll32.exe[1032] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] ntdll.dll!KiUserApcDispatcher 77176F38 5 Bytes JMP 0043A7C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] WS2_32.dll!getaddrinfo 77284296 5 Bytes JMP 71A50022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] WS2_32.dll!gethostbyname 77297673 5 Bytes JMP 71AE0022
    .text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1304] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1364] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1452] kernel32.dll!SetUnhandledExceptionFilter 75C2F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1452] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00180A08
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001803FC
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00180804
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001801F8
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00180600
    .text C:\Windows\System32\spoolsv.exe[1596] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\notepad.exe[1620] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC
    .text C:\Windows\notepad.exe[1620] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8
    .text C:\Windows\notepad.exe[1620] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\notepad.exe[1620] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00240A08
    .text C:\Windows\notepad.exe[1620] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002403FC
    .text C:\Windows\notepad.exe[1620] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00240804
    .text C:\Windows\notepad.exe[1620] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002401F8
    .text C:\Windows\notepad.exe[1620] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00240600
    .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1752] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1808] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1844] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 94, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 97, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 94, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 95, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76185738 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 96, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 95, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 96, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761857C9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 94, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 76185987 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 95, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 96, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 97, F9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 010603FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 010601F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 01180A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 011803FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 01180804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 011801F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 01180600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1864] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\stacsv.exe[1912] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\taskhost.exe[1944] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000803FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000801F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00090A08
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000903FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00090804
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000901F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00090600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 002003FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 002001F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00220A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002203FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00220804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002201F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00220600
    .text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC
    .text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8
    .text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000A0A08
    .text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000A03FC
    .text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000A0804
    .text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000A01F8
    .text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000A0600
    .text C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe[2136] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2160] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Windows\system32\taskeng.exe[2160] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Windows\system32\taskeng.exe[2160] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2160] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00130A08
    .text C:\Windows\system32\taskeng.exe[2160] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001303FC
    .text C:\Windows\system32\taskeng.exe[2160] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00130804
    .text C:\Windows\system32\taskeng.exe[2160] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001301F8
    .text C:\Windows\system32\taskeng.exe[2160] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00130600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, C4, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, C7, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, C4, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, C5, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76186368 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, C6, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, C5, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, C6, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761863F9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, C4, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761865B7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, C5, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, C6, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, C7, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 010B03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 010B01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 01240A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 012403FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 01240804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 012401F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 01240600
    .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[2220] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[2296] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[2428] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600
    .text C:\Windows\system32\taskeng.exe[2472] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Windows\system32\taskeng.exe[2472] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Windows\system32\taskeng.exe[2472] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2472] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000F0A08
    .text C:\Windows\system32\taskeng.exe[2472] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000F03FC
    .text C:\Windows\system32\taskeng.exe[2472] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000F0804
    .text C:\Windows\system32\taskeng.exe[2472] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\taskeng.exe[2472] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000F0600
    .text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2552] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2724] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\Explorer.EXE[2880] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC
    .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8
    .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2972] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2972] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2972] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00140A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001403FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00140804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001401F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00140600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, B4, E6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, B7, E6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, B4, E6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, B5, E6, 00] {TEST AL, 0xb5; OUT 0x0, AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76184458 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, B6, E6, 00] {TEST AL, 0xb6; OUT 0x0, AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, B5, E6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, B6, E6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761844E9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, B4, E6, 00] {TEST AL, 0xb4; OUT 0x0, AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761846A7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, B5, E6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, B6, E6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, B7, E6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00EB03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00EB01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00ED0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00ED03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00ED0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00ED01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00ED0600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001F03FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001F01F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00210A08
     
  4. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002103FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00210804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002101F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00210600
    .text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
    .text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
    .text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC
    .text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804
    .text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, C4, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, C7, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, C4, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, C5, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76183468 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, C6, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, C5, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, C6, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761834F9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, C4, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761836B7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, C5, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, C6, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, C7, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00E103FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00E101F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00E20A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00E203FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00E20804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00E201F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00E20600
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000D03FC
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000D01F8
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] KERNEL32.dll!SetUnhandledExceptionFilter 75C2F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000E0A08
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000E03FC
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000E0804
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000E01F8
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000E0600
    .text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
    .text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
    .text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08
    .text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC
    .text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804
    .text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8
    .text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600
    .text C:\Windows\system32\svchost.exe[3400] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3472] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\System32\rundll32.exe[3480] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC
    .text C:\Windows\System32\rundll32.exe[3480] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8
    .text C:\Windows\System32\rundll32.exe[3480] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\System32\rundll32.exe[3480] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Windows\System32\rundll32.exe[3480] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Windows\System32\rundll32.exe[3480] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Windows\System32\rundll32.exe[3480] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Windows\System32\rundll32.exe[3480] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Windows\System32\WUDFHost.exe[3484] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Drive\googledrivesync.exe[3520] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
    .text C:\Program Files\Google\Drive\googledrivesync.exe[3520] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
    .text C:\Program Files\Google\Drive\googledrivesync.exe[3520] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC
    .text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804
    .text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600
    .text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000F0A08
    .text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000F03FC
    .text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000F0804
    .text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000F01F8
    .text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000F0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00300A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 003003FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00300804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 003001F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00300600
    .text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00180A08
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001803FC
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00180804
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001801F8
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00180600
    .text C:\Windows\system32\NOTEPAD.EXE[3996] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Windows\system32\NOTEPAD.EXE[3996] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Windows\system32\NOTEPAD.EXE[3996] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00A703FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00A701F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00AA0A08
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00AA03FC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00AA0804
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00AA01F8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00AA0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, AC, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, AF, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, AC, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, AD, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, AE, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, AD, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, AE, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, AC, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, AD, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, AE, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, AF, 64, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 008103FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 008101F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00830A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 008303FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00830804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 008301F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00830600
    .text C:\Program Files\Google\Drive\googledrivesync.exe[4444] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC
    .text C:\Program Files\Google\Drive\googledrivesync.exe[4444] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8
    .text C:\Program Files\Google\Drive\googledrivesync.exe[4444] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00180A08
    .text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001803FC
    .text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00180804
    .text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001801F8
    .text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00180600
    .text C:\Windows\System32\svchost.exe[4668] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001203FC
    .text C:\Windows\System32\svchost.exe[4668] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001201F8
    .text C:\Windows\System32\svchost.exe[4668] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[4668] user32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00140A08
    .text C:\Windows\System32\svchost.exe[4668] user32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001403FC
    .text C:\Windows\System32\svchost.exe[4668] user32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00140804
    .text C:\Windows\System32\svchost.exe[4668] user32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001401F8
    .text C:\Windows\System32\svchost.exe[4668] user32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00140600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, B4, B2, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, B7, B2, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, B4, B2, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, B5, B2, 00] {TEST AL, 0xb5; MOV DL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76181058 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, B6, B2, 00] {TEST AL, 0xb6; MOV DL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, B5, B2, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, B6, B2, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761810E9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, B4, B2, 00] {TEST AL, 0xb4; MOV DL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761812A7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, B5, B2, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, B6, B2, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, B7, B2, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00CF03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00CF01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00D50A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00D503FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00D50804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00D501F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00D50600
    .text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
    .text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
    .text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC
    .text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804
    .text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 04, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 07, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 04, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 05, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 761800A8 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 06, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 05, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 06, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 76180139 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 04, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761802F7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 05, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 06, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 07, A3, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00AF03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00AF01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00B60A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00B603FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00B60804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00B601F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00B60600
    .text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC
    .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8
    .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Windows\system32\taskhost.exe[4832] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000A03FC
     
  5. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    .text C:\Windows\system32\taskhost.exe[4832] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\taskhost.exe[4832] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\taskhost.exe[4832] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00220A08
    .text C:\Windows\system32\taskhost.exe[4832] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002203FC
    .text C:\Windows\system32\taskhost.exe[4832] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00220804
    .text C:\Windows\system32\taskhost.exe[4832] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002201F8
    .text C:\Windows\system32\taskhost.exe[4832] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00220600
    .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 002E03FC
    .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 002E01F8
    .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] KERNEL32.dll!SetUnhandledExceptionFilter 75C2F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 002F0A08
    .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002F03FC
    .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 002F0804
    .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002F01F8
    .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 002F0600
    .text C:\Windows\system32\SearchIndexer.exe[5100] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC
    .text C:\Windows\system32\SearchIndexer.exe[5100] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[5100] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00090A08
    .text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000903FC
    .text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00090804
    .text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000901F8
    .text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00090600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, D8, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, DB, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, D8, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, D9, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 7618347C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, DA, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, D9, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, DA, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 7618350D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, D8, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761836CB C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, D9, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, DA, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, DB, D6, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00DC03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00DC01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00DE0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00DE03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00DE0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00DE01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00DE0600
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000D03FC
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000D01F8
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Windows\System32\svchost.exe[5488] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Windows\System32\svchost.exe[5488] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Windows\System32\svchost.exe[5488] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[5488] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Windows\System32\svchost.exe[5488] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Windows\System32\svchost.exe[5488] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Windows\System32\svchost.exe[5488] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Windows\System32\svchost.exe[5488] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Windows\system32\conhost.exe[5520] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\conhost.exe[5520] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\conhost.exe[5520] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\conhost.exe[5520] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\conhost.exe[5520] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\conhost.exe[5520] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000C0804
    .text C:\Windows\system32\conhost.exe[5520] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\conhost.exe[5520] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000C0600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00140A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001403FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00140804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001401F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00140600
    .text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001F03FC
    .text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001F01F8
    .text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08
    .text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC
    .text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804
    .text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8
    .text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, A4, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, A7, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, A4, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, A5, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76181A48 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, A6, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, A5, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, A6, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 76181AD9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, A4, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 76181C97 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, A5, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, A6, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, A7, BC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00C903FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00C901F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00CB0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00CB03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00CB0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00CB01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00CB0600
    .text C:\Windows\system32\NOTEPAD.EXE[6496] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Windows\system32\NOTEPAD.EXE[6496] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Windows\system32\NOTEPAD.EXE[6496] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Users\David\Downloads\3dv0l9nk.exe[6788] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC
    .text C:\Users\David\Downloads\3dv0l9nk.exe[6788] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8
    .text C:\Users\David\Downloads\3dv0l9nk.exe[6788] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00300A08
    .text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 003003FC
    .text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00300804
    .text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 003001F8
    .text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00300600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, D8, 8B, 00] {SUB AL, BL; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, DB, 8B, 00] {SUB BL, BL; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, D8, 8B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, D9, 8B, 00] {TEST AL, 0xd9; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, DA, 8B, 00] {TEST AL, 0xda; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, D9, 8B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, DA, 8B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, D8, 8B, 00] {TEST AL, 0xd8; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, D9, 8B, 00] {SUB CL, BL; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, DA, 8B, 00] {SUB DL, BL; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, DB, 8B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 009803FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 009801F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 009A0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 009A03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 009A0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 009A01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 009A0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 7C, 77, 00] {SUB [EDI+ESI*2+0x0], BH}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 7F, 77, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 7C, 77, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 7D, 77, 00] {TEST AL, 0x7d; JA 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 7E, 77, 00] {TEST AL, 0x7e; JA 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 7D, 77, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 7E, 77, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 7C, 77, 00] {TEST AL, 0x7c; JA 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 7D, 77, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 7E, 77, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 7F, 77, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 008403FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 008401F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00860A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 008603FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00860804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 008601F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00860600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 98, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 9B, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 98, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 99, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 7618053C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 9A, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 99, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 9A, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761805CD C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 98, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 7618078B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 99, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 9A, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 9B, A7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00AD03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00AD01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00AF0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00AF03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00AF0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00AF01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00AF0600
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001F03FC
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001F01F8
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!NtMapViewOfSection 77175C28 5 Bytes JMP 719F0022
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!KiUserApcDispatcher + E 77176F46 5 Bytes JMP 0121E740 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CreateProcessW 75BE204D 6 Bytes PUSH 71470022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CreateNamedPipeW 75C12D97 6 Bytes PUSH 71530022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!GetQueuedCompletionStatus 75C14E90 6 Bytes PUSH 71630022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CreateIoCompletionPort 75C18ED1 6 Bytes PUSH 714F0022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!ReadFile 75C29BAE 6 Bytes PUSH 714B0022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CloseHandle 75C2E868 6 Bytes PUSH 715F0022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!SetUnhandledExceptionFilter 75C2F4FB 6 Bytes PUSH 71A30022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!WriteFile 75C353EE 6 Bytes PUSH 71570022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CancelIo 75C412BE 6 Bytes PUSH 715B0022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] WS2_32.dll!getaddrinfo 77284296 5 Bytes JMP 716B0022
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] GDI32.dll!BitBlt 75E272C0 6 Bytes PUSH 71890022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] GDI32.dll!StretchDIBits 75E2A53E 6 Bytes PUSH 71850022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetParent 76018314 6 Bytes PUSH 717B0022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00110A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001103FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!CreateWindowExA 7601BF40 6 Bytes JMP 7192000A
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00110804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!CreateWindowExW 7601EC7C 6 Bytes JMP 7196000A
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!RegisterClassW 7601ED4A 6 Bytes PUSH 71A60022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!ShowWindow 7601F2A9 6 Bytes PUSH 71730022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!RegisterClassExW 76020162 6 Bytes PUSH 71AE0022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001101F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowLongW 76024449 6 Bytes PUSH 71770022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!PeekMessageW 7602634A 6 Bytes PUSH 719B0022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!TranslateMessage 760264C7 6 Bytes PUSH 716F0022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetClipboardData 76032BA7 6 Bytes PUSH 71810022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00110600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] CRYPT32.dll!CertVerifyCertificateChainPolicy 7543A74E 6 Bytes PUSH 718D0022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ADVAPI32.dll!CreateProcessAsUserW 772CC592 6 Bytes PUSH 71430022; RET
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 5C, E4, 00] {SUB [ESP+0x0], BL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 5F, E4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 5C, E4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 5D, E4, 00] {TEST AL, 0x5d; IN AL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76184200 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 5E, E4, 00] {TEST AL, 0x5e; IN AL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 5D, E4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 5E, E4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 76184291 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 5C, E4, 00] {TEST AL, 0x5c; IN AL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 7618444F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 5D, E4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 5E, E4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 5F, E4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00EA03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00EA01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00EC0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00EC03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00EC0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00EC01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00EC0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600
    .text C:\Program Files\AVG Secure Search\vprot.exe[8092] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC
    .text C:\Program Files\AVG Secure Search\vprot.exe[8092] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8
    .text C:\Program Files\AVG Secure Search\vprot.exe[8092] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
    .text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08
    .text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC
    .text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804
    .text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8
    .text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600

    ---- EOF - GMER 2.0 ----

    (maybe I should have used an attachment after all......)
     
  6. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    Not sure if computer performance is related to PUP:mywebsearch or other issues, but ability to use browsers has become more frustrating even since first post.

    Thanks for any help or advice you can provide
     
  7. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    Hi
    I've not had a response yet - and it may be because of the manner in which I have presented my problem (ie posting all necessary log files across 4 posts)

    If my (assumed) problem isn't relevant for this forum, please let me know

    Thanks in advance
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  9. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    Kevin

    I can only provide a partial response for now.
    Bleeping computer have suffered from an infected ComboFix (Sality virus) and have pulled the application from their site today.

    They also advise users on steps to take if they have used a recent ComboFix (which is likely to be infected):
    http://www.bleepingcomputer.com/forums/topic483431.html

    Hope this is helpful - i guess you guys will experience some outcomes from this.

    Here is my first log

    David


    # AdwCleaner v2.109 - Logfile created 01/29/2013 at 16:58:19
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : David - DAVID-PC
    # Boot Mode : Normal
    # Running from : C:\Users\David\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\searchplugins\Askcom.xml
    File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\searchplugins\Conduit.xml
    File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\searchplugins\mywebsearch.xml
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\David\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\David\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\David\AppData\LocalLow\FunWebProducts
    Folder Deleted : C:\Users\David\AppData\LocalLow\MyWebSearch

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=hp --> hxxp://www.google.com

    -\\ Mozilla Firefox v18.0.1 (en-GB)

    File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\prefs.js

    C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\user.js ... Deleted !

    Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.userId", "{9c4ce659-37b7-47a0-8efc-2153ff9218e9}");
    Deleted : user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://www.bbc.co.uk/\",\"title\":\"BBC - Homepa[...]
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.defaultthis.engineName", "Free Radio TV Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2354614&Sea[...]
    Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE1[...]
    Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
    Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg[...]
    Deleted : user_pref("[email protected]", true);
    Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&m[...]

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [7240 octets] - [29/01/2013 16:58:19]

    ########## EOF - C:\AdwCleaner[S1].txt - [7300 octets] ##########
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Yep Combofix is on hold until the Developer gives us the all clear. For now run the following and post its log...

    Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

    • Quit all running programs
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • Wait until Prescan has finished...
    • The following EULA will appear, please select accept

      [​IMG]
    • Ensure MBR scan, Check faked and AntiRootkit are checked
    • Select Scan

      [​IMG]
    • When the scan completes select Report, copy and paste that to your reply.

      [​IMG]
    • The log should be found in RKreport[?].txt on your Desktop
    • Exit/Close RogueKiller

    Kevin
     
  11. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    Hmmm,
    I got as far as running the scan following your instruction precisely.
    Then got an error message saying windows stopped running RogueKiller.

    Thought I would ask you first before I tried again.....?
    D
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Run ESET online AV scan, see what that log turns up...

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Kevin...
     
  13. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    Kevin

    2 threats found. I think I know the source of both of them.
    I used HFS for a while to wireless convey pictures from PC to TV (by way of PS3)
    I just downloaded trial version of winzip a couple of days ago (but since the PC slow-down)

    I am happy to remove either/both


    ESET SCAN

    C:\Users\David\Downloads\hfs.exe a variant of Win32/Server-Web.HFS.A application
    C:\Users\David\Downloads\WinZip170.exe a variant of Win32/OpenInstall application

    David
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

    Code:
    @echo off
    del /f /s /q "C:\Users\David\Downloads\hfs.exe"
    del /f /s /q "C:\Users\David\Downloads\WinZip170.exe"
    del %0
    
    Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: [​IMG]<--XP [​IMG] <--vista or windows 7
    Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
    The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

    Next,

    Download OTL from any of the following links and save to your desktop.

    http://itxassociates.com/OT-Tools/OTL.com
    http://oldtimer.geekstogo.com/OTL.exe
    http://www.itxassociates.com/OT-Tools/OTL.scr

    Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Let me see those logs please, also give an update on current issues or concerns..

    Kevin
     
  15. STIG_DH

    STIG_DH Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    58
    Kevin

    as requested in your last post this morning. I will try to send in 2 successive files as i continue to experience a problem in previewing or sending this post - it (seems to take too long to submit / accept and then I get timed out. (A symptom of my general problems- if not imposed by a text file limit on your forum).

    I will send on Extras log file than reboot PC and report what more fully I see wrt performance etc in ca 30mins.
    Thanks

    David



    OTL.txt log file

    OTL logfile created on: 30/01/2013 08:30:07 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Downloads
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.64% Memory free
    4.00 Gb Paging File | 1.79 Gb Available in Paging File | 44.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 454.80 Gb Total Space | 304.50 Gb Free Space | 66.95% Space Free | Partition Type: NTFS

    Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/30 08:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
    PRC - [2013/01/25 15:37:51 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    PRC - [2013/01/18 08:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2013/01/16 11:17:16 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2013/01/10 15:58:22 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    PRC - [2013/01/10 15:48:32 | 000,395,616 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteTray.exe
    PRC - [2013/01/10 15:48:30 | 011,771,744 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\Evernote.exe
    PRC - [2013/01/04 22:29:06 | 028,539,232 | ---- | M] (Dropbox, Inc.) -- C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/12/23 22:13:16 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
    PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2012/11/29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/26 18:16:12 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe
    PRC - [2012/10/26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
    PRC - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
    PRC - [2012/09/23 19:44:16 | 001,600,512 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    PRC - [2012/06/26 20:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Device Center\ipoint.exe
    PRC - [2012/06/26 20:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Device Center\itype.exe
    PRC - [2011/08/08 11:12:42 | 000,039,080 | ---- | M] (RPA Technology) -- C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
    PRC - [2011/03/10 00:50:38 | 000,565,248 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
    PRC - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
    PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
    PRC - [2009/10/29 10:11:14 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe
    PRC - [2009/10/29 10:11:12 | 000,665,232 | ---- | M] () -- C:\Program Files\PURE Flow Server\twonkymediaserver.exe
    PRC - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    PRC - [2008/11/05 07:32:40 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
    PRC - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
    PRC - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
    PRC - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    PRC - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2007/08/15 04:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/29 17:04:49 | 000,086,016 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_elementtree.pyd
    MOD - [2013/01/29 17:04:49 | 000,040,448 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_socket.pyd
    MOD - [2013/01/29 17:04:48 | 001,024,616 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\windows._cacheinvalidation.pyd
    MOD - [2013/01/29 17:04:48 | 000,792,576 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._gdi_.pyd
    MOD - [2013/01/29 17:04:48 | 000,571,392 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\pysqlite2._sqlite.pyd
    MOD - [2013/01/29 17:04:48 | 000,263,168 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32com.shell.shell.pyd
    MOD - [2013/01/29 17:04:48 | 000,153,088 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\pyexpat.pyd
    MOD - [2013/01/29 17:04:48 | 000,096,256 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32api.pyd
    MOD - [2013/01/29 17:04:48 | 000,070,656 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._html2.pyd
    MOD - [2013/01/29 17:04:48 | 000,023,040 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32ts.pyd
    MOD - [2013/01/29 17:04:48 | 000,017,920 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32profile.pyd
    MOD - [2013/01/29 17:04:48 | 000,011,776 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32crypt.pyd
    MOD - [2013/01/29 17:04:47 | 000,731,136 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._misc_.pyd
    MOD - [2013/01/29 17:04:47 | 000,354,304 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\pythoncom26.dll
    MOD - [2013/01/29 17:04:47 | 000,073,728 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_ctypes.pyd
    MOD - [2013/01/29 17:04:46 | 001,169,408 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._core_.pyd
    MOD - [2013/01/29 17:04:46 | 000,807,424 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._windows_.pyd
    MOD - [2013/01/29 17:04:46 | 000,645,120 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_ssl.pyd
    MOD - [2013/01/29 17:04:46 | 000,311,808 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_hashlib.pyd
    MOD - [2013/01/29 17:04:46 | 000,110,592 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32security.pyd
    MOD - [2013/01/29 17:04:46 | 000,110,592 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\PyWinTypes26.dll
    MOD - [2013/01/29 17:04:46 | 000,036,352 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32process.pyd
    MOD - [2013/01/29 17:04:46 | 000,022,528 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32pdh.pyd
    MOD - [2013/01/29 17:04:45 | 000,121,856 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._wizard.pyd
    MOD - [2013/01/29 17:04:45 | 000,111,104 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32file.pyd
    MOD - [2013/01/29 17:04:45 | 000,039,424 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32inet.pyd
    MOD - [2013/01/29 17:04:44 | 001,056,256 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._controls_.pyd
    MOD - [2013/01/29 17:04:44 | 000,585,728 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\unicodedata.pyd
    MOD - [2013/01/29 17:04:44 | 000,017,920 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32event.pyd
    MOD - [2013/01/29 17:04:44 | 000,011,776 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\select.pyd
    MOD - [2013/01/18 08:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
    MOD - [2013/01/18 08:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/18 08:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
    MOD - [2013/01/18 08:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
    MOD - [2013/01/18 08:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libegl.dll
    MOD - [2013/01/18 08:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
    MOD - [2013/01/11 10:28:47 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll
    MOD - [2013/01/11 10:18:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
    MOD - [2013/01/11 10:17:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
    MOD - [2013/01/11 10:17:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
    MOD - [2013/01/11 10:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/11 10:15:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
    MOD - [2013/01/11 10:11:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
    MOD - [2013/01/11 10:09:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/11 10:09:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
    MOD - [2013/01/11 10:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
    MOD - [2013/01/11 10:08:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/11 10:08:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
    MOD - [2013/01/11 10:05:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/11 10:05:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2012/10/29 11:50:00 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2012/09/23 19:44:16 | 001,600,512 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
    MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
    MOD - [2012/08/29 06:50:42 | 021,009,920 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libcef.dll
    MOD - [2012/08/29 06:50:28 | 000,133,134 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avutil-51.dll
    MOD - [2012/08/29 06:50:26 | 000,189,454 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avformat-54.dll
    MOD - [2012/08/29 06:50:24 | 000,983,054 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avcodec-54.dll
    MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/08/27 22:17:09 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/06/14 13:19:56 | 000,025,600 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\BonjourService.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2013/01/25 15:37:51 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
    SRV - [2013/01/20 13:47:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/19 10:24:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/10/26 18:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
    SRV - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
    SRV - [2012/01/28 06:21:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
    SRV - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe -- (Off-Helper)
    SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
    SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
    SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe -- (PURE Flow Server)
    SRV - [2009/09/08 17:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/05/30 10:49:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
    SRV - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
    SRV - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
    SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
    SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
    SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
    SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
    SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
    SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
    SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


    ========== Driver Services (SafeList) ==========

    DRV - [2013/01/29 19:48:54 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
    DRV - [2013/01/25 15:37:52 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2012/12/23 22:13:34 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2012/12/23 22:13:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2012/12/23 22:13:32 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/10/29 11:50:33 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
    DRV - [2012/10/15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2012/08/09 13:55:05 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
    DRV - [2012/08/09 13:55:05 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
    DRV - [2011/10/07 17:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
    DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2009/10/05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
    DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
    DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2007/12/20 15:52:06 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2007/11/23 14:59:43 | 000,841,472 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
    DRV - [2007/11/08 03:04:27 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
    DRV - [2007/11/08 03:04:27 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
    DRV - [2007/11/07 00:16:12 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/10/27 00:22:55 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/09/20 00:12:57 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/09/19 21:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2007/08/29 01:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
    DRV - [2007/05/26 08:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2007/04/24 08:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt)
    DRV - [2007/04/24 08:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
    DRV - [2007/04/24 08:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
    DRV - [2007/04/24 08:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
    DRV - [2007/04/24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus)
    DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://club.vaio.sony.co.uk/clubva [Binary data over 200 bytes]
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0717AC97-BDB4-4CEB-85B7-0CA63B554F35}: "URL" = http://www.cnet.com/4244-5_1-0.html?query={searchTerms}&tag=srch&target=nw
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en-GB
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{D8B9925B-7A40-427C-A6EA-191BC3A43307}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
    FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44172
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
    FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/20 08:34:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]

    [2012/01/27 19:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
    [2013/01/14 18:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions
    [2012/12/01 13:19:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2012/01/27 19:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/01/27 19:20:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2013/01/14 17:09:38 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
    [2012/02/10 15:52:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\[email protected]
    [2013/01/14 18:31:15 | 000,579,823 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi
    [2012/11/26 08:18:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/01/19 10:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/01/19 10:24:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
    [2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
    [2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
    [2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
    [2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
    [2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
    [2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
    [2013/01/16 11:17:26 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
    [2012/12/05 18:48:18 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/10/15 09:10:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/12/05 18:48:18 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/12/05 18:48:18 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/10/15 09:10:53 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/12/05 18:48:18 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - homepage: http://www.bbc.co.uk/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.bbc.co.uk/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\David\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
    CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
    CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Kingdom Rush = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\
    CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
    CHR - Extension: RealDownloader = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
    CHR - Extension: Wave theme = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgahidbcmoibbodajeakkjpocflpnad\1.32_0\
    CHR - Extension: SlideRocket = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0\
    CHR - Extension: Evernote Web Clipper = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.5_0\
    CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe (Microsoft)
    O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
    O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
    O4 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PUREFlow Server.lnk = C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe (PacketVideo)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
    O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.11.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.11.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O24 - Desktop WallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell - "" = AutoRun
    O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell\AutoRun\command - "" = G:\Startme.exe
    O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell - "" = AutoRun
    O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
    O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
    O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX9\dxsetup.exe
    O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/29 22:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [2013/01/29 20:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
    [2013/01/29 18:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    [2013/01/26 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\AstraZeneca Employment
    [2013/01/25 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip
    [2013/01/25 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    [2013/01/25 15:40:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Add-in Express
    [2013/01/25 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
    [2013/01/25 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2013/01/25 15:38:20 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2013/01/25 15:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
    [2013/01/24 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
    [2013/01/21 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Sony
    [2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2013/01/20 13:42:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013/01/19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/01/16 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RealNetworks
    [2013/01/16 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
    [2013/01/16 11:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
    [2013/01/16 11:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2013/01/16 11:17:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
    [2013/01/16 11:17:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
    [2013/01/16 11:17:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
    [2013/01/16 11:17:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
    [2013/01/16 11:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
    [2013/01/16 11:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2013/01/09 12:39:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/01/09 12:38:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    [2013/01/09 12:38:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2013/01/09 12:38:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    [2013/01/09 12:38:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/01/09 12:38:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    [2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    [2013/01/09 12:38:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    [2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/01/09 12:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    [2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    [2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    [2013/01/09 12:38:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    [2013/01/09 12:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    [2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    [2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    [2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    [2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    [2013/01/09 12:38:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    [2013/01/09 12:38:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    [2013/01/09 12:38:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/01/09 12:38:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    [2013/01/09 12:38:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/01/09 12:38:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    [2013/01/09 12:38:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    [2013/01/09 12:37:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
    [2013/01/09 12:37:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
    [2013/01/09 12:37:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
    [2013/01/09 12:37:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
    [2013/01/09 12:37:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
    [2013/01/09 12:37:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
    [2013/01/09 12:37:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
    [2013/01/09 12:37:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
    [2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
    [2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
    [2013/01/09 12:37:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
    [2013/01/09 12:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
    [2013/01/09 12:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
    [2013/01/09 12:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
    [2013/01/09 12:37:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
    [2013/01/09 12:37:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
    [2013/01/09 12:36:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2013/01/09 12:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    [2013/01/04 18:26:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ElevatedDiagnostics
    [2012/01/16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
    [2012/01/16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
    [2012/01/16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
    [2012/01/16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
    [2012/01/16 17:22:12 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
    [2012/01/16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
    [2012/01/16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
    [2012/01/16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
    [2012/01/16 17:22:02 | 002,010,984 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
    [2012/01/16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
    [2012/01/16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
    [2012/01/16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
    [2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/30 08:20:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/30 08:20:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/30 08:17:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/30 08:15:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/29 22:19:12 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2013/01/29 22:19:12 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2013/01/29 19:48:54 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
    [2013/01/29 17:17:38 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/29 17:17:38 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/29 17:04:31 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.001
    [2013/01/29 17:03:24 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/29 16:59:11 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/01/29 15:36:26 | 000,086,586 | ---- | M] () -- C:\Users\David\Desktop\ideaTraX expanded item.png
    [2013/01/29 14:45:56 | 000,063,511 | ---- | M] () -- C:\Users\David\Desktop\ideaTraX TB.png
    [2013/01/29 10:52:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2013/01/28 18:18:30 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2013/01/26 18:18:16 | 000,639,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/26 18:18:16 | 000,115,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/25 15:41:22 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
    [2013/01/25 15:37:52 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2013/01/25 09:10:20 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (weekly scan).job
    [2013/01/24 11:44:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/20 13:47:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/01/20 13:47:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/01/20 13:47:14 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
    [2013/01/20 13:30:53 | 000,002,205 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
    [2013/01/20 13:27:36 | 000,007,605 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
    [2013/01/19 11:25:19 | 000,000,963 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/16 11:18:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2013/01/16 11:17:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
    [2013/01/16 11:17:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
    [2013/01/16 11:17:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
    [2013/01/16 11:17:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
    [2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2013/01/11 10:12:15 | 000,001,049 | ---- | M] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/11 10:09:46 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\Dropbox.lnk
    [2013/01/11 09:59:01 | 000,484,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/29 22:19:12 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2013/01/29 19:48:53 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
    [2013/01/29 16:58:45 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/01/29 14:51:52 | 000,086,586 | ---- | C] () -- C:\Users\David\Desktop\ideaTraX expanded item.png
    [2013/01/29 14:44:12 | 000,063,511 | ---- | C] () -- C:\Users\David\Desktop\ideaTraX TB.png
    [2013/01/25 15:41:22 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
    [2013/01/24 11:44:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/20 13:38:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/20 13:27:36 | 000,007,605 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
    [2013/01/16 11:18:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2013/01/11 10:12:15 | 000,001,049 | ---- | C] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/02 09:14:03 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
    [2012/01/27 19:49:01 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
    [2011/04/30 07:27:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2011/04/30 07:27:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2010/01/30 10:11:12 | 000,025,773 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
    [2009/12/08 21:14:18 | 000,000,255 | ---- | C] () -- C:\Users\David\SyncDocs.conf
    [2009/03/13 16:51:59 | 000,003,272 | ---- | C] () -- C:\Users\David\TutorialOpen.xba
    [2008/10/22 14:33:00 | 000,001,414 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
    [2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.dat
    [2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.001

    ========== ZeroAccess Check ==========

    [2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
    [2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\calibre
    [2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
    [2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\CD-LabelPrint
    [2012/01/27 19:19:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Chilirec
    [2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DriverCure
    [2013/01/29 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
    [2012/05/12 18:11:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GARMIN
    [2012/09/23 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICAClient
    [2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
    [2012/02/05 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IsolatedStorage
    [2012/01/27 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MessengerGadget
    [2012/01/27 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
    [2010/01/30 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PeerNetworking
    [2013/01/16 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PrimoPDF
    [2012/02/14 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Quo2
    [2012/05/18 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sony
    [2012/02/05 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Symyx
    [2012/01/31 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
    [2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Teleca
    [2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
    [2013/01/29 13:06:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\webex
    [2012/03/06 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
    [2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\wsInspector

    ========== Purity Check ==========



    < End of report >
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086807