Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Babylon search in Chrome


  • This topic is locked This topic is locked
11 replies to this topic

#1 Carl P

Carl P

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 14 August 2012 - 01:51 PM

I accidentally allowed Babylon search to install. I uninstalled the software, deleted the folders I could find, and cleaned out any reference in my registry with regedit.exe and it still appears as a tab when I open a new session of Chrome. I uninstalled and reinstalled Chrome and it is still there. It was also in my Internet Explorer. To make matters worse, I think it affected another computer of mine, possibly through Google.com

I have a PC running Windows XP Pro.

Edited by Carl P, 14 August 2012 - 01:53 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:46 AM

Posted 14 August 2012 - 02:25 PM

Good evening. :)

Please go here, follow steps six, seven and eight as best you can, skipping those that you cannot run for any reason, and then post accordingly into this thread.

So long, and thanks for all the fish.

 

 


#3 Carl P

Carl P
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 14 August 2012 - 06:57 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Carl at 18:51:30 on 2012-08-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3575.2778 [GMT -5:00]
.
AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Polar\Daemon\polard.exe
C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Charter Security Suite\Common\FSM32.EXE
C:\Program Files\Logitech\G35\G35.exe
C:\Program Files\Humana\GearSync\Humana_GearSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Polar\WebSync\WebSync.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Privacy Safeguard BHO: {a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe} - c:\program files\privacysafeguard\PrivacySafeGuard.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\carl\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\charter security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Logitech G35] c:\program files\logitech\g35\G35.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GearSyncAutoStart] "c:\program files\humana\gearsync\Humana_GearSync.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\polarw~1.lnk - c:\program files\polar\websync\WebSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\charter security suite\fsps\program\FSLSP.DLL
TCP: DhcpNameServer = 24.196.64.53 68.115.71.53
TCP: Interfaces\{7A373A8E-8284-494F-B3BD-1B3EAFDCCB7E} : DhcpNameServer = 24.196.64.53 68.115.71.53
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-10-28 44184]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-10-28 82120]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2010-10-14 19496]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter security suite\hips\drivers\fshs.sys [2010-10-28 68064]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2009-10-15 223464]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\gigabyte\energysaver2\des2svr.exe [2010-10-14 68136]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\charter security suite\anti-virus\fsgk32st.exe [2010-10-28 215648]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-8-2 476016]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-8-2 387440]
R2 Polar Daemon;Polar Daemon;c:\program files\polar\daemon\polard.exe [2012-4-2 411648]
R2 Smart TimeLock;Smart TimeLock Service;c:\program files\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2010-10-14 114688]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-5-18 99856]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter security suite\anti-virus\minifilter\fsgk.sys [2010-10-28 149672]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\charter security suite\orsp client\fsorsp.exe [2010-10-28 61088]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-10-26 58240]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-10-26 136704]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-14 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2012-1-18 2430128]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2010-10-14 24944]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [2011-9-11 53976]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [2011-9-11 335064]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-08-14 23:44:20 17488 ----a-w- c:\windows\gdrv.sys
2012-08-04 17:04:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 17:04:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-24 20:11:54 39656 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 18:52:35.85 ===============

Attached Files


Edited by Carl P, 14 August 2012 - 06:58 PM.


#4 Carl P

Carl P
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 14 August 2012 - 11:07 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-14 23:07:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f ST3500418AS rev.CC38
Running: 9w2dw08e.exe; Driver: C:\DOCUME~1\Carl\LOCALS~1\Temp\pfldqpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xBA27ACD6]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xBA27ACF0]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xBA279E8C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xBA27A1BC]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xBA279BCC]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xBA27A5EE]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xBA27B88C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xBA27A43E]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xBA279A4C]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xBA279EC0]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xBA27A042]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xBA2799A6]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xBA279B06]
SSDT \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xBA279F86]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 80504888 12 Bytes [4C, 9A, 27, BA, C0, 9E, 27, ...]
PAGE ntkrnlpa.exe!IoCreateDevice 8057590C 3 Bytes JMP B9E2DFFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGE ntkrnlpa.exe!IoCreateDevice + 4 80575910 1 Byte [39]
PAGENPNP NDIS.SYS!NdisRegisterProtocol B9DFE17F 5 Bytes JMP B9E2DE0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisOpenAdapter B9DFE399 5 Bytes JMP B9E2E394 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisCloseAdapter B9E08642 5 Bytes JMP B9E2DF18 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol B9E08821 5 Bytes JMP B9E2E1B0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets B9E0B810 5 Bytes JMP B9E2EC0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest B9E0B97B 5 Bytes JMP B9E2E5AC fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend B9E0E986 5 Bytes JMP B9E2F58C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets B9E0E9A3 5 Bytes JMP B9E2F65E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData B9E0E9BE 5 Bytes JMP B9E2ED0A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoCreateVc B9E15186 5 Bytes JMP B9E2DE76 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoDeleteVc B9E16557 5 Bytes JMP B9E2DEE4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoSendPackets B9E16AF1 5 Bytes JMP B9E2F376 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB93BA000, 0x2DC7EC, 0xE8000020]
? C:\DOCUME~1\Carl\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0095000C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0095100C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0095200C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0095300C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0095400C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0095A00C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0095700C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0095500C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0095600C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0095800C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[436] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0095900C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 011B000C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 011B100C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011B200C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 011B300C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 011B400C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 011BA00C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 011B900C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 011B700C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 011B500C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 011B600C
.text C:\WINDOWS\system32\Ati2evxx.exe[604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 011B800C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 032B000C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 032B100C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 032B200C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 032B300C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 032B700C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 032B500C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 032B600C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 032B800C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 032B400C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 032BA00C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[744] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 032B900C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01E2000C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01E2100C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01E2200C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 01E2300C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01E2400C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 01E2A00C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 01E2700C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 01E2500C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 01E2600C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 01E2800C
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[776] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 01E2900C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0085000C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0085100C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0085200C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0085300C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0085700C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0085500C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0085600C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0085800C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0085400C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0085A00C
.text C:\Program Files\Bonjour\mDNSResponder.exe[800] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0085900C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003E000C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003E100C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003E200C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003E300C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003E700C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003E500C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003E600C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E800C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E400C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003EA00C
.text C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe[828] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 003E900C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CF000C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CF100C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF200C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00CF300C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00CF700C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00CF500C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00CF600C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CF800C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CF400C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00CFA00C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[904] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00CF900C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 010E000C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 010E100C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010E200C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 010E300C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 010E700C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 010E500C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 010E600C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 010E800C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 010E400C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 010EA00C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1016] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 010E900C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0BAF000C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0BAF100C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0BAF200C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0BAF300C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0BAF700C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0BAF500C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0BAF600C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0BAF800C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0BAF400C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0BAFA00C
.text C:\WINDOWS\system32\SearchIndexer.exe[1060] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0BAF900C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0148000C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0148100C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0148200C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0148300C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0148400C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0148A00C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0148900C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0148700C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0148500C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0148600C
.text C:\Program Files\Polar\WebSync\WebSync.exe[1228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0148800C
.text C:\WINDOWS\system32\winlogon.exe[1348] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 011D000C
.text C:\WINDOWS\system32\winlogon.exe[1348] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 011D100C
.text C:\WINDOWS\system32\winlogon.exe[1348] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011D200C
.text C:\WINDOWS\system32\winlogon.exe[1348] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 011D300C
.text C:\WINDOWS\system32\winlogon.exe[1348] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 011D700C
.text C:\WINDOWS\system32\winlogon.exe[1348] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 011D500C
.text C:\WINDOWS\system32\winlogon.exe[1348] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 011D600C
.text C:\WINDOWS\system32\winlogon.exe[1348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 011D800C
.text C:\WINDOWS\system32\winlogon.exe[1348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 011D400C
.text C:\WINDOWS\system32\winlogon.exe[1348] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 011DA00C
.text C:\WINDOWS\system32\winlogon.exe[1348] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 011D900C
.text C:\WINDOWS\system32\lsass.exe[1416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\lsass.exe[1416] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B7100C
.text C:\WINDOWS\system32\lsass.exe[1416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B7200C
.text C:\WINDOWS\system32\lsass.exe[1416] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B7300C
.text C:\WINDOWS\system32\lsass.exe[1416] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B7700C
.text C:\WINDOWS\system32\lsass.exe[1416] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B7500C
.text C:\WINDOWS\system32\lsass.exe[1416] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B7600C
.text C:\WINDOWS\system32\lsass.exe[1416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B7800C
.text C:\WINDOWS\system32\lsass.exe[1416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B7400C
.text C:\WINDOWS\system32\lsass.exe[1416] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B7A00C
.text C:\WINDOWS\system32\lsass.exe[1416] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00B7900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0248000C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0248100C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0248200C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0248300C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0248400C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0248A00C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0248900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0248700C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0248500C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0248600C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0248800C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0079000C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0079100C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0079200C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0079300C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0079700C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0079500C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0079600C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0079800C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0079400C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0079A00C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[1684] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0079900C
.text C:\Program Files\Polar\Daemon\polard.exe[1960] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0243000C
.text C:\Program Files\Polar\Daemon\polard.exe[1960] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0243100C
.text C:\Program Files\Polar\Daemon\polard.exe[1960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0243200C
.text C:\Program Files\Polar\Daemon\polard.exe[1960] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0243300C
.text C:\Program Files\Polar\Daemon\polard.exe[1960] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0243700C
.text C:\Program Files\Polar\Daemon\polard.exe[1960] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0243500C
.text C:\Program Files\Polar\Daemon\polard.exe[1960] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0243600C
.text C:\Program Files\Polar\Daemon\polard.exe[1960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0243800C
.text C:\Program Files\Polar\Daemon\polard.exe[1960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0243400C
.text C:\Program Files\Polar\Daemon\polard.exe[1960] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0243900C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003A000C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2016] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003A100C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A200C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2016] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003A300C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2016] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003A700C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2016] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003A500C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2016] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003A600C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A800C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A400C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2016] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003A900C
.text C:\WINDOWS\RTHDCPL.EXE[2396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01CA000C
.text C:\WINDOWS\RTHDCPL.EXE[2396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01CA100C
.text C:\WINDOWS\RTHDCPL.EXE[2396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01CA200C
.text C:\WINDOWS\RTHDCPL.EXE[2396] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 01CA300C
.text C:\WINDOWS\RTHDCPL.EXE[2396] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 01CA700C
.text C:\WINDOWS\RTHDCPL.EXE[2396] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 01CA500C
.text C:\WINDOWS\RTHDCPL.EXE[2396] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 01CA600C
.text C:\WINDOWS\RTHDCPL.EXE[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 01CA800C
.text C:\WINDOWS\RTHDCPL.EXE[2396] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 01CA900C
.text C:\WINDOWS\RTHDCPL.EXE[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01CA400C
.text C:\WINDOWS\RTHDCPL.EXE[2396] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 01CAA00C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003D000C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003D100C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003D200C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003D300C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003D700C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003D500C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003D600C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D800C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D400C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003D900C
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2404] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 003DA00C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A3000C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A3100C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A3200C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A3300C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A3700C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A3500C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A3600C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A3800C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A3400C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A3900C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2428] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A3A00C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2444] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0087000C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2444] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0087100C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0087200C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2444] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0087300C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0087400C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2444] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0087900C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2444] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0087700C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2444] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0087500C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2444] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0087600C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2444] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0087800C
.text C:\Program Files\Charter Security Suite\Common\FSM32.EXE[2452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0093000C
.text C:\Program Files\Charter Security Suite\Common\FSM32.EXE[2452] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0093100C
.text C:\Program Files\Logitech\G35\G35.exe[2632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B2000C
.text C:\Program Files\Logitech\G35\G35.exe[2632] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B2100C
.text C:\Program Files\Logitech\G35\G35.exe[2632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B2200C
.text C:\Program Files\Logitech\G35\G35.exe[2632] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B2300C
.text C:\Program Files\Logitech\G35\G35.exe[2632] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B2700C
.text C:\Program Files\Logitech\G35\G35.exe[2632] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B2500C
.text C:\Program Files\Logitech\G35\G35.exe[2632] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B2600C
.text C:\Program Files\Logitech\G35\G35.exe[2632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B2800C
.text C:\Program Files\Logitech\G35\G35.exe[2632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B2400C
.text C:\Program Files\Logitech\G35\G35.exe[2632] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B2A00C
.text C:\Program Files\Logitech\G35\G35.exe[2632] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00B2900C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BC000C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BC100C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC200C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00BC300C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BC400C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00BCA00C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00BC700C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00BC500C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00BC600C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BC800C
.text C:\Program Files\Humana\GearSync\Humana_GearSync.exe[2800] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00BC900C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003B000C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003B100C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B200C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003B300C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003B700C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003B500C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003B600C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B800C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B400C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003B900C
.text C:\Program Files\iTunes\iTunesHelper.exe[2996] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 003BA00C
.text C:\WINDOWS\System32\alg.exe[3232] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B4000C
.text C:\WINDOWS\System32\alg.exe[3232] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B4100C
.text C:\WINDOWS\System32\alg.exe[3232] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B4200C
.text C:\WINDOWS\System32\alg.exe[3232] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B4300C
.text C:\WINDOWS\System32\alg.exe[3232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B4400C
.text C:\WINDOWS\System32\alg.exe[3232] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B4A00C
.text C:\WINDOWS\System32\alg.exe[3232] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B4700C
.text C:\WINDOWS\System32\alg.exe[3232] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B4500C
.text C:\WINDOWS\System32\alg.exe[3232] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B4600C
.text C:\WINDOWS\System32\alg.exe[3232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B4800C
.text C:\WINDOWS\System32\alg.exe[3232] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00B4900C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003C000C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003C100C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C200C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003C300C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003C700C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003C500C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003C600C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C800C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C400C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003CA00C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3432] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 003C900C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003B000C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003B100C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B200C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003B300C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003B700C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003B500C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003B600C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B800C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B400C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003B900C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3476] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 003BA00C
.text C:\WINDOWS\Explorer.EXE[3536] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B5000C
.text C:\WINDOWS\Explorer.EXE[3536] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B5100C
.text C:\WINDOWS\Explorer.EXE[3536] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B5200C
.text C:\WINDOWS\Explorer.EXE[3536] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B5300C
.text C:\WINDOWS\Explorer.EXE[3536] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B5700C
.text C:\WINDOWS\Explorer.EXE[3536] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B5500C
.text C:\WINDOWS\Explorer.EXE[3536] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B5600C
.text C:\WINDOWS\Explorer.EXE[3536] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B5800C
.text C:\WINDOWS\Explorer.EXE[3536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B5400C
.text C:\WINDOWS\Explorer.EXE[3536] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B5A00C
.text C:\WINDOWS\Explorer.EXE[3536] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00B5900C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0038000C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0038100C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0038200C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0038300C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0038400C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0038900C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0038700C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0038500C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0038600C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038800C
.text C:\Documents and Settings\Carl\My Documents\Downloads\9w2dw08e.exe[3552] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0038A00C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AE000C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AE100C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AE200C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AE300C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AE700C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AE500C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AE600C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AE800C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AE400C
.text C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3808] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00AE900C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008B000C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008B100C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008B200C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 008B300C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 008B700C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 008B500C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 008B600C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008B800C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008B400C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 008BA00C
.text C:\WINDOWS\system32\SearchProtocolHost.exe[4344] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 008B900C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0090000C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0090100C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0090200C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0090300C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0090700C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0090500C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0090600C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0090800C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0090400C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0090A00C
.text C:\WINDOWS\system32\SearchFilterHost.exe[4748] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0090900C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003C000C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003C100C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C200C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003C300C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C400C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003CA00C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003C700C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003C500C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003C600C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C800C
.text C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe[5476] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 003C900C

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

---- EOF - GMER 1.0.15 ----

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:46 AM

Posted 15 August 2012 - 02:32 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#6 Carl P

Carl P
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 15 August 2012 - 05:56 PM

OTL logfile created on: 8/15/2012 5:23:22 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Carl\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 75.91% Memory free
5.33 Gb Paging File | 4.51 Gb Available in Paging File | 84.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 338.18 Gb Free Space | 72.61% Space Free | Partition Type: NTFS

Computer Name: BIGBLUE | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 17:22:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\My Documents\Downloads\OTL.scr
PRC - [2012/08/07 01:43:41 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/08/02 20:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/08/02 20:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2012/08/02 20:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/05/29 19:14:53 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
PRC - [2012/05/29 19:14:53 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
PRC - [2012/05/10 09:31:00 | 000,532,040 | ---- | M] (Humana Inc.) -- C:\Program Files\Humana\GearSync\Humana_GearSync.exe
PRC - [2012/04/10 19:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2012/04/02 10:51:02 | 006,184,448 | ---- | M] () -- C:\Program Files\Polar\WebSync\WebSync.exe
PRC - [2012/04/02 10:39:10 | 000,411,648 | ---- | M] () -- C:\Program Files\Polar\Daemon\polard.exe
PRC - [2011/11/08 03:42:08 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
PRC - [2011/06/05 16:18:19 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
PRC - [2010/10/28 20:40:09 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
PRC - [2010/10/05 09:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files\Logitech\G35\G35.exe
PRC - [2010/04/22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009/10/20 23:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/08/05 10:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
PRC - [2009/08/05 10:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXE
PRC - [2009/08/05 10:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
PRC - [2009/08/05 10:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
PRC - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/01 10:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2012/08/07 01:43:40 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppgooglenaclpluginchrome.dll
MOD - [2012/08/07 01:43:37 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
MOD - [2012/08/07 01:42:09 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avutil-51.dll
MOD - [2012/08/07 01:42:08 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avformat-54.dll
MOD - [2012/08/07 01:42:07 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avcodec-54.dll
MOD - [2012/08/02 20:19:06 | 000,009,584 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012/08/02 20:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
MOD - [2012/08/02 20:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
MOD - [2012/08/02 20:08:20 | 000,658,800 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\af_proxy.dll
MOD - [2012/06/13 20:02:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 19:46:18 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 19:45:48 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/10 19:42:44 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 19:42:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/10 19:42:24 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/09 23:09:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 23:08:06 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 23:07:59 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/10 19:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2012/04/05 21:53:26 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/04/02 10:51:02 | 006,184,448 | ---- | M] () -- C:\Program Files\Polar\WebSync\WebSync.exe
MOD - [2012/04/02 10:39:24 | 000,104,448 | ---- | M] () -- C:\Program Files\Polar\WebSync\PTransform.dll
MOD - [2012/04/02 10:39:10 | 000,411,648 | ---- | M] () -- C:\Program Files\Polar\Daemon\polard.exe
MOD - [2012/04/02 10:38:30 | 003,457,536 | ---- | M] () -- C:\Program Files\Polar\WebSync\libpolar.dll
MOD - [2012/04/02 10:38:30 | 003,457,536 | ---- | M] () -- C:\Program Files\Polar\Daemon\libpolar.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/19 04:14:56 | 000,336,568 | ---- | M] () -- C:\Program Files\Charter Security Suite\Spam Control\aspam\aspam.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/24 17:16:29 | 000,030,888 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/14 17:01:02 | 002,142,720 | ---- | M] () -- C:\Program Files\Polar\WebSync\QtCore4.dll
MOD - [2010/10/28 19:54:58 | 000,768,712 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\fm4av.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2010/02/10 19:45:48 | 000,025,600 | ---- | M] () -- C:\Program Files\Polar\WebSync\imageformats\qgif4.dll
MOD - [2010/02/10 19:45:40 | 000,119,808 | ---- | M] () -- C:\Program Files\Polar\WebSync\imageformats\qjpeg4.dll
MOD - [2010/02/10 17:22:16 | 007,971,840 | ---- | M] () -- C:\Program Files\Polar\WebSync\QtGui4.dll
MOD - [2010/02/10 17:07:32 | 000,929,280 | ---- | M] () -- C:\Program Files\Polar\WebSync\QtNetwork4.dll
MOD - [2010/02/10 17:06:06 | 000,334,848 | ---- | M] () -- C:\Program Files\Polar\WebSync\QtXml4.dll
MOD - [2009/08/05 10:59:08 | 000,199,264 | ---- | M] () -- C:\Program Files\Charter Security Suite\Spam Control\fsas.dll
MOD - [2009/08/05 10:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSPC\fspcfsm.eng
MOD - [2009/08/05 10:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fshook32.dll
MOD - [2009/08/05 10:58:30 | 000,236,128 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fsumi.dll
MOD - [2009/08/05 10:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\strres.eng
MOD - [2009/08/05 10:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\gres.dll
MOD - [2009/08/05 10:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\flyerres.eng
MOD - [2009/08/05 10:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\fsavures.eng
MOD - [2009/08/05 10:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\about.dll
MOD - [2009/08/05 10:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\aboutres.dll
MOD - [2009/08/05 10:56:08 | 000,036,864 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\fsavhres.eng
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
MOD - [2009/05/04 17:56:08 | 000,102,400 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver2\ycc.dll
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/14 20:04:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 20:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/08/02 20:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/08/02 20:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/08/02 20:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/04/02 10:39:10 | 000,411,648 | ---- | M] () [Auto | Running] -- C:\Program Files\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2011/12/06 14:54:14 | 002,430,128 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/05 16:18:19 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/10/28 20:40:09 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/08/05 10:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 10:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/15 16:35:48 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2012/08/15 16:27:24 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012/07/24 15:11:54 | 000,039,656 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2012/05/29 19:15:08 | 000,149,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/04/06 00:16:18 | 007,746,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/02/23 07:31:22 | 000,099,856 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012/01/04 18:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/12/16 18:08:59 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2010/10/14 23:26:29 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/09/29 11:34:50 | 000,335,064 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ladfSBVMi386.sys -- (LADF_SBVM)
DRV - [2010/09/29 11:34:48 | 000,053,976 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ladfDHP2i386.sys -- (LADF_DHP2)
DRV - [2010/04/27 11:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/03/26 05:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/03/08 05:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/25 18:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/26 10:19:02 | 000,136,704 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/10/26 10:19:00 | 000,058,240 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/08/19 07:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/08/05 10:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 3D D4 FE 00 77 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://webpages.charter.net/cfpeterson/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{34DB5BE9-C35A-4416-B6D4-3022C9A32636}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
IE - HKCU\..\SearchScopes\{64F46CA0-0AEE-4ea9-B694-6B59F2808010}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{7A107F94-A37F-4CA1-89E9-ED04231C2F81}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z180&form=ZGAIDF&install_date=20111012&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{97E10A1F-DD5E-4f88-B6F4-C46643991608}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter Security Suite\NRS\litmus-ff@f-secure.com [2012/07/13 17:02:16 | 000,000,000 | ---D | M]

[2011/09/19 18:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Extensions
[2012/08/05 09:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\885j6cly.default\extensions
[2011/09/19 21:12:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\885j6cly.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/05 09:37:28 | 000,000,000 | ---D | M] ("Shopping Sidekick") -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\885j6cly.default\extensions\crossriderapp5058@crossrider.com
[2012/07/13 17:02:16 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\CHARTER SECURITY SUITE\NRS\LITMUS-FF@F-SECURE.COM
[2010/10/28 17:38:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - homepage: http://webpages.charter.net/cfpeterson/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://webpages.charter.net/cfpeterson/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [GearSyncAutoStart] C:\Program Files\Humana\GearSync\Humana_GearSync.exe (Humana Inc.)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Polar WebSync.lnk = C:\Program Files\Polar\WebSync\WebSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.115.71.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A373A8E-8284-494F-B3BD-1B3EAFDCCB7E}: DhcpNameServer = 24.196.64.53 68.115.71.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Carl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/14 22:46:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 16:36:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/14 18:51:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carl\Start Menu\Programs\Administrative Tools
[2012/08/10 18:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Application Data\Malwarebytes
[2012/08/10 18:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/08 17:42:39 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2012/08/06 21:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Start Menu\Programs\Google Chrome
[2012/08/06 21:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2012/08/06 21:01:50 | 000,339,968 | ---- | C] (Canon, Inc.) -- C:\WINDOWS\System32\pscUD112.dll
[2012/08/06 21:01:49 | 000,094,208 | ---- | C] (Canon. Inc) -- C:\WINDOWS\System32\PSCLU112.dll
[2012/08/06 21:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/08/06 21:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\WINDOWS
[2012/08/05 09:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFCreator
[2012/08/05 09:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/08/05 09:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/08/05 09:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/08/05 09:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\PrivacySafeGuard
[2012/08/05 09:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Privacy SafeGuard
[2012/08/05 09:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/07/27 22:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hotspot Shield
[2012/07/20 16:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/07/19 17:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/07/19 17:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/19 17:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/19 17:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/19 17:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/07/19 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/15 17:46:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 17:46:35 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-73586283-725345543-1003UA.job
[2012/08/15 17:46:00 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/15 17:45:59 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Google Chrome.lnk
[2012/08/15 17:33:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2012/08/15 17:18:18 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Microsoft Outlook 2010.lnk
[2012/08/15 17:04:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/15 16:59:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-73586283-725345543-500UA.job
[2012/08/15 16:57:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/15 16:50:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/15 16:35:48 | 000,044,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012/08/15 16:27:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/14 21:34:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-73586283-725345543-1003Core.job
[2012/08/14 18:42:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Carl\defogger_reenable
[2012/08/11 17:59:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-73586283-725345543-500Core.job
[2012/08/07 16:46:43 | 000,091,551 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\Trek Sensor.pdf
[2012/08/05 09:37:06 | 000,000,660 | RHS- | M] () -- C:\Documents and Settings\Carl\ntuser.pol
[2012/07/24 15:11:54 | 000,039,656 | ---- | M] (AnchorFree Inc.) -- C:\WINDOWS\System32\drivers\hssdrv.sys
[2012/07/19 17:42:34 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 18:42:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Carl\defogger_reenable
[2012/08/07 16:46:53 | 000,091,551 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\Trek Sensor.pdf
[2012/08/06 21:25:44 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Google Chrome.lnk
[2012/08/06 21:25:44 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/06 21:24:54 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-73586283-725345543-1003UA.job
[2012/08/06 21:24:54 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-73586283-725345543-1003Core.job
[2012/08/05 09:37:55 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2012/08/05 09:37:06 | 000,000,660 | RHS- | C] () -- C:\Documents and Settings\Carl\ntuser.pol
[2012/07/19 17:42:34 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/01/18 22:09:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/11/09 15:16:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\spwini.dll
[2011/10/23 13:19:32 | 000,017,680 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/10/23 13:19:31 | 006,908,648 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/10/12 19:13:09 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2011/09/22 12:08:56 | 003,902,976 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/09/21 18:51:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/19 18:31:06 | 000,057,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/11 14:33:00 | 000,075,096 | ---- | C] () -- C:\WINDOWS\System32\LADFCoinst_i386.dll
[2011/08/25 00:40:41 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\Databases.db
[2011/08/22 14:07:48 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/22 14:07:02 | 000,158,208 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/08/22 14:07:00 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/08/22 14:06:30 | 001,524,224 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/08/22 14:06:30 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/08/22 14:06:30 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/08/22 14:06:28 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/08/22 14:06:28 | 000,113,664 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/08/22 14:06:26 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/08/22 14:06:26 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/04/09 12:55:25 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/03 06:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 06:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/03/03 06:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/03/03 06:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/03/03 06:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/03/03 06:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 06:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/03/03 06:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/03/03 06:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/03/03 06:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/10/30 14:43:25 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/28 19:52:24 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/10/15 06:37:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/15 06:37:14 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 23:32:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/14 23:32:24 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/14 23:32:24 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/14 23:32:24 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/14 23:26:29 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2010/10/14 23:22:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\CommCmd.dll
[2010/10/14 23:21:51 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe
[2010/10/14 23:21:51 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
[2010/10/14 23:21:11 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/10/14 23:15:14 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2010/10/14 23:15:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2010/10/14 22:47:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/14 22:45:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini

========== LOP Check ==========

[2012/08/05 09:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/05/17 20:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2010/10/28 19:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010/10/28 19:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2012/07/27 22:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hotspot Shield
[2012/08/05 09:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/05 16:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/07/19 17:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/13 21:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\3Dconnexion
[2011/11/23 22:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\calibre
[2011/02/19 23:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\F-Secure
[2012/01/13 00:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\FileZilla
[2012/01/14 15:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\GPass
[2011/09/11 14:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Leadertech
[2011/10/12 18:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Nullsoft
[2012/04/23 18:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Polar WebSync
[2012/04/27 15:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Uniblue
[2010/11/29 21:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\WhiteSmokeSetup
[2010/11/29 21:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\WhiteSmokeTranslator
[2011/04/01 15:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Windows Desktop Search
[2011/09/13 21:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Windows Search
[2011/12/13 21:44:27 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\3DxSoftware Create Process (ID 36503836153096).job
[2012/08/15 17:33:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 8/15/2012 5:23:22 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Carl\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 75.91% Memory free
5.33 Gb Paging File | 4.51 Gb Available in Paging File | 84.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 338.18 Gb Free Space | 72.61% Space Free | Partition Type: NTFS

Computer Name: BIGBLUE | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.B4EWAJSYVHFJC2HYQBH224D7QY] -- C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02B94925-4A1C-D7AC-A851-0E7A9D5ED8BE}" = CCC Help Thai
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0CA30245-F843-407F-8FA6-52880DF8E67C}" = 3Dconnexion Plug-In for NX v3.0 - v8.0
"{0D8F0DF1-B930-4943-9E71-1F0AB7C239B0}" = 3Dconnexion 3DxWare
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11EECEB2-5C76-99CD-2E39-756CBDD73499}" = CCC Help Spanish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1910EF67-D4B8-4561-9252-4F2EFF2E17AE}" = 3Dconnexion Plug-in for Acrobat 3D
"{2001197F-7545-41F7-9078-E8D23B3BBEAF}" = 3Dconnexion Plug-In for Photoshop CS3 - CS5
"{2AE31B63-387A-249C-2124-5C459B07B8E3}" = CCC Help Korean
"{2B1D90C0-F2C0-C20A-0C21-6B2DEEEB33BC}" = CCC Help Dutch
"{32714287-4234-412A-877B-D33AFABFDE2B}" = EverQuest Titanium
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3781D899-BB45-44D5-ADE0-E8299CC5AAEF}" = 3Dconnexion Plug-In for 3ds Max v9 - 2012
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1
"{3B786ABD-AA64-0225-3925-8FA3F77FE53B}" = CCC Help Polish
"{3CE64BF1-5AC5-4B46-B2E7-9897923F3BBE}" = 3Dconnexion Plug-In for Maya v8.5 - 2012
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"{4ADA60D4-895E-4B03-86BF-39582AD5E95C}_is1" = Humana GearSync 1.5.115
"{54D8C662-ED7A-8B98-2ADD-AE6F2F2D0299}" = CCC Help Danish
"{59279982-86E2-4C2A-8060-A3E77575CD8B}" = Logitech G35
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{6808A819-8657-8AF7-1351-9702425337E7}" = CCC Help Chinese Traditional
"{6AAB8068-BEB6-4CB6-958E-717EA6402467}" = 3Dconnexion Trainer
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D236956-B79D-4748-BEA3-A039334A66AB}" = 3Dconnexion Collage
"{70AE4016-BCFD-9B62-5B9A-CCB831A3715B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{713E2C49-4301-7706-91BF-B3269688BE50}" = Catalyst Control Center InstallProxy
"{73F64EE9-AC9A-9585-E6DA-7547AD804820}" = CCC Help Chinese Standard
"{76312427-983B-9524-527B-3E44E4620334}" = CCC Help Greek
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E75011-B477-842D-F291-7D0985797D56}" = CCC Help Swedish
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DB6EB2-1072-4F72-8263-5461607775C7}" = 3Dconnexion Add-On for XSI v5.0 - 2012
"{80E8203D-8550-428F-ADA5-C16A86EAD439}" = Polar Daemon
"{852252AE-F555-4BA1-B451-4E4C230D18F2}" = 3Dconnexion Extension for SketchUp
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8BA70AE2-35EE-8A73-22BD-F2DB17CDD96D}" = Catalyst Control Center InstallProxy
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96E58E89-4623-CE23-B743-0BFAA94677A6}" = CCC Help German
"{98A957AC-7BA3-82F7-A273-D8C783B23C5F}" = CCC Help French
"{98B069B8-EF38-CE76-1728-02AC63AC0438}" = Catalyst Control Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EEC34BF-9682-EE9D-ACE4-6C571E24A7EE}" = CCC Help Japanese
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB165295-EA7E-6753-55A8-429C08A85690}" = CCC Help Italian
"{AB3902FC-219F-A3A0-10EC-63CFF24DF707}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B293548D-735F-1F86-1C9C-1A56B8928FEE}" = AMD Catalyst Install Manager
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B40B1EFB-BA7B-462A-EA58-0AD6A05EC931}" = CCC Help English
"{B7CD2ADE-855E-2A1C-683A-3A4C05A7CA5D}" = Catalyst Control Center Localization All
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware
"{C026CEB6-EDE7-4C02-B860-F5DEAA93A72B}" = 3Dconnexion Add-In for Inventor 11 - 2012
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C14BEC54-8253-6AC5-D446-506281A5E4F8}" = CCC Help Russian
"{C1EC6451-68A9-7EC2-2DB4-899A09A1CA09}" = CCC Help Norwegian
"{C3FB95A9-7A13-431E-B6E5-0E1E43DB8176}" = 3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 1.0
"{C4CBE331-9BFC-456B-A4D8-4E43E5EA3788}" = 3Dconnexion Add-In for AutoCAD 2007 - 2010
"{C542D258-F474-6798-A018-EB480B8EDC6C}" = CCC Help Turkish
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E015C888-7269-AA4A-6040-5A2E23132898}" = ATI AVIVO Codecs
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E60588F9-9961-1136-B5A1-74D15B1C0EA1}" = CCC Help Finnish
"{E77EA99F-5EDE-4F54-8C9D-FCC57F87DAD6}" = 3Dconnexion Add-In for SolidWorks 2005 - 2012
"{E7DF9EFA-42AE-475F-2C5C-E2E9AC953AA5}" = CCC Help Hungarian
"{E8ABFD31-4D11-4054-9BD5-FF7BABE15B3B}" = Polar WebSync
"{EE49E6E2-67AE-4B7B-9804-BF099C4EDA14}" = 3Dconnexion Add-In for Solid Edge V18 - ST4
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C27587-F747-D0C8-907C-054B87A08B64}" = ccc-utility
"{F7170995-22B7-082B-63D3-776AD36AE749}" = CCC Help Portuguese
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"CyberGhost VPN_is1" = CyberGhost VPN
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Diablo III" = Diablo III
"F-Secure Product 444" = Charter Security Suite
"HotspotShield" = Hotspot Shield 2.67
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.6 [32-Bit]
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2012 7:48:00 PM | Computer Name = BIGBLUE | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x80070002.

Error - 8/14/2012 7:48:00 PM | Computer Name = BIGBLUE | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x80070002).

Error - 8/14/2012 7:50:38 PM | Computer Name = BIGBLUE | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x80070002.

Error - 8/14/2012 7:50:38 PM | Computer Name = BIGBLUE | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x80070002.

Error - 8/14/2012 7:50:38 PM | Computer Name = BIGBLUE | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x80070002).

Error - 8/14/2012 7:50:38 PM | Computer Name = BIGBLUE | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x80070002).

Error - 8/15/2012 6:18:44 PM | Computer Name = BIGBLUE | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x80070002.

Error - 8/15/2012 6:18:44 PM | Computer Name = BIGBLUE | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x80070002).

Error - 8/15/2012 6:18:44 PM | Computer Name = BIGBLUE | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x80070002.

Error - 8/15/2012 6:18:44 PM | Computer Name = BIGBLUE | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x80070002).

[ System Events ]
Error - 8/15/2012 6:13:49 PM | Computer Name = BIGBLUE | Source = NetBT | ID = 4321
Description = The name "PETERSON :1d" could not be registered on the Interface
with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did
not allow the name to be claimed by this machine.

Error - 8/15/2012 6:19:00 PM | Computer Name = BIGBLUE | Source = NetBT | ID = 4321
Description = The name "PETERSON :1d" could not be registered on the Interface
with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did
not allow the name to be claimed by this machine.

Error - 8/15/2012 6:21:20 PM | Computer Name = BIGBLUE | Source = NetBT | ID = 4321
Description = The name "PETERSON :1d" could not be registered on the Interface
with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did
not allow the name to be claimed by this machine.

Error - 8/15/2012 6:26:30 PM | Computer Name = BIGBLUE | Source = NetBT | ID = 4321
Description = The name "PETERSON :1d" could not be registered on the Interface
with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did
not allow the name to be claimed by this machine.

Error - 8/15/2012 6:31:40 PM | Computer Name = BIGBLUE | Source = NetBT | ID = 4321
Description = The name "PETERSON :1d" could not be registered on the Interface
with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did
not allow the name to be claimed by this machine.

Error - 8/15/2012 6:33:33 PM | Computer Name = BIGBLUE | Source = NetBT | ID = 4321
Description = The name "PETERSON :1d" could not be registered on the Interface
with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did
not allow the name to be claimed by this machine.

Error - 8/15/2012 6:38:43 PM | Computer Name = BIGBLUE | Source = NetBT | ID = 4321
Description = The name "PETERSON :1d" could not be registered on the Interface
with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did
not allow the name to be claimed by this machine.

Error - 8/15/2012 6:43:54 PM | Computer Name = BIGBLUE | Source = NetBT | ID = 4321
Description = The name "PETERSON :1d" could not be registered on the Interface
with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did
not allow the name to be claimed by this machine.

Error - 8/15/2012 6:45:48 PM | Computer Name = BIGBLUE | Source = NetBT | ID = 4321
Description = The name "PETERSON :1d" could not be registered on the Interface
with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did
not allow the name to be claimed by this machine.

Error - 8/15/2012 6:50:58 PM | Computer Name = BIGBLUE | Source = NetBT | ID = 4321
Description = The name "PETERSON :1d" could not be registered on the Interface
with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did
not allow the name to be claimed by this machine.


< End of report >

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:46 AM

Posted 16 August 2012 - 03:30 PM

Good evening. :)

I installed Babylon myself and managed to remove it from Chrome by doing the following:

Open Chrome and click on the "Spanner" icon in the top right hand corner and then select Settings from the menu that appears.

Under the Search heading - Set which search engine is used when searching from the omnibox, click on the down arrow and change Search the web (Babylon) to Google, or any other that you wish.

To the right of that box click the Manage search engines... button, locate the Babylon entry and click the "X" to the far right to delete it, and then click OK.

Under the On start-up section, find the Open a specific page or set of pages option and click the Set pages link. Locate the Babylon Search entry and click the "X" to the far right to delete it, and then click OK

Let me know how you get on and also whether it is still an issue within Internet Explorer.

So long, and thanks for all the fish.

 

 


#8 Carl P

Carl P
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 19 August 2012 - 10:04 AM

Well, I just did that and Chrome isn't showing up anymore. But! My computer is now running extremely slow. Not sure what happened in the meantime. There was a Microsoft update last week too. I saw a link in here somewhere on how to fix a slow computer and I'll go through the list.

#9 Carl P

Carl P
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 20 August 2012 - 06:19 PM

Did one of these programs do something to slow my computer? Its really slow on boot, starting programs, etc. Do I need to undo something?

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:46 AM

Posted 21 August 2012 - 02:20 PM

Good evening. :)

None of the programs, GMER, DDS or OTL, have made any changes to your system - all they have done is to create logs to allow me to check for various signs of malware. If you used DeFogger than that would have disabled your CD emulation software, assuming you had any installed, but running it again would allow you to undo that step.

So long, and thanks for all the fish.

 

 


#11 Carl P

Carl P
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 21 August 2012 - 03:20 PM

I didn't think so but was curious. I suspect a Microsoft Windows update that was installed, and may have been corrupted or something.

Thanks for the response.

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:46 AM

Posted 28 August 2012 - 02:55 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users