1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan horse Downloader.Generic13.ZUH

Discussion in 'Virus & Other Malware Removal' started by billiebum, Jan 19, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. billiebum

    billiebum Thread Starter

    Joined:
    May 25, 2003
    Messages:
    19
    I wasn't actually aware that my laptop had this until around 12am or so. My AVG came up with a warning saying that it had found a threat that seems to have attached itself to the .exe file of a programme I use probably twice a month or so (the programme itself is a VPN), when I download various tv shows. Because of this, I am unable to actually use the programme at the moment because of the infection.

    AVG provided me with the entire path of the infected file name and followed that up with "Threat name: Trojan horse Downloader.Generic13.ZUH" and "Detected on Open" - whatever the latter means. AVG also provided me with three options - "Move to vault," "Go to file," "Ignore."

    Anyway, my logs are as follows

    ********

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:00:32 a.m., on 20/01/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
    C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Users\Stephanie\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: CurseClientStartup.ccip
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.vizzed.com
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 16910 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
    Run by Stephanie at 18:57:26 on 2013-01-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.3956.1932 [GMT 13:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\tcnz\McciTrayApp.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Users\Stephanie\AppData\Local\Apps\2.0\BMARWGCO.MY8\0W0OLYY6.Q1O\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
    C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\LocationNotifications.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [AdobeBridge] <no file>
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\14962707F62747F584F6473707F647 : DHCPNameServer = 172.16.1.1
    TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\25963636162747F6E602D416C6C602D4F64756C60284F4453505F445 : DHCPNameServer = 192.168.8.1 208.67.222.222
    TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\379746E6569716962707F62747E236F6D6 : DHCPNameServer = 218.185.65.254 61.88.88.88 61.88.88.88
    TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\4556C65636F6D60277962756C65637370286F6473707F647 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\45E4341405534453832473 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\742716E64602348616E63656C6C6F6270275962756C6563737 : DHCPNameServer = 172.17.137.254 202.37.245.20
    TCP: Interfaces\{44759CE1-0297-4231-8E17-26BA5B394C9F}\A556E62657E2E65647E2E6A702D20234F6C657D62657370234F666665656 : DHCPNameServer = 10.10.24.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [tcnz_McciTrayApp] "C:\Program Files\tcnz\McciTrayApp.exe"
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.geonet.org.nz/earthquake/quakes/recent_quakes.html
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdbplug.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Stephanie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Stephanie\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll
    FF - plugin: C:\Users\Stephanie\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-25 202752]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-1-25 844320]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-31 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-31 676936]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-3-10 517632]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-25 62720]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-3 13784]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-5 2320920]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-5 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-1-25 151936]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-7 320040]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-23 25928]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-23 40448]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-1-25 52264]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-1-25 35104]
    S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
    S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\System32\drivers\sscebus.sys [2012-12-9 127488]
    S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\System32\drivers\sscemdfl.sys [2012-12-9 18944]
    S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\System32\drivers\sscemdm.sys [2012-12-9 161280]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-1 1255736]
    S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;C:\Windows\System32\drivers\zgwhsdiag.sys [2010-10-12 122624]
    S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;C:\Windows\System32\drivers\zgwhsmdm.sys [2010-10-12 122624]
    S3 zgwhsnmea;WCDMA Handset NMEA Port;C:\Windows\System32\drivers\zgwhsnmea.sys [2010-10-12 122624]
    .
    =============== Created Last 30 ================
    .
    2013-01-19 13:08:10 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-19 13:08:09 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-19 13:03:11 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-19 13:03:11 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-19 13:03:10 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-19 13:03:09 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-19 13:03:05 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-19 13:03:05 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-19 12:57:25 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-01-19 12:53:15 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-19 12:53:14 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-19 10:30:19 -------- d-----w- C:\Users\Stephanie\AppData\Local\Programs
    2013-01-12 05:51:49 -------- d-----w- C:\Users\Stephanie\.swt
    2013-01-09 14:33:04 55296 ----a-w- C:\Windows\System32\cero.rs
    2013-01-04 08:33:51 -------- d-----w- C:\Users\Stephanie\blueberry
    2012-12-30 20:09:48 -------- d-----w- C:\Users\Stephanie\CSS Layout
    2012-12-25 08:02:16 -------- d-----w- C:\ProgramData\Vizzed
    2012-12-22 14:00:48 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-22 14:00:48 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-22 14:00:47 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-22 14:00:46 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 01:52:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 01:52:19 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ============= FINISH: 19:00:06.42 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 30/06/2010 3:36:09 p.m.
    System Uptime: 20/01/2013 6:46:12 p.m. (1 hours ago)
    .
    Motherboard: Acer | | Aspire 5740
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU 1 | 2244/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 583 GiB total, 331.262 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP240: 10/01/2013 11:27:18 p.m. - Windows Update
    RP241: 19/01/2013 1:50:45 p.m. - Scheduled Checkpoint
    RP242: 19/01/2013 11:52:13 p.m. - Restore Operation
    RP243: 20/01/2013 2:01:35 a.m. - Windows Update
    RP244: 20/01/2013 8:07:56 a.m. - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 4.65
    Acer Arcade Deluxe
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer GameZone Console
    Acer GridVista
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0
    Adobe Photoshop CS5
    Adobe Reader XI (11.0.01)
    AIM 7
    Alcor Micro USB Card Reader
    Alice Greenfingers
    Amazonia
    AoA Audio Extractor
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Artisteer 3
    Assassin's Creed
    ATI Catalyst Install Manager
    AVG 2012
    Backup Manager Basic
    Bejeweled 3
    Bonjour
    Broadcom Gigabit NetLink Controller
    Canon Easy-PhotoPrint EX
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 4.0
    Canon MP280 series MP Drivers
    Canon My Printer
    Canon Solution Menu EX
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Celtx (2.9.1)
    Chicken Invaders 2
    Compatibility Pack for the 2007 Office system
    Curse Client
    Dairy Dash
    Diablo III
    Download Updater (AOL LLC)
    Dream Day First Home
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    ESET Online Scanner v3
    eSobi v2
    Farm Frenzy 2
    FileZilla Client 3.3.5.1
    First Class Flurry
    Free Mp3 Wma Converter V 1.91
    Free RAR Extract Frog
    Futuremark SystemInfo
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    Granny In Paradise
    Heroes of Hellas
    HideIPVPN 1.0.0.2
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Identity Card
    IGG Web3D Player version 1.0.0.38
    ImgBurn
    Intel(R) Management Engine Components
    Intel(R) Turbo Boost Technology Driver
    Intel(R) Turbo Boost Technology Monitor
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 7 Update 5
    Java(TM) 7 Update 5 (64-bit)
    JavaFX 2.1.1
    Junk Mail filter update
    Last.fm 1.5.4.27091
    Launch Manager
    Liquid Story Binder XE version 4.93
    LSI HDA Modem
    Mafia II
    Malwarebytes Anti-Malware version 1.65.1.1000
    MediaFeed
    Merriam Websters Spell Jam
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Mozilla Firefox 17.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyFreeCodec
    MyWinLocker
    Norton Online Backup
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NVIDIA PhysX
    Origin
    PDF Settings CS5
    QuickTime
    Raptr
    Realtek High Definition Audio Driver
    Safari
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Scrivener
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    SimPE 0.72 (alpha)
    Skype Click to Call
    Skype™ 6.0
    Steam
    Synaptics Pointing Device Driver
    Telecom Broadband Assist
    Telecom JoinME
    The Sims Medieval
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 Generations
    The Sims™ 3 Late Night
    The Sims™ 3 Pets
    The Sims™ 3 Seasons
    The Sims™ 3 Showtime
    The Sims™ 3 Supernatural
    The Sims™ 3 World Adventures
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vimeo Uploader
    Visual C++ 9.0 CRT (x86) WinSXS MSM
    Visual C++ 9.0 OpenMP (x86) WinSXS MSM
    Visual Studio 2008 x64 Redistributables
    VLC media player 2.0.1
    Vuze
    Vuze Remote Toolbar
    Welcome Center
    WIDCOMM Bluetooth Software
    WinAVI Video Converter
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinRAR archiver
    World of Warcraft
    yWriter5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20/01/2013 8:16:52 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    20/01/2013 8:16:52 a.m., Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    20/01/2013 6:47:28 p.m., Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
    20/01/2013 12:24:14 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    20/01/2013 12:24:14 a.m., Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    20/01/2013 12:23:54 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    20/01/2013 12:23:54 a.m., Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    20/01/2013 12:23:54 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    20/01/2013 12:20:53 a.m., Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    20/01/2013 1:33:45 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McciCMService64 service to connect.
    20/01/2013 1:33:45 a.m., Error: Service Control Manager [7000] - The McciCMService64 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    18/01/2013 11:13:50 p.m., Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    15/01/2013 7:46:55 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    .
    ==== End Of File ===========================


    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-20 21:10:24
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
    Running: 6hx2g4mb.exe; Driver: C:\Users\STEPHA~1\AppData\Local\Temp\uxliruob.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077c7f85a 1 byte [C3]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll!getJit + 32 0000000074079380 4 bytes [C8, 10, 01, 10]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076f1549c 5 bytes JMP 0000000100080800
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bff991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077bff99b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077bffa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077bffa17 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077bffb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077bffb2f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bffbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077bffbdf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bffc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077bffc0f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bffc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077bffc27 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bffc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077bffc3f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bffc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077bffc6f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bffce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077bffcef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bffcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077bffd07 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bffd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077bffd53 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077bffdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077bffdb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bffe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077bffe4b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077bfff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077bfff93 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c00099 8 bytes {MOV EDX, 0x90028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077c000a3 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077c00781 8 bytes {MOV EDX, 0x90268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077c0078b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077c00ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077c01007 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077c0105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077c01067 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c010a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077c010af 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c0111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077c01127 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c01321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077c0132b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007713103d 5 bytes JMP 0000000100010030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077131072 5 bytes JMP 0000000100010070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000076f1119f 5 bytes JMP 0000000100020030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000076f111cf 5 bytes JMP 0000000100020070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000769a4de0 5 bytes JMP 00000001001603b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000769a4f70 5 bytes JMP 00000001001605f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000769a51a2 5 bytes JMP 00000001001608f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000769a522d 5 bytes JMP 0000000100160a30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000769a5689 5 bytes JMP 00000001001601b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769a58b3 5 bytes JMP 0000000100160170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000769a6bad 5 bytes JMP 0000000100160370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000769a6e05 5 bytes JMP 0000000100160570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000769a6ead 5 bytes JMP 0000000100160530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000769a7180 5 bytes JMP 00000001001606b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000769a7435 5 bytes JMP 0000000100160770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000769a7bcc 5 bytes JMP 00000001001600b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000769a7dc4 5 bytes JMP 00000001001603f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000769a7fd5 5 bytes JMP 0000000100160d70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000769a82b2 5 bytes JMP 0000000100160e30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000769a8401 5 bytes JMP 00000001001609f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000769a879f 5 bytes JMP 00000001001602f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000769a8916 5 bytes JMP 00000001001605b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000769a8b7a 5 bytes JMP 0000000100160970
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000769a8ee6 5 bytes JMP 0000000100160470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000769a9875 5 bytes JMP 0000000100160c70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000769a9936 5 bytes JMP 0000000100160d30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000769aa53a 5 bytes JMP 00000001001609b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000769aaf9f 5 bytes JMP 0000000100160330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!LineTo 00000000769ab9e5 5 bytes JMP 0000000100160430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000769abd55 5 bytes JMP 0000000100160db0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000769ac040 5 bytes JMP 0000000100160130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000769ac107 5 bytes JMP 0000000100160670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000769ac269 5 bytes JMP 00000001001606f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000769ad1f1 5 bytes JMP 0000000100160df0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000769ad349 5 bytes JMP 0000000100160630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000769adce4 5 bytes JMP 0000000100160930
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000769ae743 5 bytes JMP 00000001001600f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000769b03b7 5 bytes JMP 00000001001602b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!Escape 00000000769b1bda 5 bytes JMP 0000000100160270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000769b1e89 5 bytes JMP 0000000100160cf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000769b4843 5 bytes JMP 0000000100160b30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000769b5690 5 bytes JMP 0000000100160b70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!EndPage 00000000769b6bde 5 bytes JMP 0000000100160230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000769be2db 5 bytes JMP 0000000100160ab0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000769c940d 5 bytes JMP 0000000100160cb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000769cc621 5 bytes JMP 0000000100160bb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000769cd2b2 5 bytes JMP 0000000100160bf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000769cd919 5 bytes JMP 0000000100160c30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!AbortDoc 00000000769d3adc 5 bytes JMP 0000000100160030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!EndDoc 00000000769d3f29 5 bytes JMP 00000001001601f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!StartPage 00000000769d401a 5 bytes JMP 0000000100160730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!StartDocW 00000000769d4c51 5 bytes JMP 00000001001607f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000769d53fd 5 bytes JMP 0000000100160830
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!SelectClipPath 00000000769d5454 5 bytes JMP 0000000100160af0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000769d54af 5 bytes JMP 0000000100160070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!EndPath 00000000769d5506 5 bytes JMP 0000000100160a70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!StrokePath 00000000769d573f 5 bytes JMP 00000001001607b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!FillPath 00000000769d57d2 5 bytes JMP 0000000100160870
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!PolylineTo 00000000769d5c44 5 bytes JMP 00000001001604f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000769d5cd5 5 bytes JMP 00000001001604b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\GDI32.dll!PolyDraw 00000000769d5d87 5 bytes JMP 00000001001608b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000076e18c40 5 bytes JMP 0000000100170570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076e19ebd 5 bytes JMP 00000001001702b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076e20afa 5 bytes JMP 00000001001702f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000076e20c62 7 bytes JMP 00000001001705b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetParent 0000000076e20f68 7 bytes JMP 00000001001706f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000076e2112d 7 bytes JMP 00000001001706b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e212a5 5 bytes JMP 00000001001705f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!ScreenToClient 0000000076e2227d 7 bytes JMP 0000000100170670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000076e23150 7 bytes JMP 0000000100170630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076e241f6 5 bytes JMP 0000000100170530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000076e268ef 5 bytes JMP 0000000100170270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000076e277fa 5 bytes JMP 0000000100170230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076e27887 7 bytes JMP 0000000100170730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000076e28676 5 bytes JMP 00000001001700f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000076e28696 5 bytes JMP 0000000100170330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000076e28e8d 5 bytes JMP 00000001001700b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076e28ecb 5 bytes JMP 0000000100170070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 0000000076e2c17b 5 bytes JMP 0000000100170430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000076e2c449 5 bytes JMP 00000001001701b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 0000000076e2c468 5 bytes JMP 00000001001703f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000076e2c486 5 bytes JMP 00000001001701f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076e2c4b6 5 bytes JMP 00000001001704b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000076e2d6c0 5 bytes JMP 00000001001704f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000076e2e360 5 bytes JMP 0000000100170370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000076e58e57 5 bytes JMP 0000000100170170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076e59cfd 5 bytes JMP 0000000100170770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076e59f1d 5 bytes JMP 0000000100170030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000076e77cb9 5 bytes JMP 0000000100170130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000076e78111 5 bytes JMP 0000000100170470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 0000000076e7832f 5 bytes JMP 00000001001703b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000752d9606 5 bytes JMP 00000001001800f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000752e0581 5 bytes JMP 0000000100180130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 00000000752e0bb9 5 bytes JMP 0000000100180270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 00000000752e0c2e 5 bytes JMP 00000001001801b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 00000000752e0f2e 5 bytes JMP 0000000100180070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 00000000752e1096 5 bytes JMP 00000001001800b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000752e124e 5 bytes JMP 00000001001801f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000752e129d 5 bytes JMP 0000000100180230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 00000000752e1527 5 bytes JMP 0000000100180030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000752e1590 5 bytes JMP 0000000100180170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000076c70045 5 bytes JMP 0000000100190030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000076c736b2 5 bytes JMP 0000000100190070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000076c9fdcd 5 bytes JMP 00000001001900b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]

    ---- Threads - GMER 2.0 ----

    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:456] 000007feffae6e50
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:476] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:488] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:492] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:508] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:524] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:536] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:584] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:596] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:608] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:620] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:632] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:644] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:656] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:668] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:680] 000007feff963b90
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3364] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3368] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3372] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3376] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3380] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3384] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3388] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3392] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3396] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3400] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3404] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3408] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3412] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3416] 000007feffa44d00
    Thread C:\PROGRA~2\AVG\AVG2012\avgrsa.exe [448:3420] 000007feffa44d00
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:3872] 00000000733562ee
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:3296] 0000000077c32e25
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4756] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:1120] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:696] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:2044] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:1504] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4136] 0000000063290510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4404] 0000000007b5a510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:2356] 00000000083628ad
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4500] 0000000077c33e45
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4568] 0000000007b5a510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4380] 0000000007b5a510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4728] 0000000007b5a510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4004] 0000000063290510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4924] 0000000063290510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5524] 00000000380b5990
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5668] 0000000063290510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:3640] 0000000063290510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5824] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:2492] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5332] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:1140] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5952] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:6024] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:6056] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5400] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5344] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5408] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5304] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4424] 0000000063290510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5396] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4452] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5412] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:6120] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4712] 0000000063c1b420
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:5844] 0000000063290510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:4768] 0000000063290510
    Thread C:\Program Files (x86)\Steam\Steam.exe [3480:2188] 0000000077c33e45
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4200:6132] 000007fefb572a7c
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:6116] 0000000059b7fee5
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5684] 0000000059b78f6c
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5860] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:336] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5916] 00000000733562ee
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5884] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5416] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:1364] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4340] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4896] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5324] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5484] 0000000077c32e25
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4232] 000000006d4727e1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5360] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:6084] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:2340] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4280] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4336] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:2968] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5628] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5880] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:3112] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4208] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5948] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:1444] 0000000077c33e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5836] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:3724] 00000000736b27c1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5184] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4256] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:2908] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:3696] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:2184] 000000005cd2c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:5972] 0000000077c33e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:1128] 0000000076c3d864
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5420:4196] 000000005cd2c724
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5768:5320] 000007fefb572a7c
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:5660] 0000000059b78f6c
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:4928] 0000000058cfeb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:4696] 0000000058cfeb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:3132] 0000000077c32e25
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:4292] 0000000077c33e45
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:3916] 0000000058cfeb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:5716] 0000000058cfeb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:5516] 000000006d4727e1
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4508:5364] 0000000077c33e45
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2284] 0000000075880000
    Library ? (*** suspicious ***) @ C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe [3332] 0000000071cd0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4376] 0000000063000000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4200] 000007fef0cb0000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [5768] 000007fee7950000

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158bb0d49
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158bb0d49 (not active ControlSet)

    ---- EOF - GMER 2.0 ----
     
  2. billiebum

    billiebum Thread Starter

    Joined:
    May 25, 2003
    Messages:
    19
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Run the fllowing:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  4. billiebum

    billiebum Thread Starter

    Joined:
    May 25, 2003
    Messages:
    19
    Hi, thanks for your reply. My ComboFix log is as follows:

    ComboFix 13-01-21.01 - Stephanie 21/01/2013 20:08:12.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.3956.2562 [GMT 13:00]
    Running from: c:\users\Stephanie\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Common Files\Acer GameZone online.ico
    c:\users\STEPHA~1\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
    c:\users\Stephanie\(HD) WWE SmackDown 12_26_08 WWE Divas Championship Michelle .mp4
    c:\users\Stephanie\002.jpg
    c:\users\Stephanie\404.php
    c:\users\Stephanie\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
    c:\users\Stephanie\AppData\Roaming\inst.exe
    c:\users\Stephanie\Moody Blues - Rock _#39;N_#39; Roll Over You (album version .flv
    c:\windows\SysWow64\muzapp.exe
    c:\windows\Temp\log.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-21 07:23 . 2013-01-21 07:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2013-01-21 07:23 . 2013-01-21 07:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-21 07:23 . 2013-01-21 07:23 -------- d-----w- c:\users\Annie\AppData\Local\temp
    2013-01-21 07:23 . 2013-01-21 07:23 -------- d-----w- c:\users\Annie.Stephanie-PC\AppData\Local\temp
    2013-01-19 13:08 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-19 13:08 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-19 13:03 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-19 13:03 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-19 13:03 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-19 13:03 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-19 13:03 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-19 13:03 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-19 12:57 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-19 12:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-19 12:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-19 10:30 . 2013-01-19 10:30 -------- d-----w- c:\users\Stephanie\AppData\Local\Programs
    2013-01-12 05:51 . 2013-01-19 11:09 -------- d-----w- c:\users\Stephanie\.swt
    2013-01-09 14:33 . 2012-12-07 11:19 55296 ----a-w- c:\windows\system32\cero.rs
    2013-01-04 08:33 . 2009-11-02 23:41 -------- d-----w- c:\users\Stephanie\blueberry
    2012-12-30 20:09 . 2013-01-16 20:16 -------- d-----w- c:\users\Stephanie\CSS Layout
    2012-12-26 09:14 . 2012-12-26 09:14 -------- d-----w- c:\users\Annie.Stephanie-PC\AppData\Local\Apple
    2012-12-25 08:02 . 2012-12-30 21:22 -------- d-----w- c:\programdata\Vizzed
    2012-12-22 20:32 . 2012-12-22 20:32 -------- d-----w- c:\users\Annie.Stephanie-PC\AppData\Local\Macromedia
    2012-12-22 14:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-22 14:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-22 14:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-22 14:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-19 19:11 . 2011-07-19 22:57 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-09 01:52 . 2012-04-04 07:22 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 01:52 . 2011-10-25 03:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-30 04:45 . 2013-01-19 12:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-14 07:06 . 2012-12-13 18:00 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-13 18:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-13 18:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-13 18:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-13 18:00 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-13 18:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-13 18:00 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-13 18:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-13 18:00 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-13 18:00 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-13 18:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-13 18:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-13 18:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-13 18:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-13 18:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-13 18:00 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-13 18:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-13 18:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-13 18:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-13 18:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-13 18:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-13 18:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-12 19:58 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 19:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-02 05:59 . 2012-12-12 19:52 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 05:11 . 2012-12-12 19:52 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-06-13 07:10 2734688 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-08 1354736]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
    "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
    "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
    "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-01 1185112]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-16 252296]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    .
    c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-6-30 0]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-25 113664]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-12 5167736]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-08 160944]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-22 40448]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-02 52264]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-07-14 82816]
    R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2011-12-08 127488]
    R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2011-12-08 18944]
    R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2011-12-08 161280]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-27 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736]
    R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
    R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [2010-01-04 122624]
    R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [2010-01-04 122624]
    R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [2010-01-04 122624]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-25 291680]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-10 202752]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
    S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-11-17 517632]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:52]
    .
    2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 04:09]
    .
    2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 04:09]
    .
    2013-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205260027-3042903247-416545002-1001Core.job
    - c:\users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 10:32]
    .
    2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205260027-3042903247-416545002-1001UA.job
    - c:\users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 10:32]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
    "tcnz_McciTrayApp"="c:\program files\tcnz\McciTrayApp.exe" [2011-11-17 3438592]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1409&m=aspire_5740&r=27360610l906l04d8z145t5451d162
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: vizzed.com\www
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.geonet.org.nz/earthquake/quakes/recent_quakes.html
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-NortonOnlineBackupReminder - c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    Toolbar-Locked - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1205260027-3042903247-416545002-1001\Software\SecuROM\License information*]
    "datasecu"=hex:5b,73,00,97,ae,b0,ad,f0,a5,e7,4e,5c,34,fe,92,90,30,39,26,64,80,
    60,d6,b6,d9,46,4c,d3,e5,f8,c1,14,ad,00,d8,66,42,21,89,14,a3,6d,f6,78,1d,65,\
    "rkeysecu"=hex:ce,29,4f,6b,df,d8,db,39,5d,e7,5b,f9,9f,dd,83,9c
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Motive\McciCMService.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-21 20:40:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-21 07:40
    .
    Pre-Run: 357,504,679,936 bytes free
    Post-Run: 357,937,160,192 bytes free
    .
    - - End Of File - - 0502767E2648FBD9E48C01B102F1AA72
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, do the following:

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those 3 logs, what issues/concerns remain...

    Kevin
     
  6. billiebum

    billiebum Thread Starter

    Joined:
    May 25, 2003
    Messages:
    19
    Hi, thanks again for your reply. The three logs are as follows:

    # AdwCleaner v2.106 - Logfile created 01/21/2013 at 22:28:21
    # Updated 17/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Stephanie - STEPHANIE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Stephanie\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-GB)

    File : C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\zlg3b1wk.default\prefs.js

    [OK] File is clean.

    File : C:\Users\Annie.Stephanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\afl5nth0.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [18808 octets] - [21/01/2013 22:17:27]
    AdwCleaner[S2].txt - [1146 octets] - [21/01/2013 22:28:21]

    ########## EOF - C:\AdwCleaner[S2].txt - [1206 octets] ##########


    C:\Program Files (x86)\Vuze\.install4j\user\BunndleOfferManager.dll a variant of Win32/Bunndle application


    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2012
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    JavaFX 2.1.1
    Java(TM) 7 Update 5
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader XI
    Mozilla Firefox 17.0.1 Firefox out of Date!
    Google Chrome 23.0.1271.97
    Google Chrome 24.0.1312.52
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Do the following:

    Copy all text in the code box (below)...to Notepad.


    Code:
    @echo off
    del /f /s /q "C:\Program Files (x86)\Vuze\.install4j\user\BunndleOfferManager.dll"
    del %0
    
    Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: [​IMG]<--XP [​IMG] <--vista, windows 7
    Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
    The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

    Next,

    Your Java [​IMG] is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    Go to http://java.com/en/ and click on "Do I have Java"
    It will check your current version and then offer to update to the latest version
    Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

    When complete check in Start > Control Panel > UNinstall a Program. Make sure old versions of Java are removed...

    Next,

    Go here www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.
    There maybe an offer of Google Chrome etc, untick those options if offered...

    Let me know if those steps complete, also if any remaining issues or concerns....

    Kevin
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085990

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice