Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default Annoying popups and slowness.

    Hi guys,

    Thanks for your willingness to help with all of this.
    I have a work computer that has been randomly opening pages and running slowly at times.
    I've run the required spyware/malware programs and deleted everything that came up.
    I'm hoping someone is able to look at the logs and let me know if there is anything else there that I need to remove.

    Cheers


    Super antispyware log:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/09/2013 at 03:09 PM

    Application Version : 5.6.1018

    Core Rules Database Version : 10373
    Trace Rules Database Version: 8185

    Scan type : Complete Scan
    Total Scan Time : 00:28:09

    Operating System Information
    Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 737
    Memory threats detected : 0
    Registry items scanned : 74208
    Registry threats detected : 0
    File items scanned : 82260
    File threats detected : 356

    Trojan.Agent/Gen-Kazy
    C:\$RECYCLE.BIN\S-1-5-21-4013523473-2947983006-3160469227-1003\$R0Z83XD.EXE
    C:\SCRIPTS\PRINTER_INSTALL.EXE
    C:\SCRIPTS\LOGIN.EXE
    C:\SCRIPTS\LOGIN TO NETWORK.LNK
    C:\SCRIPTS\PRINTER_INSTALL64.EXE
    C:\SCRIPTS\WILTJA\LOGIN.EXE

    Adware.Tracking Cookie
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\LAAI1Q2A.txt [ /statcounter.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\V2UM5YW7.txt [ /ad.yieldmanager.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\8W919O97.txt [ /c14.zedo.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\NJS45T3F.txt [ /tribalfusion.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\Y519HEUL.txt [ /media6degrees.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\JH5IVAZ0.txt [ /apmebf.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\7IXHRSMB.txt [ /fastclick.net ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\376A1A13.txt [ /www.burstnet.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\0W3VVVGK.txt [ /atdmt.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\3BZD5SU3.txt [ /ru4.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\S5RQN4QZ.txt [ /revsci.net ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\DZG0I9X9.txt [ /invitemedia.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\U59W1548.txt [ /ad.propellerads.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\0WM39E6N.txt [ /ox-d.rocketadserver.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\MLIXJEG4.txt [ /doubleclick.net ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\37CD02V2.txt [ /imrworldwide.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\03LA9EHL.txt [ /zedo.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\VPE1OO3X.txt [ /serving-sys.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\8HGRX1HS.txt [ /mediaplex.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\OH5520TL.txt [ /at.atwola.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\8U3C27ZZ.txt [ /ad.zanox.com ]
    C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Cookies\Z8G1UD1B.txt [ /casalemedia.com ]
    C:\USERS\STAFF\AppData\Roaming\Microsoft\Windows\Cookies\Low\EEH70EU0.txt [ Cookie:mike hayes@ad.yieldmanager.com/ ]
    C:\USERS\STAFF\Cookies\LAAI1Q2A.txt [ Cookie:mike hayes@statcounter.com/ ]
    C:\USERS\STAFF\Cookies\V2UM5YW7.txt [ Cookie:mike hayes@ad.yieldmanager.com/ ]
    C:\USERS\STAFF\Cookies\NJS45T3F.txt [ Cookie:mike hayes@tribalfusion.com/ ]
    C:\USERS\STAFF\Cookies\JH5IVAZ0.txt [ Cookie:mike hayes@apmebf.com/ ]
    C:\USERS\STAFF\Cookies\7IXHRSMB.txt [ Cookie:mike hayes@fastclick.net/ ]
    C:\USERS\STAFF\Cookies\3BZD5SU3.txt [ Cookie:mike hayes@ru4.com/ ]
    C:\USERS\STAFF\Cookies\S5RQN4QZ.txt [ Cookie:mike hayes@revsci.net/ ]
    C:\USERS\STAFF\Cookies\MLIXJEG4.txt [ Cookie:mike hayes@doubleclick.net/ ]
    C:\USERS\STAFF\Cookies\37CD02V2.txt [ Cookie:mike hayes@imrworldwide.com/cgi-bin ]
    C:\USERS\STAFF\Cookies\03LA9EHL.txt [ Cookie:mike hayes@zedo.com/ ]
    C:\USERS\STAFF\Cookies\8HGRX1HS.txt [ Cookie:mike hayes@mediaplex.com/ ]
    C:\USERS\STAFF\Cookies\OH5520TL.txt [ Cookie:mike hayes@at.atwola.com/ ]
    C:\USERS\STAFF\Cookies\8U3C27ZZ.txt [ Cookie:mike hayes@ad.zanox.com/ ]
    C:\USERS\STAFF\Cookies\Z8G1UD1B.txt [ Cookie:mike hayes@casalemedia.com/ ]
    .atdmt.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    va.marketer.lpsnmedia.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    va.marketer.lpsnmedia.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adxpose.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ad.mlnadvertising.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    va.marketer.lpsnmedia.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    va.marketer.lpsnmedia.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    va.marketer.lpsnmedia.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .histats.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .histats.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .specificclick.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .n4061ad.jp.doubleclick.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .googleads.g.doubleclick.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    dc.tremormedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .histats.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    web.clickztrak.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    web.clickztrak.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.cpallmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ad.xtendmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ad.xtendmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ad.xtendmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.zanox.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.zanox.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    c0.histats.12mlbe.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.adseekmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.adseekmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.adseekmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.adseekmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .eyeviewads.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.adseekmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.adseekmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bridge.sf.admarketplace.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bridge.sf.admarketplace.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .admarketplace.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com.au [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    Welcome to Computer Fulfillment's MediaView Website [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .247realmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    oasc08011.247realmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .247realmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    click2trax.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    click2trax.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sales.liveperson.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .optus.112.2o7.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sales.liveperson.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .iinet.122.2o7.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    a.intentmedia.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    BurstMedia [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    BurstMedia [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    BurstMedia [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mm.chitika.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .linksynergy.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .112.2o7.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver.itsfogo.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    jmp.clickbooth.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickbooth.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.cpallmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    media.sensis.com.au [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.webtrackerplus.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickfuse.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickfuse.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickfuse.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver.newbay-media.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver.newbay-media.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    statse.webtrendslive.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    pulse-analytics-beacon.reutersmedia.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    creative.xtendmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    seth.avazutracking.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .avazutracking.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .seth.avazutracking.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .seth.avazutracking.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .avazutracking.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .seth.avazutracking.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .avazutracking.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserving.unibet.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    creative.xtendmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.adserverplus.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    core.saymedia.com [ C:\USERS\STAFF\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GDLEK9MZ ]
    ia.media-imdb.com [ C:\USERS\STAFF\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GDLEK9MZ ]

    Trojan.Agent/Gen-Bifrose
    C:\USERS\STAFF\DESKTOP\LOGIN TO NETWORK.EXE
    C:\USERS\STAFF\DOWNLOADS\LOGIN.EXE
    C:\SCRIPTS\WILTJA LOGIN 32.EXE



    Malwarebytes log:

    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.04.04.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mike Hayes :: TH00DBDF0BDDF9 [administrator]

    10/05/2013 9:19:37 AM
    MBAM-log-2013-05-10 (12-05-34).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 517330
    Time elapsed: 37 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 4
    HKCR\CLSID\{5D37E21A-3857-9A6A-0FFD-2D06DF8AACD3} (Adware.MultiPlug) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D37E21A-3857-9A6A-0FFD-2D06DF8AACD3} (Adware.MultiPlug) -> No action taken.
    HKCR\CLSID\{B271A67E-7C65-95A9-5EEE-ACA3BC0E459E} (Adware.MultiPlug) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B271A67E-7C65-95A9-5EEE-ACA3BC0E459E} (Adware.MultiPlug) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 7
    C:\ProgramData\BBrowsye2savve\516f751acefb7.dll (Adware.MultiPlug) -> No action taken.
    C:\ProgramData\EbooekBrowse\516f752ff4054.dll (Adware.MultiPlug) -> No action taken.
    C:\Users\Staff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\773Y5ULU\516f751ae6912[1].exe (Adware.MultiPlug) -> No action taken.
    C:\Users\Staff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHWPK0D\516f753018736[1].exe (Adware.MultiPlug) -> No action taken.
    C:\Users\Staff\AppData\Local\Temp\{E71585F4-A7A3-4187-A36C-EF813CF6A702}\Addons\ebook_extension_setup.exe (Adware.MultiPlug) -> No action taken.
    C:\Users\Staff\Downloads\Setup (1).exe (PUP.Bundle.Installer.OI) -> No action taken.
    C:\Users\Staff\Downloads\setup.exe (PUP.BundleInstaller.VG) -> No action taken.

    (end)


    HijackThis log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:44:04 PM, on 10/05/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16450)


    Boot mode: Normal

    Running processes:
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Users\Staff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Staff\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.136.176.52:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 172.27.143.10;172.27.143.11
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Staff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
    O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
    O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3B920105-4E06-408F-A124-071952E54DCD}: NameServer = 198.142.0.51 61.88.88.88
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F260AF-7E3F-471C-A1B7-ADAFEEF995BC}: NameServer = 198.142.0.51 61.88.88.88
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Optus Mobile Broadband. OUC (Optus Mobile Broadband. RunOuc) - Unknown owner - C:\Program Files (x86)\Optus Mobile Broadband\UpdateDog\ouc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    --
    End of file - 14712 bytes

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.



    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:




    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Hi Fireman4it,

    No problem with the delay, I understand that you guys are busy. I really appreciate your help.
    I've tried to download the above tools you requested but as this is a work laptop with some restrictions in place I've been blocked. I will try do it when I'm at home and not using my work network.
    The problem seems to have resolved itself as far as the popups are concerned but I did another spyware and Malware scan and it's still finding piles of infections.

    Cheers

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Please run the programs I posted above if you still want help with this issue. If you don't want any further help please let me know so we can close this topic.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Hi Fireman,

    Below are the requested logs. I think they're all there.

    Cheers
    Haynzy

    DDS log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/07/2012 12:37:36 PM
    System Uptime: 15/05/2013 3:00:19 PM (6 hours ago)
    .
    Motherboard: Dell Inc. | | 085X6F
    Processor: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz | CPU | 1601/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 119 GiB total, 18.466 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&12A8\8&39D47E63&0&0088658593C0_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&12A8\8&39D47E63&0&0088658593C0_C00000000
    Service:
    .
    Class GUID:
    Description:
    Device ID: ACPI\INT33A0\0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\INT33A0\0
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&12A8\8&39D47E63&0&0088658593C0_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&12A8\8&39D47E63&0&0088658593C0_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&12A8\8&39D47E63&0&0088658593C0_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&12A8\8&39D47E63&0&0088658593C0_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe Creative Suite 5.5 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Reader XI (11.0.02)
    Adobe Shockwave Player 11.6
    Adobe Shockwave Player 12.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.3.14 (Unicode)
    AuSIL Yolngu
    BBrowsye2savve
    Bonjour
    BrowseToSave 1.74
    ChordPulse
    ClickView Player
    cs5
    Cypress TrackPad
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    Dropbox
    e-tax 2012
    EasyGPS 4.58
    EbooekBrowse
    eMusic Download Manager
    eMusic Download Manager 6
    EPSON Scan
    EPSON WorkForce 435 Series Printer Uninstall
    ETDWare PS/2-X64 8.0.6.0_WHQL
    Evernote v. 4.6.3
    FormatFactory 2.80
    Fresco Logic USB3.0 Host Controller
    FX MathPack
    Garmin Communicator Plugin
    Garmin Communicator Plugin x64
    Google Chrome
    Google Drive
    Google Earth
    Google SketchUp 8
    Google Update Helper
    GSAK 8.2.0.11
    iCloud
    ImgBurn
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    Intel(R) Rapid Storage Technology
    Intel® PROSet/Wireless WiFi Software
    iTunes
    Java 7 Update 21
    Java Auto Updater
    Java(TM) 6 Update 29 (64-bit)
    JavaFX 2.1.1
    K-Lite Codec Pack 8.0.0 (Full)
    Logger Pro 3
    Logger Pro 3.8.3
    LSI HDA Modem
    Malwarebytes Anti-Malware version 1.75.0.1300
    McAfee Security Scan Plus
    MediaCoder x64 2011
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Forefront Endpoint Protection 2010
    Microsoft Forefront Endpoint Protection 2010 Server Management
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office XP Media Content
    Microsoft Security Client
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Optus Mobile Broadband
    Photo Story 3 for Windows
    Python 2.6.5
    QuickTime
    Realtek High Definition Audio Driver
    Scratch
    SecondLifeViewer (remove only)
    Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 64-Bit Edition
    SMART Common Platform
    SMART Education Software 2011
    SMART English (United Kingdom) Language Pack
    SMART Notebook
    SUPERAntiSpyware
    swMSM
    Text-to-Speech
    TI Connect 1.6
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2598289) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    Vernier Experiments
    Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
    Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
    X-Sheet Invoicing
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/05/2013 10:02:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1346.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://dogmatix Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80072ee2 Error description: The operation timed out
    15/05/2013 9:43:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1871.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://dogmatix Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    14/05/2013 11:14:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1805.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://dogmatix Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80072ee2 Error description: The operation timed out
    13/05/2013 10:11:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1754.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://dogmatix Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/05/2013 12:01:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    12/05/2013 12:01:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Optus Mobile Broadband. OUC service to connect.
    12/05/2013 12:01:48 PM, Error: Service Control Manager [7000] - The Optus Mobile Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/05/2013 8:11:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1718.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://dogmatix Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/05/2013 6:28:42 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    11/05/2013 3:36:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1595.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://dogmatix Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    10/05/2013 8:57:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1562.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://dogmatix Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80072ee2 Error description: The operation timed out
    10/05/2013 4:38:27 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    .
    ==== End Of File ===========================



    GMER log

    GMER 2.1.19163 - GMER - Rootkit Detector and Remover
    Rootkit scan 2013-05-15 22:02:22
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.CXM1 119.24GB
    Running: ys8irhw7.exe; Driver: C:\Users\Staff\AppData\Local\Temp\pgrcapow.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Users\Staff\AppData\Roaming\Dropbox\bin\Dropbox.exe[3632] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Users\Staff\AppData\Roaming\Dropbox\bin\Dropbox.exe[3632] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4564] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4564] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    ? C:\Windows\system32\mssprxy.dll [7068] entry point in ".rdata" section 0000000074df71e6
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x2c9e28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x2c9e68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x2c9da8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x2c9d28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x2c9f28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x2c9f68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x2c9ee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x2c9ea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x2c9c68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x2c9ca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x2c9c28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x2c9de8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x2c9d68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x2c9ce8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x423628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x423668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x4235a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x423528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x423728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x423768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x4236e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x4236a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x423468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x4234a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x423428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x4235e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x423568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x4234e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0xf4be28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0xf4be68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0xf4bda8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0xf4bd28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0xf4bf28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0xf4bf68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0xf4bee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0xf4bea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0xf4bc68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0xf4bca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0xf4bc28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0xf4bde8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0xf4bd68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0xf4bce8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x8be628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x8be668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x8be5a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x8be528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x8be728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x8be768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x8be6e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x8be6a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x8be468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x8be4a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x8be428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x8be5e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x8be568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x8be4e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x442228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x442268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x4421a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x442128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x442328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x442368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x4422e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x4422a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x442068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x4420a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x442028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x4421e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x442168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x4420e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0xc6f228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0xc6f268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0xc6f1a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0xc6f128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0xc6f328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0xc6f368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0xc6f2e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0xc6f2a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0xc6f068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0xc6f0a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0xc6f028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0xc6f1e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0xc6f168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0xc6f0e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x516a28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x516a68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x5169a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x516928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x516b28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x516b68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x516ae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x516aa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x516868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x5168a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x516828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x5169e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x516968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x5168e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x2c3a28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x2c3a68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x2c39a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x2c3928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x2c3b28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x2c3b68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x2c3ae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x2c3aa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x2c3868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x2c38a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x2c3828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x2c39e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x2c3968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x2c38e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x163e28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x163e68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x163da8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x163d28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x163f28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x163f68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x163ee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x163ea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x163c68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x163ca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x163c28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x163de8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x163d68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x163ce8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x2ae628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x2ae668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x2ae5a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x2ae528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x2ae728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x2ae768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x2ae6e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x2ae6a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x2ae468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x2ae4a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x2ae428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x2ae5e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x2ae568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x2ae4e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0xb7228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0xb7268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0xb71a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0xb7128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0xb7328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0xb7368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0xb72e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0xb72a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0xb7068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0xb70a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0xb7028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0xb71e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0xb7168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0xb70e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x8bde28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x8bde68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x8bdda8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x8bdd28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x8bdf28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x8bdf68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x8bdee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x8bdea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x8bdc68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x8bdca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x8bdc28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x8bdde8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x8bdd68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x8bdce8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0xed7228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0xed7268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0xed71a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0xed7128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0xed7328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0xed7368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0xed72e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0xed72a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0xed7068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0xed70a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0xed7028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0xed71e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0xed7168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0xed70e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0xceaa28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0xceaa68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0xcea9a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0xcea928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0xceab28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0xceab68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0xceaae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0xceaaa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0xcea868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0xcea8a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0xcea828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0xcea9e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0xcea968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0xcea8e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x712628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x712668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x7125a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x712528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x712728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x712768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x7126e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x7126a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x712468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x7124a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x712428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x7125e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x712568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x7124e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0x9c8228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0x9c8268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0x9c81a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0x9c8128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0x9c8328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0x9c8368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0x9c82e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0x9c82a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0x9c8068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0x9c80a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0x9c8028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0x9c81e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0x9c8168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0x9c80e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a8f991 7 bytes {MOV EDX, 0xe65a28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a8fbd5 7 bytes {MOV EDX, 0xe65a68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a8fc05 7 bytes {MOV EDX, 0xe659a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a8fc1d 7 bytes {MOV EDX, 0xe65928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a8fc35 7 bytes {MOV EDX, 0xe65b28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a8fc65 7 bytes {MOV EDX, 0xe65b68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a8fce5 7 bytes {MOV EDX, 0xe65ae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a8fcfd 7 bytes {MOV EDX, 0xe65aa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a8fd49 7 bytes {MOV EDX, 0xe65868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a8fe41 7 bytes {MOV EDX, 0xe658a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a90099 7 bytes {MOV EDX, 0xe65828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a910a5 7 bytes {MOV EDX, 0xe659e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a9111d 7 bytes {MOV EDX, 0xe65968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a91321 7 bytes {MOV EDX, 0xe658e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077181465 2 bytes [18, 77]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771814bb 2 bytes [18, 77]
    .text ... * 2
    .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[5956] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1 0000000077479b81 11 bytes {MOV EAX, 0xffffffffebd56980; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX}
    .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[5956] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff4675f0 5 bytes JMP 000007ffff3000d8
    .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[5956] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff701180 5 bytes JMP 000007ffff3001b8
    .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[5956] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff701320 7 bytes JMP 000007ffff300148
    .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[5956] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff704450 6 bytes JMP 000007ffff300110
    .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[5956] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff706720 10 bytes JMP 000007ffff300180

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00dbdf0bddfc
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00dbdf0bddfc@0088658593c0 0xB1 0xB8 0xD9 0xB7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00dbdf0c46f2
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3958140a8
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 8742
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2662
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00dbdf0bddfc (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00dbdf0bddfc@0088658593c0 0xB1 0xB8 0xD9 0xB7 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00dbdf0c46f2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3958140a8 (not active ControlSet)

    ---- EOF - GMER 2.1 ----

    aswMBR log

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-05-15 22:05:17
    -----------------------------
    22:05:17.544 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:05:17.544 Number of processors: 4 586 0x2A07
    22:05:17.545 ComputerName: TH00DBDF0BDDF9 UserName: Mike Hayes
    22:05:17.738 Initialize success
    22:05:42.665 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    22:05:42.667 Disk 0 Vendor: SAMSUNG_ CXM1 Size: 122104MB BusType: 3
    22:05:42.727 Disk 0 MBR read successfully
    22:05:42.730 Disk 0 MBR scan
    22:05:42.732 Disk 0 Windows 7 default MBR code
    22:05:42.736 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 121793 MB offset 2048
    22:05:42.740 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 249434112
    22:05:42.812 Disk 0 scanning C:\Windows\system32\drivers
    22:05:45.595 Service scanning
    22:05:46.726 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    22:05:48.251 Modules scanning
    22:05:48.258 Disk 0 trace - called modules:
    22:05:48.264 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
    22:05:48.268 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800610d060]
    22:05:48.274 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8003c49050]
    22:05:48.279 Scan finished successfully
    22:06:04.141 Disk 0 MBR has been saved successfully to "C:\Users\Staff\Desktop\MBR.dat"
    22:06:04.147 The log file has been saved successfully to "C:\Users\Staff\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-05-15 22:08:12
    -----------------------------
    22:08:12.835 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:08:12.836 Number of processors: 4 586 0x2A07
    22:08:12.836 ComputerName: TH00DBDF0BDDF9 UserName: Mike Hayes
    22:08:12.955 Initialize success
    22:08:18.948 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    22:08:18.950 Disk 0 Vendor: SAMSUNG_ CXM1 Size: 122104MB BusType: 3
    22:08:18.997 Disk 0 MBR read successfully
    22:08:19.000 Disk 0 MBR scan
    22:08:19.002 Disk 0 Windows 7 default MBR code
    22:08:19.005 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 121793 MB offset 2048
    22:08:19.008 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 249434112
    22:08:19.066 Disk 0 scanning C:\Windows\system32\drivers
    22:08:21.127 Service scanning
    22:08:22.188 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    22:08:23.752 Modules scanning
    22:08:23.759 Disk 0 trace - called modules:
    22:08:23.764 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    22:08:23.768 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800610d060]
    22:08:24.096 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8003c49050]
    22:08:24.101 Scan finished successfully
    22:08:39.720 Disk 0 MBR has been saved successfully to "C:\Users\Staff\Desktop\MBR.dat"
    22:08:39.725 The log file has been saved successfully to "C:\Users\Staff\Desktop\aswMBR.txt"

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click the delete button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.



    2.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Thanks,

    Here is the AdwCleaner log and the Rogue Killer log


    # AdwCleaner v2.301 - Logfile created 05/23/2013 at 21:22:08
    # Updated 16/05/2013 by Xplode
    # Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
    # User : Mike Hayes - TH00DBDF0BDDF9
    # Boot Mode : Normal
    # Running from : C:\Users\Staff\Desktop\Clean Up\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files (x86)\Perion
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\BBrowsye2savve
    Folder Deleted : C:\ProgramData\EbooekBrowse
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBrowsye2savve
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbooekBrowse
    Folder Deleted : C:\ProgramData\SoftSafe
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppoijdejkfkmcjfncppgmcbjahhfffe
    Folder Deleted : C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdebbfefmfcdgiphkkahjlheoienjaol
    Folder Deleted : C:\Users\Staff\AppData\Local\PutLockerDownloader
    Folder Deleted : C:\Users\Staff\AppData\Local\Zoom_Downloader
    Folder Deleted : C:\Users\Staff\AppData\LocalLow\incredibar.com
    Folder Deleted : C:\Users\Staff\AppData\Roaming\Babylon

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\AppDataLow\SProtector
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\5cedfd0e239ed13
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\IB Updater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\5cedfd0e239ed13
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E5B7E1B4-21FC-6765-A3D7-BA0416DC6AF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
    Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16450

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=781900DBDF0BDDF9 --> hxxp://www.google.com

    -\\ Google Chrome v26.0.1410.64

    File : C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.2457] : homepage = "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=781900DBDF0BDDF9",
    Deleted [l.3167] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId[...]

    File : C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.2457] : homepage = "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=781900DBDF0BDDF9",
    Deleted [l.3167] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId[...]

    File : C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.2457] : homepage = "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=781900DBDF0BDDF9",
    Deleted [l.3167] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId[...]

    File : C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.2457] : homepage = "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=781900DBDF0BDDF9",
    Deleted [l.3167] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId[...]

    *************************

    AdwCleaner[R1].txt - [8238 octets] - [23/05/2013 20:39:16]
    AdwCleaner[R2].txt - [8305 octets] - [23/05/2013 20:40:50]
    AdwCleaner[R3].txt - [8424 octets] - [23/05/2013 21:19:52]
    AdwCleaner[S1].txt - [336 octets] - [23/05/2013 20:41:06]
    AdwCleaner[S2].txt - [7994 octets] - [23/05/2013 21:22:08]

    ########## EOF - C:\AdwCleaner[S2].txt - [8054 octets] ##########


    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mike Hayes [Admin rights]
    Mode : Scan -- Date : 05/23/2013 21:33:58
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] ouc.exe -- C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{3B920105-4E06-408F-A124-071952E54DCD} : NameServer (198.142.0.51 61.88.88.88) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{F0F260AF-7E3F-471C-A1B7-ADAFEEF995BC} : NameServer (198.142.0.51 61.88.88.88) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{3B920105-4E06-408F-A124-071952E54DCD} : NameServer (198.142.0.51 61.88.88.88) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{F0F260AF-7E3F-471C-A1B7-ADAFEEF995BC} : NameServer (198.142.0.51 61.88.88.88) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG SSD PM830 mSATA +++++
    --- User ---
    [MBR] 4d7f85619f58b2fcf89620f687c8eeb6
    [BSP] c348e0e21e073355bae57f5456738469 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 121793 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 249434112 | Size: 300 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_05232013_02d2133.txt >>
    RKreport[1]_S_05232013_02d2133.txt

  8. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    • Re-Run RogueKiller
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Delete
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    2.
    • Re-Run RogueKiller
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click DNSFIX
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    How is the machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. #9
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mike Hayes [Admin rights]
    Mode : Remove -- Date : 05/24/2013 12:17:38
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{3B920105-4E06-408F-A124-071952E54DCD} : NameServer (198.142.0.51 61.88.88.88) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{F0F260AF-7E3F-471C-A1B7-ADAFEEF995BC} : NameServer (198.142.0.51 61.88.88.88) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{3B920105-4E06-408F-A124-071952E54DCD} : NameServer (198.142.0.51 61.88.88.88) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{F0F260AF-7E3F-471C-A1B7-ADAFEEF995BC} : NameServer (198.142.0.51 61.88.88.88) -> NOT REMOVED, USE DNSFIX
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    Thanks Fireman,

    The New Rogue Killer log.


    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG SSD PM830 mSATA +++++
    --- User ---
    [MBR] 4d7f85619f58b2fcf89620f687c8eeb6
    [BSP] c348e0e21e073355bae57f5456738469 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 121793 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 249434112 | Size: 300 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3]_D_05242013_02d1217.txt >>
    RKreport[1]_S_05232013_02d2133.txt ; RKreport[2]_S_05242013_02d1216.txt ; RKreport[3]_D_05242013_02d1217.txt



    I'm still getting 112 "threats detected" in SuperAntiSpyware.
    I haven't been to any dodgy websites, so is this something I need to do something about or is it just from harmless banner ads?

    Cheers

  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    • Re-Run RogueKiller
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click DNSFIX
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 3 123 LastLast