Trojan horse Downloader.Generic13.ZUH

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

billiebum

Thread Starter
Joined
May 25, 2003
Messages
19
I wasn't actually aware that my laptop had this until around 12am or so. My AVG came up with a warning saying that it had found a threat that seems to have attached itself to the .exe file of a programme I use probably twice a month or so (the programme itself is a VPN), when I download various tv shows. Because of this, I am unable to actually use the programme at the moment because of the infection.

AVG provided me with the entire path of the infected file name and followed that up with "Threat name: Trojan horse Downloader.Generic13.ZUH" and "Detected on Open" - whatever the latter means. AVG also provided me with three options - "Move to vault," "Go to file," "Ignore."

Anyway, my logs are as follows

********

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:32 a.m., on 20/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Users\Stephanie\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.vizzed.com
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16910 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by Stephanie at 18:57:26 on 2013-01-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.3956.1932 [GMT 13:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\tcnz\McciTrayApp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Users\Stephanie\AppData\Local\Apps\2.0\BMARWGCO.MY8\0W0OLYY6.Q1O\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\LocationNotifications.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [AdobeBridge] <no file>
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\14962707F62747F584F6473707F647 : DHCPNameServer = 172.16.1.1
TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\25963636162747F6E602D416C6C602D4F64756C60284F4453505F445 : DHCPNameServer = 192.168.8.1 208.67.222.222
TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\379746E6569716962707F62747E236F6D6 : DHCPNameServer = 218.185.65.254 61.88.88.88 61.88.88.88
TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\4556C65636F6D60277962756C65637370286F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\45E4341405534453832473 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\742716E64602348616E63656C6C6F6270275962756C6563737 : DHCPNameServer = 172.17.137.254 202.37.245.20
TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\A556E62657E2E65647E2E6A702D20234F6C657D62657370234F666665656 : DHCPNameServer = 10.10.24.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [tcnz_McciTrayApp] "C:\Program Files\tcnz\McciTrayApp.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.geonet.org.nz/earthquake/quakes/recent_quakes.html
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdbplug.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stephanie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Stephanie\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll
FF - plugin: C:\Users\Stephanie\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-25 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-1-25 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-31 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-31 676936]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-3-10 517632]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-25 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-3 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-5 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-5 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-1-25 151936]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-7 320040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-23 25928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-23 40448]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-1-25 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-1-25 35104]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\System32\drivers\sscebus.sys [2012-12-9 127488]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\System32\drivers\sscemdfl.sys [2012-12-9 18944]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\System32\drivers\sscemdm.sys [2012-12-9 161280]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-1 1255736]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;C:\Windows\System32\drivers\zgwhsdiag.sys [2010-10-12 122624]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;C:\Windows\System32\drivers\zgwhsmdm.sys [2010-10-12 122624]
S3 zgwhsnmea;WCDMA Handset NMEA Port;C:\Windows\System32\drivers\zgwhsnmea.sys [2010-10-12 122624]
.
=============== Created Last 30 ================
.
2013-01-19 13:08:10 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-19 13:08:09 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-19 13:03:11 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-19 13:03:11 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-19 13:03:10 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-19 13:03:09 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-19 13:03:05 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-19 13:03:05 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-19 12:57:25 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-19 12:53:15 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-19 12:53:14 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-19 10:30:19 -------- d-----w- C:\Users\Stephanie\AppData\Local\Programs
2013-01-12 05:51:49 -------- d-----w- C:\Users\Stephanie\.swt
2013-01-09 14:33:04 55296 ----a-w- C:\Windows\System32\cero.rs
2013-01-04 08:33:51 -------- d-----w- C:\Users\Stephanie\blueberry
2012-12-30 20:09:48 -------- d-----w- C:\Users\Stephanie\CSS Layout
2012-12-25 08:02:16 -------- d-----w- C:\ProgramData\Vizzed
2012-12-22 14:00:48 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 14:00:48 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 14:00:47 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 14:00:46 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
==================== Find3M ====================
.
2013-01-09 01:52:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 01:52:19 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 19:00:06.42 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 30/06/2010 3:36:09 p.m.
System Uptime: 20/01/2013 6:46:12 p.m. (1 hours ago)
.
Motherboard: Acer | | Aspire 5740
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU 1 | 2244/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 331.262 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP240: 10/01/2013 11:27:18 p.m. - Windows Update
RP241: 19/01/2013 1:50:45 p.m. - Scheduled Checkpoint
RP242: 19/01/2013 11:52:13 p.m. - Restore Operation
RP243: 20/01/2013 2:01:35 a.m. - Windows Update
RP244: 20/01/2013 8:07:56 a.m. - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Acer Arcade Deluxe
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Photoshop CS5
Adobe Reader XI (11.0.01)
AIM 7
Alcor Micro USB Card Reader
Alice Greenfingers
Amazonia
AoA Audio Extractor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artisteer 3
Assassin's Creed
ATI Catalyst Install Manager
AVG 2012
Backup Manager Basic
Bejeweled 3
Bonjour
Broadcom Gigabit NetLink Controller
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Celtx (2.9.1)
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
Curse Client
Dairy Dash
Diablo III
Download Updater (AOL LLC)
Dream Day First Home
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ESET Online Scanner v3
eSobi v2
Farm Frenzy 2
FileZilla Client 3.3.5.1
First Class Flurry
Free Mp3 Wma Converter V 1.91
Free RAR Extract Frog
Futuremark SystemInfo
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heroes of Hellas
HideIPVPN 1.0.0.2
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Identity Card
IGG Web3D Player version 1.0.0.38
ImgBurn
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Driver
Intel(R) Turbo Boost Technology Monitor
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 7 Update 5
Java(TM) 7 Update 5 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
Last.fm 1.5.4.27091
Launch Manager
Liquid Story Binder XE version 4.93
LSI HDA Modem
Mafia II
Malwarebytes Anti-Malware version 1.65.1.1000
MediaFeed
Merriam Websters Spell Jam
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 17.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
MyWinLocker
Norton Online Backup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA PhysX
Origin
PDF Settings CS5
QuickTime
Raptr
Realtek High Definition Audio Driver
Safari
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scrivener
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SimPE 0.72 (alpha)
Skype Click to Call
Skype™ 6.0
Steam
Synaptics Pointing Device Driver
Telecom Broadband Assist
Telecom JoinME
The Sims Medieval
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Generations
The Sims™ 3 Late Night
The Sims™ 3 Pets
The Sims™ 3 Seasons
The Sims™ 3 Showtime
The Sims™ 3 Supernatural
The Sims™ 3 World Adventures
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vimeo Uploader
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 OpenMP (x86) WinSXS MSM
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
Vuze
Vuze Remote Toolbar
Welcome Center
WIDCOMM Bluetooth Software
WinAVI Video Converter
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
World of Warcraft
yWriter5
.
==== Event Viewer Messages From Past Week ========
.
20/01/2013 8:16:52 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
20/01/2013 8:16:52 a.m., Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/01/2013 6:47:28 p.m., Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
20/01/2013 12:24:14 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
20/01/2013 12:24:14 a.m., Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/01/2013 12:23:54 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
20/01/2013 12:23:54 a.m., Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/01/2013 12:23:54 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
20/01/2013 12:20:53 a.m., Error: Service Control Manager [7022] - The Windows Update service hung on starting.
20/01/2013 1:33:45 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McciCMService64 service to connect.
20/01/2013 1:33:45 a.m., Error: Service Control Manager [7000] - The McciCMService64 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/01/2013 11:13:50 p.m., Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
15/01/2013 7:46:55 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
.
==== End Of File ===========================


GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-20 21:10:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: 6hx2g4mb.exe; Driver: C:\Users\STEPHA~1\AppData\Local\Temp\uxliruob.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077c7f85a 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll!getJit + 32 0000000074079380 4 bytes [C8, 10, 01, 10]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076f1549c 5 bytes JMP 0000000100080800
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bff991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077bff99b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077bffa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077bffa17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077bffb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077bffb2f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bffbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077bffbdf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bffc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077bffc0f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bffc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077bffc27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bffc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077bffc3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bffc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077bffc6f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bffce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077bffcef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bffcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077bffd07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bffd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077bffd53 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077bffdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077bffdb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bffe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077bffe4b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077bfff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077bfff93 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c00099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077c000a3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077c00781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077c0078b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077c00ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077c01007 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077c0105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077c01067 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c010a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077c010af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c0111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077c01127 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c01321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077c0132b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007713103d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077131072 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000076f1119f 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000076f111cf 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000769a4de0 5 bytes JMP 00000001001603b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000769a4f70 5 bytes JMP 00000001001605f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000769a51a2 5 bytes JMP 00000001001608f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000769a522d 5 bytes JMP 0000000100160a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000769a5689 5 bytes JMP 00000001001601b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769a58b3 5 bytes JMP 0000000100160170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000769a6bad 5 bytes JMP 0000000100160370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000769a6e05 5 bytes JMP 0000000100160570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000769a6ead 5 bytes JMP 0000000100160530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000769a7180 5 bytes JMP 00000001001606b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000769a7435 5 bytes JMP 0000000100160770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769a7bcc 5 bytes JMP 00000001001600b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000769a7dc4 5 bytes JMP 00000001001603f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000769a7fd5 5 bytes JMP 0000000100160d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000769a82b2 5 bytes JMP 0000000100160e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000769a8401 5 bytes JMP 00000001001609f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000769a879f 5 bytes JMP 00000001001602f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000769a8916 5 bytes JMP 00000001001605b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000769a8b7a 5 bytes JMP 0000000100160970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000769a8ee6 5 bytes JMP 0000000100160470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000769a9875 5 bytes JMP 0000000100160c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000769a9936 5 bytes JMP 0000000100160d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000769aa53a 5 bytes JMP 00000001001609b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000769aaf9f 5 bytes JMP 0000000100160330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!LineTo 00000000769ab9e5 5 bytes JMP 0000000100160430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000769abd55 5 bytes JMP 0000000100160db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000769ac040 5 bytes JMP 0000000100160130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000769ac107 5 bytes JMP 0000000100160670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000769ac269 5 bytes JMP 00000001001606f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000769ad1f1 5 bytes JMP 0000000100160df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000769ad349 5 bytes JMP 0000000100160630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000769adce4 5 bytes JMP 0000000100160930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769ae743 5 bytes JMP 00000001001600f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000769b03b7 5 bytes JMP 00000001001602b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!Escape 00000000769b1bda 5 bytes JMP 0000000100160270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000769b1e89 5 bytes JMP 0000000100160cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000769b4843 5 bytes JMP 0000000100160b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000769b5690 5 bytes JMP 0000000100160b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!EndPage 00000000769b6bde 5 bytes JMP 0000000100160230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000769be2db 5 bytes JMP 0000000100160ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000769c940d 5 bytes JMP 0000000100160cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000769cc621 5 bytes JMP 0000000100160bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000769cd2b2 5 bytes JMP 0000000100160bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000769cd919 5 bytes JMP 0000000100160c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!AbortDoc 00000000769d3adc 5 bytes JMP 0000000100160030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!EndDoc 00000000769d3f29 5 bytes JMP 00000001001601f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!StartPage 00000000769d401a 5 bytes JMP 0000000100160730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!StartDocW 00000000769d4c51 5 bytes JMP 00000001001607f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000769d53fd 5 bytes JMP 0000000100160830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SelectClipPath 00000000769d5454 5 bytes JMP 0000000100160af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000769d54af 5 bytes JMP 0000000100160070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!EndPath 00000000769d5506 5 bytes JMP 0000000100160a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!StrokePath 00000000769d573f 5 bytes JMP 00000001001607b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!FillPath 00000000769d57d2 5 bytes JMP 0000000100160870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!PolylineTo 00000000769d5c44 5 bytes JMP 00000001001604f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000769d5cd5 5 bytes JMP 00000001001604b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!PolyDraw 00000000769d5d87 5 bytes JMP 00000001001608b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000076e18c40 5 bytes JMP 0000000100170570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076e19ebd 5 bytes JMP 00000001001702b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076e20afa 5 bytes JMP 00000001001702f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000076e20c62 7 bytes JMP 00000001001705b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetParent 0000000076e20f68 7 bytes JMP 00000001001706f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000076e2112d 7 bytes JMP 00000001001706b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e212a5 5 bytes JMP 00000001001705f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!ScreenToClient 0000000076e2227d 7 bytes JMP 0000000100170670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000076e23150 7 bytes JMP 0000000100170630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076e241f6 5 bytes JMP 0000000100170530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000076e268ef 5 bytes JMP 0000000100170270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000076e277fa 5 bytes JMP 0000000100170230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076e27887 7 bytes JMP 0000000100170730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000076e28676 5 bytes JMP 00000001001700f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000076e28696 5 bytes JMP 0000000100170330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000076e28e8d 5 bytes JMP 00000001001700b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076e28ecb 5 bytes JMP 0000000100170070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 0000000076e2c17b 5 bytes JMP 0000000100170430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000076e2c449 5 bytes JMP 00000001001701b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 0000000076e2c468 5 bytes JMP 00000001001703f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000076e2c486 5 bytes JMP 00000001001701f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076e2c4b6 5 bytes JMP 00000001001704b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000076e2d6c0 5 bytes JMP 00000001001704f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000076e2e360 5 bytes JMP 0000000100170370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000076e58e57 5 bytes JMP 0000000100170170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076e59cfd 5 bytes JMP 0000000100170770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076e59f1d 5 bytes JMP 0000000100170030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000076e77cb9 5 bytes JMP 0000000100170130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000076e78111 5 bytes JMP 0000000100170470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 0000000076e7832f 5 bytes JMP 00000001001703b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000752d9606 5 bytes JMP 00000001001800f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000752e0581 5 bytes JMP 0000000100180130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 00000000752e0bb9 5 bytes JMP 0000000100180270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 00000000752e0c2e 5 bytes JMP 00000001001801b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 00000000752e0f2e 5 bytes JMP 0000000100180070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 00000000752e1096 5 bytes JMP 00000001001800b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000752e124e 5 bytes JMP 00000001001801f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000752e129d 5 bytes JMP 0000000100180230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 00000000752e1527 5 bytes JMP 0000000100180030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000752e1590 5 bytes JMP 0000000100180170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000076c70045 5 bytes JMP 0000000100190030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000076c736b2 5 bytes JMP 0000000100190070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000076c9fdcd 5 bytes JMP 00000001001900b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]

---- Threads - GMER 2.0 ----

Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:456] 000007feffae6e50
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:476] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:488] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:492] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:508] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:524] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:536] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:584] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:596] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:608] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:620] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:632] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:644] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:656] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:668] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:680] 000007feff963b90
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3364] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3368] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3372] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3376] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3380] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3384] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3388] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3392] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3396] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3400] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3404] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3408] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3412] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3416] 000007feffa44d00
Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3420] 000007feffa44d00
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:3872] 00000000733562ee
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:3296] 0000000077c32e25
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4756] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:1120] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:696] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:2044] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:1504] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4136] 0000000063290510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4404] 0000000007b5a510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:2356] 00000000083628ad
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4500] 0000000077c33e45
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4568] 0000000007b5a510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4380] 0000000007b5a510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4728] 0000000007b5a510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4004] 0000000063290510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4924] 0000000063290510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5524] 00000000380b5990
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5668] 0000000063290510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:3640] 0000000063290510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5824] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:2492] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5332] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:1140] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5952] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:6024] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:6056] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5400] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5344] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5408] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5304] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4424] 0000000063290510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5396] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4452] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5412] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:6120] 00000000301a81ce
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4712] 0000000063c1b420
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5844] 0000000063290510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4768] 0000000063290510
Thread C:\Program Files (x86)\Steam\Steam.exe [3480:2188] 0000000077c33e45
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4200:6132] 000007fefb572a7c
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:6116] 0000000059b7fee5
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5684] 0000000059b78f6c
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5860] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:336] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5916] 00000000733562ee
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5884] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5416] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:1364] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4340] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4896] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5324] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5484] 0000000077c32e25
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4232] 000000006d4727e1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5360] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:6084] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:2340] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4280] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4336] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:2968] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5628] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5880] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:3112] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4208] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5948] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:1444] 0000000077c33e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5836] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:3724] 00000000736b27c1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5184] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4256] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:2908] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:3696] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:2184] 000000005cd2c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5972] 0000000077c33e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:1128] 0000000076c3d864
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4196] 000000005cd2c724
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5768:5320] 000007fefb572a7c
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:5660] 0000000059b78f6c
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:4928] 0000000058cfeb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:4696] 0000000058cfeb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:3132] 0000000077c32e25
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:4292] 0000000077c33e45
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:3916] 0000000058cfeb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:5716] 0000000058cfeb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:5516] 000000006d4727e1
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:5364] 0000000077c33e45
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2284] 0000000075880000
Library ? (*** suspicious ***) @ C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe [3332] 0000000071cd0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4376] 0000000063000000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4200] 000007fef0cb0000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [5768] 000007fee7950000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158bb0d49
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158bb0d49 (not active ControlSet)

---- EOF - GMER 2.0 ----
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,451
Run the fllowing:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 

billiebum

Thread Starter
Joined
May 25, 2003
Messages
19
Hi, thanks for your reply. My ComboFix log is as follows:

ComboFix 13-01-21.01 - Stephanie 21/01/2013 20:08:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.3956.2562 [GMT 13:00]
Running from: c:\users\Stephanie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\STEPHA~1\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\users\Stephanie\(HD) WWE SmackDown 12_26_08 WWE Divas Championship Michelle .mp4
c:\users\Stephanie\002.jpg
c:\users\Stephanie\404.php
c:\users\Stephanie\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\users\Stephanie\AppData\Roaming\inst.exe
c:\users\Stephanie\Moody Blues - Rock _#39;N_#39; Roll Over You (album version .flv
c:\windows\SysWow64\muzapp.exe
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
.
.
2013-01-21 07:23 . 2013-01-21 07:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-21 07:23 . 2013-01-21 07:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-21 07:23 . 2013-01-21 07:23 -------- d-----w- c:\users\Annie\AppData\Local\temp
2013-01-21 07:23 . 2013-01-21 07:23 -------- d-----w- c:\users\Annie.Stephanie-PC\AppData\Local\temp
2013-01-19 13:08 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-19 13:08 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-19 13:03 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-19 13:03 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-19 13:03 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-19 13:03 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-19 13:03 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-19 13:03 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-19 12:57 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-19 12:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-19 12:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-19 10:30 . 2013-01-19 10:30 -------- d-----w- c:\users\Stephanie\AppData\Local\Programs
2013-01-12 05:51 . 2013-01-19 11:09 -------- d-----w- c:\users\Stephanie\.swt
2013-01-09 14:33 . 2012-12-07 11:19 55296 ----a-w- c:\windows\system32\cero.rs
2013-01-04 08:33 . 2009-11-02 23:41 -------- d-----w- c:\users\Stephanie\blueberry
2012-12-30 20:09 . 2013-01-16 20:16 -------- d-----w- c:\users\Stephanie\CSS Layout
2012-12-26 09:14 . 2012-12-26 09:14 -------- d-----w- c:\users\Annie.Stephanie-PC\AppData\Local\Apple
2012-12-25 08:02 . 2012-12-30 21:22 -------- d-----w- c:\programdata\Vizzed
2012-12-22 20:32 . 2012-12-22 20:32 -------- d-----w- c:\users\Annie.Stephanie-PC\AppData\Local\Macromedia
2012-12-22 14:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 14:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 14:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 14:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-19 19:11 . 2011-07-19 22:57 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 01:52 . 2012-04-04 07:22 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 01:52 . 2011-10-25 03:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-30 04:45 . 2013-01-19 12:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 18:00 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 18:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 18:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 18:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 18:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 18:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 18:00 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 18:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 18:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 18:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 18:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 18:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 18:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 18:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 18:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 18:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 18:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 18:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 18:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 18:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 18:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 18:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 19:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 19:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 19:52 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 19:52 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-06-13 07:10 2734688 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-08 1354736]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-01 1185112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-16 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-6-30 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-25 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-12 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-08 160944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-22 40448]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-02 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-07-14 82816]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2011-12-08 127488]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2011-12-08 18944]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2011-12-08 161280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-27 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [2010-01-04 122624]
R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [2010-01-04 122624]
R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [2010-01-04 122624]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-25 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-10 202752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-11-17 517632]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:52]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 04:09]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 04:09]
.
2013-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205260027-3042903247-416545002-1001Core.job
- c:\users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 10:32]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205260027-3042903247-416545002-1001UA.job
- c:\users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 10:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"tcnz_McciTrayApp"="c:\program files\tcnz\McciTrayApp.exe" [2011-11-17 3438592]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.geonet.org.nz/earthquake/quakes/recent_quakes.html
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-NortonOnlineBackupReminder - c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1205260027-3042903247-416545002-1001\Software\SecuROM\License information*]
"datasecu"=hex:5b,73,00,97,ae,b0,ad,f0,a5,e7,4e,5c,34,fe,92,90,30,39,26,64,80,
60,d6,b6,d9,46,4c,d3,e5,f8,c1,14,ad,00,d8,66,42,21,89,14,a3,6d,f6,78,1d,65,\
"rkeysecu"=hex:ce,29,4f,6b,df,d8,db,39,5d,e7,5b,f9,9f,dd,83,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-01-21 20:40:45 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-21 07:40
.
Pre-Run: 357,504,679,936 bytes free
Post-Run: 357,937,160,192 bytes free
.
- - End Of File - - 0502767E2648FBD9E48C01B102F1AA72
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,451
OK, do the following:

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Next,

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those 3 logs, what issues/concerns remain...

Kevin
 

billiebum

Thread Starter
Joined
May 25, 2003
Messages
19
Hi, thanks again for your reply. The three logs are as follows:

# AdwCleaner v2.106 - Logfile created 01/21/2013 at 22:28:21
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stephanie - STEPHANIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Stephanie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-GB)

File : C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\prefs.js

[OK] File is clean.

File : C:\Users\Annie.Stephanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\afl5nth0.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [18808 octets] - [21/01/2013 22:17:27]
AdwCleaner[S2].txt - [1146 octets] - [21/01/2013 22:28:21]

########## EOF - C:\AdwCleaner[S2].txt - [1206 octets] ##########


C:\Program Files (x86)\Vuze\.install4j\user\BunndleOfferManager.dll a variant of Win32/Bunndle application


Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader XI
Mozilla Firefox 17.0.1 Firefox out of Date!
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,451
Do the following:

Copy all text in the code box (below)...to Notepad.


Code:
@echo off
del /f /s /q "C:\Program Files (x86)\Vuze\.install4j\user\BunndleOfferManager.dll"
del %0
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this:
<--XP
<--vista, windows 7
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Next,

Your Java
is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

When complete check in Start > Control Panel > UNinstall a Program. Make sure old versions of Java are removed...

Next,

Go here www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.
There maybe an offer of Google Chrome etc, untick those options if offered...

Let me know if those steps complete, also if any remaining issues or concerns....

Kevin
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top