Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple laptop problems


  • This topic is locked This topic is locked
34 replies to this topic

#1 gstark

gstark

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 07 September 2009 - 11:37 AM

A few days ago I left for work and left my laptop on with no one else at home. I can home later to find that my computer had restarted at some point and was on the username screen. I chose my user name and within a few minutes I had a box that came up and said something like NT authority\system and remote procedure call (RPC) service termintaed unexpectantly and windows must shut down and it did so within 60 seconds. I attempted this a few more times with the same result. I then tried a system restore but was unable to even from safe mode and under the ADMIN login. The button was missing and I would get a message about system resore has been disabled by the admin. I seem to be able to keep the computer on when I unplug my wireless router but a few minutes after I plug the router back in i get the closedown message again. Also, when I first click my username from the username screen I get a message that says registry editing has been disabled by your administrator. One other thing...when I was able to connect to the net for a few seconds from the laptop, I would hit google looking for help. However all my hits were redirected to a "Toseeka" search page...

So I was able to download and run dds with the help of another computer but I was not able to run Root Repeal. For some reason the program is hanging up on me and I get the Initializing, please wait screen for 20+minutes. Below is my dds post. Any and all help would be please very appreciated!!!


DDS (Ver_09-07-30.01) - NTFSx86
Run by Bryan at 11:42:55.56 on Mon 09/07/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1278.763 [GMT -4:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Bryan\My Documents\Power Video Converter\AKProg\AKProg.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Autosizer\AutoSizer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"C:\DOCUME~1\Bryan\LOCALS~1\Temp\svchost.exe"
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Bryan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com/
mStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\smss.exe
BHO: c:\windows\system32\tajf83ikdmf.dll: {bf56a325-23f2-42ad-f4e4-00aac39caa53} - c:\windows\system32\tajf83ikdmf.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [AutoSizer] "c:\program files\autosizer\AutoSizer.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Windows System Recover!] c:\docume~1\bryan\locals~1\temp\svchost.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PopUpKiller] c:\program files\popup killer\popupkiller.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
dRun: [minix32] c:\windows\system32\minix32.exe
dRun: [AntiSpyware Service] c:\windows\temp\oh935slc.exe
dRun: [Windows System Recover!] c:\windows\temp\debug.exe
mExplorerRun: [application] c:\documents and settings\bryan\my documents\power video converter\akprog\AKProg.exe hs
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2F6265C6-3D7D-44B9-97FE-3993B9248EC1} - hxxp://smashmash.tv/InstallSmashMashPlugin.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231974967747
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231974950362
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.wsu.edu/sp/mallcam/AxisCamControl.ocx
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://cornucopia3.hannaford.com/webmail0200a/dwa8W.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://cornucopia2.hannaford.com/webmail0200a/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Name-Space Handler: ftp\Cute.IEClickMonitor - {1E5AFA70-F67A-11D3-8620-0090279BA8F9} - c:\documents and settings\bryan\my documents\cuteftp\CuteLink.dll
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
STS: c:\windows\system32\tajf83ikdmf.dll: {bf56a325-23f2-42ad-f4e4-00aac39caa53} - c:\windows\system32\tajf83ikdmf.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 4096]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2006-5-24 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2005-10-26 4224]
R1 Avg7RsXP;AVG7 Rezident Driver;c:\windows\system32\drivers\avg7rsxp.sys [2006-3-16 27776]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-4-19 3968]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2006-12-27 3968]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2006-12-10 10760]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-5-18 372824]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-9-19 41456]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 204800]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2005-12-8 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2005-10-26 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2005-12-8 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2005-10-26 4960]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;c:\windows\system32\svchost.exe -k netsvcs [2009-1-14 12800]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-09-04 19:11 <DIR> --d----- c:\program files\KB824146Scan
2009-09-04 16:16 <DIR> --d----- C:\00533316974dac78bd
2009-09-04 07:10 43,520 a------- c:\windows\system32\drivers\smss.exe
2009-09-04 07:10 1,860,096 a------- c:\windows\system32\AVR09.exe
2009-09-04 07:10 20,992 a------- c:\windows\system32\winhelper.dll
2009-09-04 07:10 53,248 a------- c:\windows\system32\winupdate.exe
2009-09-04 07:10 15,000 a------- c:\windows\system32\tajf83ikdmf.dll
2009-08-21 18:39 585,736 a------- c:\windows\system32\minix32.exe
2009-08-21 18:39 <DIR> --d----- c:\program files\Windows Antivirus Pro
2009-08-09 20:29 1,308 a------- c:\windows\wininit.ini
2009-08-09 17:22 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-08-09 17:22 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-08-09 17:22 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-09 17:21 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-08-09 12:47 <DIR> --d----- c:\docume~1\bryan\applic~1\Logs
2009-08-09 12:41 208,900 a------- c:\windows\system32\msxml71.dll
2009-08-09 12:40 37,257 a------- c:\windows\system32\net.net

==================== Find3M ====================

2008-07-12 17:34 0 a------- c:\documents and settings\bryan\~.exe
2008-01-17 20:21 10,420,936 a------- c:\program files\xlviewer.exe
2007-09-14 21:01 312,314 a------- c:\program files\xmplay342.zip
2006-09-13 07:39 1,181,812 a------- c:\program files\flvplayer_setup.exe
2005-05-18 17:09 865 a------- c:\program files\fixdesktop.zip

============= FINISH: 11:45:32.79 ===============

Attached Files


Edited by gstark, 07 September 2009 - 12:01 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 22 September 2009 - 05:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 gstark

gstark
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 22 September 2009 - 07:44 PM

Thank you for your response.

My problems have gone from bad to worse. After posting the above problems it was suggested to me by a friend to run Spybot. It found many infections, all of which I had spybot fix. However, after that I attempted to reboot my laptop and now I am unable to do anything. If I start the computer normally I will be brought to the username screen where I will pick my username. After clicking the icon the desktop will begin to load. Then I will get a message that says Windows Explorer has enountered a problem and needs to close and no icons, start button, or taskbar will be loaded on the desktop. I tried to start in safe mode and login under admin and I get the same thing. Im not sure how to go about running anything at this point...

Very frustrated!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 25 September 2009 - 08:17 PM

Hi gstark,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

When you boot into safe mode are you booting into safe mode without networking?

If so, what exactly is happening when you press F8 to go in?

If not, please try to get to safe mode without networking. If we can get that then we've got a start point. :(
Posted Image
m0le is a proud member of UNITE

#5 gstark

gstark
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 26 September 2009 - 05:39 PM

Hi M0le. Thanks for your help!!

I start the laptop and press F8 and get the screen that asks for my choice. I arrow to Safe Mode (not with networking) and hit enter. It loads the username screen. I click on administrator and as soon as it goes to the next screen I get a windows error box that pops up and says "Windows Explorer has encountered a problem and needs to close... etc" I click the "dont send" button. And thats all I get. No taskbar, no start button, no icons... Just the black screen that says safe mode in the corners and the type of windows I have running (xp build 2600.xpsp2.050301-1526:service Pack 1). Nothing else loads

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 26 September 2009 - 07:01 PM

Hi gstark,

We may have no choice but to reformat and reinstall here after the Spybot run.

Please read this article about how to troubleshoot non-starting PCs. When you get to the part about it getting more complicated and involving reinstallation then post back.

Let me know what, if anything, happened during the fix.

In the meantime I will do some research and hit up a few techies for ideas. :(
Posted Image
m0le is a proud member of UNITE

#7 gstark

gstark
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 26 September 2009 - 08:41 PM

Thanks m0le

Where can I find that article?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 27 September 2009 - 04:42 AM

Sorry, forgot the link. :(

Link
Posted Image
m0le is a proud member of UNITE

#9 gstark

gstark
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 30 September 2009 - 07:31 AM

Well m0le I tried all those suggestions with no luck...

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 30 September 2009 - 05:20 PM

The next step would be to try and run an emergency disc recovery.

Download and burn Dr.Web LiveCD from another clean computer first..

From another clean computer, go to this website for instruction on how to create a bootable Dr.Web LiveCD

GO HERE and download the Dr.Web LiveCD .iso file from the most below link option. Then burn the .iso file into a blank CD/DVD.. Refer HERE for "Free ISO Burner" page and tutorial..


After you successfully create the CD, simply put the CD into your infected computer CD/DVD ROM and proceed with below step..

First, we need to get into BIOS to configure boot priority.. Visit this website for tutorial on how to set first Boot Device to CD/DVD ROM


After that you should be able to reboot into Normal Mode, Please post that this is where you have reached.

If after the LiveCD step you cannot boot into normal mode then let me know.
Posted Image
m0le is a proud member of UNITE

#11 gstark

gstark
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 02 October 2009 - 05:42 PM

Hey M0le, please be patient with me :(

I went to ftp://ftp.drweb.com/pub/drweb/livecd/ and downloaded just the iso file with my clean pc. I then went to http://www.freeisoburner.com/ and downloaded that program. I opened the program and in the top box i put the path to where I had downloaded the iso file. In the 2nd box I put in my cd-rw drive. Then I clicked burn. I then got this error message "Failed to write ISO image, Error: Hardware Error 14848."

Am I doing something wrong?

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 02 October 2009 - 06:32 PM

That message is usually that the drive is faulty or the CD-rw is damaged.

Try another CD-RW disk first :(
Posted Image
m0le is a proud member of UNITE

#13 gstark

gstark
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 04 October 2009 - 04:15 PM

Ok m0le

I was finally able to get that disc burned and I ran it on my infected computer. It found a few things that I either cured or deleted. However as soon as I rebooted normally I got the same Windows Explorer needs to close error message and nothing else loaded from that point including the taskbar, start button, or any icons

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:33 PM

Posted 04 October 2009 - 05:12 PM

You are extremely infected.

Let's try another recovery program.

Your PC is very infected and we need to run a tool which will disinfect it to a usable state.

Please download VIPRE
  • If you are able, download the rescue program to the infected computer, otherwise download the VIPRE Rescue Program onto a USB drive or some other removable media.
  • Plug the media into the infected computer.
  • Navigate to the directory that contains the VIPRE Rescue Program.
  • Double-click on VIPRERescue5221.exe
  • At the prompt, "Do you wish to extract the VIPRE Rescue Scanner to your computer?" click Yes.
  • You will be prompted for a destination folder to unzip to. Keep the default (C:\VIPRERESCUE) or enter a new folder, then click Unzip. Make sure the checkbox for "When done unzipping open: .\quick_scan.bat" is checked.
  • The VIPRE Rescue Program will download the files into the destination folder. Click OK at the prompt.
  • The VIPRE Rescue Program will open a command line window and run a quick scan.
Please copy/paste the log found in an xml file in this folder: C:\VIPRERESCUE
Posted Image
m0le is a proud member of UNITE

#15 gstark

gstark
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 04 October 2009 - 08:36 PM

<SBCSThreatEngineResults version="3.1.2837"><summary scanGUID="{95CC6CED-51D9-4D68-AC6C-7DB2CA90FA39}" scanDescription="" threatDefinitionVersion="5429"><scannerResults><numThreats found="28" ignored="0"/><numTracesScanned cookies="0" registry="25439" files="109677" folders="9595" processes="28" archives="0" procModule="1003" procMemory="0" threads="0" sysModules="131" ssdt="284" ntdllExport="1410" ntosExport="1466" hookIAT="98" scanSysEnter="1" hookDevice="858" hookCodeSectionRing0="13" hookCodeSectionRing3="37" MBR="0" total="150040"/><numTracesFound cookies="0" registry="160" files="29" folders="1" processes="1" archives="0" procModule="9" procMemory="0" threads="0" sysModules="2" ssdt="0" ntdllExport="0" ntosExport="0" hookIAT="18" scanSysEnter="0" hookDevice="0" hookCodeSectionRing0="0" hookCodeSectionRing3="27" MBR="0" total="247"/><dateTimeStampUTC start="2009-10-04T23:49:20" end="2009-10-05T01:03:25"/><errors/></scannerResults><cleanerResults><numThreats deleted="0" quarantined="0" ignored="0" reportonly="0" total="0"/><dateTimeStampUTC start="" end=""/><errors/></cleanerResults></summary><scannerOptions scanAllLocalDrives="true" excludeRemovableDrives="true" scanCookies="false" scanProcesses="true" scanProcessThread="true" scanRegistry="true" scanProcessesDeep="true" suspendActiveThreats="true" scanAllUsers="true" useFileNameAndCRC8="true" dontCalcCRC8="false" scanCommonTactics="true" scanArchives="false" scanKnownFileTypes="false" recursiveFileScan="true" findLowRiskThreats="true" keepScanRecord="true" maxCheckFileLen="6291456" minCheckFileLen="0" scanVipreSuspicious="false" scanDerivatives="true" scanRootkits="true" scanProcessMemory="true" scanSystemModule="true" ssdt="true" ntdllExport="true" ntosExport="true" hookIAT="true" scanSysEnter="true" scanDevice="true" scanCodeSectionRing0="true" scanCodeSectionRing3="true" scanMBR="true"><userIncludedPaths/><userExcludedPaths/><ignoredThreats/></scannerOptions><cleanerOptions/><threats><threat id="2719" name="Explorer32.Hijacker" level="3" category="Hijacker" type="Adware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Hijackers are software programs that modify users' default browser home page, search settings, error page settings, or desktop wallpaper without adequate notice, disclosure, or user consent. When the default home page is hijacked, the browser opens to the web page set by the hijacker instead of the user's designated home page. In some cases, the hijacker may block users from restoring their desired home page. A search hijacker redirects search results to other pages and may transmit search and browsing data to unknown servers. An error page hijacker directs the browser to another page, usually an advertising page, instead of the usual error page when the requested URL is not found. A desktop hijacker replaces the desktop wallpaper with advertising for products and services on the desktop.</desc><threatAdviceDetails>This is an elevated risk and should be removed or quarantined as it may compromise your privacy and security, make unwanted changes to your computer's settings, and negatively impact your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="3" dispValue="HKEY_USERS\.DEFAULT\Software\XML -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v=".DEFAULT\Software\XML"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-18\Software\XML -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-18\Software\XML"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig10 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig10"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig13 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig13"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig15 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig15"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig17 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig17"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig18 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig18"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig19 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig19"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig20 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig20"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig21 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig21"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig23 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig23"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig24 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig24"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig25 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig25"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig27 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig27"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig29 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig29"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig3 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig3"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig30 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig30"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig31 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig31"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig35 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig35"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig36 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig36"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig37 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig37"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig4 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig4"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig5 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig5"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig6 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig6"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig7 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig7"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig8 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig8"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\dig9 4"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="4"/><attr n="valueName" v="dig9"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str0 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str0"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str1 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str1"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str10 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str10"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str128 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str128"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str129 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str129"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str13 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str13"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str130 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str130"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str131 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str131"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str132 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str132"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str133 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str133"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str14 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str14"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str15 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str15"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str16 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str16"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str17 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str17"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str19 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str19"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str2 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str2"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str22 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str22"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str23 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str23"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str25 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str25"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str26 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str26"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str28 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str28"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str29 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str29"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str31 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str31"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str34 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str34"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str35 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str35"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str36 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str36"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str38 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str38"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str5 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str5"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str6 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str6"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str7 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str7"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str8 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str8"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML\str9 1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\XML"/><attr n="valueType" v="1"/><attr n="valueName" v="str9"/></trace></traces></threat><threat id="14891" name="Activity Logger" level="3" category="Commercial Key Logger" type="Surveillance Tool" quarantineId="" adviseType="3" canQuarantine="true" author="Deep Software" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL>softactivity.com</authorURL><desc>A Commercial Key Logger is a program that captures and logs keystrokes as they are entered on the computer for the purpose of monitoring the user. The logged data, which may be encrypted, is saved or sent to the person who installed the key logger. These applications often run in stealth mode and are invisible to the user that is being monitored. Such key loggers are sold commercially and may be used legitimately if deployed by authorized administrators and disclosed to the persons being monitored, as in a business environment. The use of a key logger to monitor persons without their knowledge has been ruled illegal in at least one jurisdiction.</desc><threatAdviceDetails>This is an elevated risk and should be removed or quarantined as it may compromise your privacy and security, make unwanted changes to your computer's settings, and negatively impact your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="3" dispValue="HKEY_USERS\.DEFAULT\Software\Softactivity -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v=".DEFAULT\Software\Softactivity"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_USERS\.DEFAULT\Software\Softactivity\cstorage -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v=".DEFAULT\Software\Softactivity\cstorage"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-18\Software\Softactivity -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-18\Software\Softactivity"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-18\Software\Softactivity\cstorage -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-18\Software\Softactivity\cstorage"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\SoftActivity -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\SoftActivity"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\SoftActivity\SAgent -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\SoftActivity\SAgent"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\SoftActivity\Sniffer -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\SoftActivity\Sniffer"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\SoftActivity\Sniffer\Options -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\SoftActivity\Sniffer\Options"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace></traces></threat><threat id="14895" name="Actual Spy" level="3" category="Commercial Key Logger" type="Surveillance Tool" quarantineId="" adviseType="3" canQuarantine="true" author="Actual Spy" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL>actualspy.com</authorURL><desc>A Commercial Key Logger is a program that captures and logs keystrokes as they are entered on the computer for the purpose of monitoring the user. The logged data, which may be encrypted, is saved or sent to the person who installed the key logger. These applications often run in stealth mode and are invisible to the user that is being monitored. Such key loggers are sold commercially and may be used legitimately if deployed by authorized administrators and disclosed to the persons being monitored, as in a business environment. The use of a key logger to monitor persons without their knowledge has been ruled illegal in at least one jurisdiction.</desc><threatAdviceDetails>This is an elevated risk and should be removed or quarantined as it may compromise your privacy and security, make unwanted changes to your computer's settings, and negatively impact your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\Documents and Settings\Bryan\My Documents\Power Video Converter\AKProg\hprog.dll"><attr n="hidden" v="true"/><attr n="path" v="C:\Documents and Settings\Bryan\My Documents\Power Video Converter\AKProg\hprog.dll"/><attr n="fileSize" v="20480"/><attr n="crc8" v="00504DE4D6D1440D"/><attr n="md5" v="00B166A7AF6230481D202307EB353522"/><attr n="detectionType" v="1"/></trace></traces></threat><threat id="29324" name="Beyond Keylogger" level="3" category="Commercial Key Logger" type="Surveillance Tool" quarantineId="" adviseType="3" canQuarantine="true" author="Supremtec" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL>supremtec.com</authorURL><desc>A Commercial Key Logger is a program that captures and logs keystrokes as they are entered on the computer for the purpose of monitoring the user. The logged data, which may be encrypted, is saved or sent to the person who installed the key logger. These applications often run in stealth mode and are invisible to the user that is being monitored. Such key loggers are sold commercially and may be used legitimately if deployed by authorized administrators and disclosed to the persons being monitored, as in a business environment. The use of a key logger to monitor persons without their knowledge has been ruled illegal in at least one jurisdiction.</desc><threatAdviceDetails>This is an elevated risk and should be removed or quarantined as it may compromise your privacy and security, make unwanted changes to your computer's settings, and negatively impact your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="c:\WINDOWS\SYSTEM32\dxtmsft.dll"><attr n="path" v="c:\WINDOWS\SYSTEM32\dxtmsft.dll"/><attr n="fileSize" v="351744"/><attr n="md5" v="4C7BBFC4DA80A19826996794E2371406"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584} -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584} 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\gcnflFvpsofhf -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\gcnflFvpsofhf"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\gcnflFvpsofhf 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\gcnflFvpsofhf"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\InprocServer32 -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\InprocServer32"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\InprocServer32 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\InprocServer32"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\InprocServer32\ThreadingModel 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\InprocServer32"/><attr n="valueType" v="1"/><attr n="valueName" v="ThreadingModel"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\jeurkrrqmjpZ -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\jeurkrrqmjpZ"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\jeurkrrqmjpZ 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\jeurkrrqmjpZ"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\KyzlgIdnksW -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\KyzlgIdnksW"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\KyzlgIdnksW 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\KyzlgIdnksW"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\oswemODcEbj -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\oswemODcEbj"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\oswemODcEbj 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\oswemODcEbj"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\ProgID -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\ProgID"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\ProgID 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\ProgID"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\Programmable -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\Programmable"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\SyeskSo -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\SyeskSo"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\SyeskSo 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\SyeskSo"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\ToolBoxBitmap32 -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\ToolBoxBitmap32"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\ToolBoxBitmap32 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\ToolBoxBitmap32"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\VersionIndependentProgID -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\VersionIndependentProgID"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\VersionIndependentProgID 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\VersionIndependentProgID"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\wsAGCacH -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\wsAGCacH"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\wsAGCacH 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="Software\Classes\CLSID\{AC7A39DD-F2C0-4816-1896-E16526BA5584}\wsAGCacH"/><attr n="valueType" v="1"/><attr n="valueName" v=""/></trace></traces></threat><threat id="42005" name="Actual Keylogger" level="3" category="Commercial Key Logger" type="Surveillance Tool" quarantineId="" adviseType="3" canQuarantine="true" author="Actual Spy Software" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL>actualkeylogger.com</authorURL><desc>A Commercial Key Logger is a program that captures and logs keystrokes as they are entered on the computer for the purpose of monitoring the user. The logged data, which may be encrypted, is saved or sent to the person who installed the key logger. These applications often run in stealth mode and are invisible to the user that is being monitored. Such key loggers are sold commercially and may be used legitimately if deployed by authorized administrators and disclosed to the persons being monitored, as in a business environment. The use of a key logger to monitor persons without their knowledge has been ruled illegal in at least one jurisdiction.</desc><threatAdviceDetails>This is an elevated risk and should be removed or quarantined as it may compromise your privacy and security, make unwanted changes to your computer's settings, and negatively impact your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\Documents and Settings\Bryan\My Documents\Power Video Converter\AKProg\AKProg.exe"><attr n="hidden" v="true"/><attr n="path" v="C:\Documents and Settings\Bryan\My Documents\Power Video Converter\AKProg\AKProg.exe"/><attr n="fileSize" v="522752"/><attr n="crc8" v="00FA3DAC3A9D346E"/><attr n="md5" v="62444D331DCD0BD8CA8E00B984445AF5"/><attr n="detectionType" v="1"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Keylogger -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Keylogger"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Keylogger\enabled 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Keylogger"/><attr n="valueType" v="4"/><attr n="valueName" v="enabled"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Keylogger\path 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Keylogger"/><attr n="valueType" v="1"/><attr n="valueName" v="path"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Keylogger\show_only_char 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Keylogger"/><attr n="valueType" v="4"/><attr n="valueName" v="show_only_char"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Keylogger\spy_only_char 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Keylogger"/><attr n="valueType" v="4"/><attr n="valueName" v="spy_only_char"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\clear 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="clear"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\encrypt 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="encrypt"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\hide_desktop 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="hide_desktop"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\hide_folder 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="hide_folder"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\hide_on_startup 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="hide_on_startup"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\hide_start 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="hide_start"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\hide_uninstall 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="hide_uninstall"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\hotkey 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="1"/><attr n="valueName" v="hotkey"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\max_text 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="max_text"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\pass 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="pass"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\pass_txt 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="1"/><attr n="valueName" v="pass_txt"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\path_log 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="1"/><attr n="valueName" v="path_log"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\remind 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="remind"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\run_word 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="1"/><attr n="valueName" v="run_word"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\search_case 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="search_case"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\shutdown 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="shutdown"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\spy 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="spy"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\spy_on_start 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="spy_on_start"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Main\start_on_startup 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Main"/><attr n="valueType" v="4"/><attr n="valueName" v="start_on_startup"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Report -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Report"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Report\logs 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Report"/><attr n="valueType" v="1"/><attr n="valueName" v="logs"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Report\mode 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Report"/><attr n="valueType" v="4"/><attr n="valueName" v="mode"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Report\onepage 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Report"/><attr n="valueType" v="4"/><attr n="valueName" v="onepage"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Report\reccount 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Report"/><attr n="valueType" v="4"/><attr n="valueName" v="reccount"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AKProgram\Test -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\AKProgram\Test"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1 -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\DisplayIcon 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="DisplayIcon"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\DisplayName 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="DisplayName"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\HelpLink 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="HelpLink"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\Inno Setup: App Path 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="Inno Setup: App Path"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\Inno Setup: Deselected Tasks 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="Inno Setup: Deselected Tasks"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\Inno Setup: Icon Group 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="Inno Setup: Icon Group"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\Inno Setup: No Icons 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="4"/><attr n="valueName" v="Inno Setup: No Icons"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\Inno Setup: Selected Tasks 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="Inno Setup: Selected Tasks"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\Inno Setup: Setup Version 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="Inno Setup: Setup Version"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\Inno Setup: User 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="Inno Setup: User"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\InstallLocation 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="InstallLocation"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\NoModify 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="4"/><attr n="valueName" v="NoModify"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\NoRepair 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="4"/><attr n="valueName" v="NoRepair"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\Publisher 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="Publisher"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\QuietUninstallString 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="QuietUninstallString"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\UninstallString 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="UninstallString"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\URLInfoAbout 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="URLInfoAbout"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1\URLUpdateInfo 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Actual Keylogger_is1"/><attr n="valueType" v="1"/><attr n="valueName" v="URLUpdateInfo"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-21-3215049280-3870243804-3514081493-1007\Software\AKProgram -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-21-3215049280-3870243804-3514081493-1007\Software\AKProgram"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace></traces></threat><threat id="43521" name="Trojan.FakeAlert" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="c:\WINDOWS\SYSTEM32\tajf83ikdmf.dll"><attr n="path" v="c:\WINDOWS\SYSTEM32\tajf83ikdmf.dll"/><attr n="fileSize" v="15000"/><attr n="crc8" v="983AA6CD28F57EC9"/><attr n="md5" v="6972CC469DF7FDF34B77034A815C5FD7"/><attr n="detectionType" v="9"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53} -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\CLASSES\CLSID\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53} -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace></traces></threat><threat id="389665" name="All In One Keylogger (v)" level="3" category="Commercial Key Logger" type="Surveillance Tool" quarantineId="" adviseType="3" canQuarantine="true" author="Relytec" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL>relytec.com</authorURL><desc>A Commercial Key Logger is a program that captures and logs keystrokes as they are entered on the computer for the purpose of monitoring the user. The logged data, which may be encrypted, is saved or sent to the person who installed the key logger. These applications often run in stealth mode and are invisible to the user that is being monitored. Such key loggers are sold commercially and may be used legitimately if deployed by authorized administrators and disclosed to the persons being monitored, as in a business environment. The use of a key logger to monitor persons without their knowledge has been ruled illegal in at least one jurisdiction.</desc><threatAdviceDetails>This is an elevated risk and should be removed or quarantined as it may compromise your privacy and security, make unwanted changes to your computer's settings, and negatively impact your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\mspAnpern.dll"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\mspAnpern.dll"/><attr n="fileSize" v="118784"/><attr n="crc8" v="00D0BA92E637F9D7"/><attr n="md5" v="026BD116E45B789900406FD5CAC1F1AD"/><attr n="detectionType" v="4"/></trace></traces></threat><threat id="410756" name="BehavesLike.Win32.Malware (v)" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\ActiveScan\pavdr.exe"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\ActiveScan\pavdr.exe"/><attr n="fileSize" v="53248"/><attr n="crc8" v="00D0598C523117F8"/><attr n="md5" v="E15076015C1C46DA74953784484D58E1"/></trace></traces></threat><threat id="1556509" name="Monitor.Win32.ActualSpy.27" level="2" category="Surveillance (General)" type="Surveillance Tool" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>A Surveillance Tool is a program that monitors and captures data from a computer including screenshots, keystrokes, web cam and microphone data, instant messaging, email, websites visited, programs run and files accessed and files shared on a P2P (peer to peer) network. Many Surveillance Tools can run in stealth mode, hidden from the user, and have the ability to store captured data for later retrieval by or transmission to another computer.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\Documents and Settings\Bryan\My Documents\Power Video Converter\AKProg\hkdll.dll"><attr n="hidden" v="true"/><attr n="path" v="C:\Documents and Settings\Bryan\My Documents\Power Video Converter\AKProg\hkdll.dll"/><attr n="fileSize" v="18944"/><attr n="crc8" v="004A39E40993305A"/><attr n="md5" v="73388951A67755DE291DBE00765DE3AE"/><attr n="detectionType" v="1"/></trace></traces></threat><threat id="4009800" name="Packer.NSAnti.Gen (v)" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\temp\ea0821.exe"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\temp\ea0821.exe"/><attr n="fileSize" v="51143"/><attr n="crc8" v="C7C7F0F649EB9796"/><attr n="md5" v="423C538EBF294B595236484BDB3DB2E9"/></trace><trace type="4" dispValue="C:\WINDOWS\temp\server.exe"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\temp\server.exe"/><attr n="fileSize" v="12981"/><attr n="crc8" v="B5325A562E60B296"/><attr n="md5" v="EE883FCAD6670830502F4F13572A3FB5"/></trace></traces></threat><threat id="4061650" name="Rootkit.Win32.TDSS.gen" level="2" category="Rootkit" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>A Rootkit is software that cloaks the presence of files and data to evade detection, while allowing an attacker to take control of the machine without the user's knowledge. Rootkits are typically used by malware including viruses, spyware, trojans, and backdoors, to conceal themselves from the user as well as from malware detection software such as anti-virus and anti-spyware applications. Rootkits are also used by some adware applications and DRM (Digital Rights Management) programs to thwart the removal of that unwanted software by users.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SYSTEM\CurrentControlSet\Services\UACd.sys"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\group 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SYSTEM\CurrentControlSet\Services\UACd.sys"/><attr n="valueType" v="1"/><attr n="valueName" v="group"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\imagepath 2"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SYSTEM\CurrentControlSet\Services\UACd.sys"/><attr n="valueType" v="2"/><attr n="valueName" v="imagepath"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\modules -1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SYSTEM\CurrentControlSet\Services\UACd.sys\modules"/><attr n="valueType" v="-1"/><attr n="valueName" v=""/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\modules\uacbbr 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SYSTEM\CurrentControlSet\Services\UACd.sys\modules"/><attr n="valueType" v="1"/><attr n="valueName" v="uacbbr"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\modules\UACc 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SYSTEM\CurrentControlSet\Services\UACd.sys\modules"/><attr n="valueType" v="1"/><attr n="valueName" v="UACc"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\modules\UACd 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SYSTEM\CurrentControlSet\Services\UACd.sys\modules"/><attr n="valueType" v="1"/><attr n="valueName" v="UACd"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\modules\UACsr 1"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SYSTEM\CurrentControlSet\Services\UACd.sys\modules"/><attr n="valueType" v="1"/><attr n="valueName" v="UACsr"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\start 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SYSTEM\CurrentControlSet\Services\UACd.sys"/><attr n="valueType" v="4"/><attr n="valueName" v="start"/></trace><trace type="3" dispValue="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\type 4"><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SYSTEM\CurrentControlSet\Services\UACd.sys"/><attr n="valueType" v="4"/><attr n="valueName" v="type"/></trace></traces></threat><threat id="4115843" name="Trojan-Clicker.Win32.Hatigh.C" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\Documents and Settings\Bryan\Local Settings\Temp\2603154896.exe"><attr n="hidden" v="true"/><attr n="path" v="C:\Documents and Settings\Bryan\Local Settings\Temp\2603154896.exe"/><attr n="fileSize" v="23552"/><attr n="crc8" v="005C4BAB92650407"/><attr n="md5" v="452BF56FD79030852ED7DC2F1998BE6A"/><attr n="detectionType" v="1"/></trace><trace type="4" dispValue="C:\Documents and Settings\Bryan\Local Settings\Temp\setup.exe"><attr n="hidden" v="true"/><attr n="path" v="C:\Documents and Settings\Bryan\Local Settings\Temp\setup.exe"/><attr n="fileSize" v="23556"/><attr n="crc8" v="045CDC6F398E1F37"/><attr n="md5" v="9058A9EFDD41A9C8BE30138D0E9EB799"/><attr n="detectionType" v="1"/></trace><trace type="4" dispValue="C:\Documents and Settings\Bryan\Local Settings\Temp\winamp.exe"><attr n="hidden" v="true"/><attr n="path" v="C:\Documents and Settings\Bryan\Local Settings\Temp\winamp.exe"/><attr n="fileSize" v="23556"/><attr n="crc8" v="045CDC6F398E1F37"/><attr n="md5" v="9058A9EFDD41A9C8BE30138D0E9EB799"/><attr n="detectionType" v="1"/></trace></traces></threat><threat id="4117470" name="Exploit.PDF-JS.Gen (v)" level="2" category="Exploit" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>An Exploit is software or code that targets security vulnerabilities, usually in the operating system or browser, but may also target vulnerabilities in other programs. Exploits are typically used to install malicious software on the victim's computer without the victim's knowledge or consent. An Exploit may be used to install malware that gives the attacker complete access to and control of the affected computer from a remote location.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KVQPBK18\do39t[1].pdf"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KVQPBK18\do39t[1].pdf"/><attr n="fileSize" v="4413"/><attr n="md5" v="4AF98EB70173053F1840C7CE0A9A9C2F"/><attr n="detectionType" v="4"/></trace></traces></threat><threat id="4125097" name="Trojan.Win32.Packer.WinUpackv0.39.a (v)" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tmp4.tmp.dll.vir"><attr n="hidden" v="true"/><attr n="path" v="C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tmp4.tmp.dll.vir"/><attr n="fileSize" v="39222"/><attr n="crc8" v="36998811CEEF5456"/><attr n="md5" v="5B411A3742217387E082E2A54399FF1A"/></trace></traces></threat><threat id="4167477" name="FraudTool.Win32.RogueSecurity (v)" level="3" category="Rogue Security Program" type="Misc" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>A Rogue Security Program is software that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results. Rogue Security Programs typically use aggressive, deceptive advertising and may be installed without adequate notice and consent, often though exploits.</desc><threatAdviceDetails>This is an elevated risk and should be removed or quarantined as it may compromise your privacy and security, make unwanted changes to your computer's settings, and negatively impact your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\AVR09.exe"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\AVR09.exe"/><attr n="fileSize" v="1860096"/><attr n="crc8" v="00622F248D851EC4"/><attr n="md5" v="A037596DDDCB70F1A26B9389211E6BF6"/></trace></traces></threat><threat id="4281710" name="Trojan-Win32/Alureon.gen!U" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\SKYNETdupxjyiq.dll"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\SKYNETdupxjyiq.dll"/><attr n="fileSize" v="19456"/><attr n="crc8" v="004CCB17BE016E1D"/><attr n="md5" v="01A45C33177509AFC09D99BF05998639"/><attr n="detectionType" v="1"/></trace><trace type="4" dispValue="C:\WINDOWS\temp\SKYNETsmcevxgfsk.tmp"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\temp\SKYNETsmcevxgfsk.tmp"/><attr n="fileSize" v="19456"/><attr n="crc8" v="004CCB17BE016E1D"/><attr n="md5" v="01A45C33177509AFC09D99BF05998639"/><attr n="detectionType" v="1"/></trace><trace type="4" dispValue="C:\WINDOWS\temp\SKYNETwjixfxorpd.tmp"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\temp\SKYNETwjixfxorpd.tmp"/><attr n="fileSize" v="19456"/><attr n="crc8" v="004CCB17BE016E1D"/><attr n="md5" v="01A45C33177509AFC09D99BF05998639"/><attr n="detectionType" v="1"/></trace></traces></threat><threat id="4291292" name="Trojan-Downloader.Win32.FraudLoad.wnei" level="2" category="Trojan Downloader" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>A Trojan Downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="c:\WINDOWS\SYSTEM32\minix32.exe"><attr n="path" v="c:\WINDOWS\SYSTEM32\minix32.exe"/><attr n="fileSize" v="580616"/><attr n="crc8" v="08DCF8713A79F8AB"/><attr n="md5" v="6BEBACE6789D8CDD5B3BB736F6536869"/><attr n="detectionType" v="11"/></trace><trace type="3" dispValue="HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MINIX32 -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v=".DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN"/><attr n="valueType" v="-1"/><attr n="valueName" v="MINIX32"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MINIX32 -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN"/><attr n="valueType" v="-1"/><attr n="valueName" v="MINIX32"/></trace></traces></threat><threat id="4294631" name="Trojan.Win32.Crot.i" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="26" dispValue="1012,ntdll.dll!LdrGetProcedureAddress[f7c71ab0.x86.dll!0x35672A1E]"><attr n="pid" v="1012"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="LdrGetProcedureAddress"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A1E"/><attr n="crc8" v="00D0596824528FEA"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1012,ntdll.dll!NtWriteFile[f7c71ab0.x86.dll!0x35672A94]"><attr n="pid" v="1012"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="NtWriteFile"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A94"/><attr n="crc8" v="00D0596824528FEA"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1080,ntdll.dll!LdrGetProcedureAddress[f7c71ab0.x86.dll!0x35672A1E]"><attr n="pid" v="1080"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="LdrGetProcedureAddress"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A1E"/><attr n="crc8" v="00D034D4EA5A55AC"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1080,ntdll.dll!NtWriteFile[f7c71ab0.x86.dll!0x35672A94]"><attr n="pid" v="1080"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="NtWriteFile"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A94"/><attr n="crc8" v="00D034D4EA5A55AC"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="124,ntdll.dll!LdrGetProcedureAddress[f7c71ab0.x86.dll!0x35672A1E]"><attr n="pid" v="124"/><attr n="procPath" v="c:\Program Files\Grisoft\AVG Free\avgemc.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="LdrGetProcedureAddress"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A1E"/><attr n="crc8" v="00D06A26F2AD82C4"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="124,ntdll.dll!NtWriteFile[f7c71ab0.x86.dll!0x35672A94]"><attr n="pid" v="124"/><attr n="procPath" v="c:\Program Files\Grisoft\AVG Free\avgemc.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="NtWriteFile"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A94"/><attr n="crc8" v="00D06A26F2AD82C4"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1276,ntdll.dll!LdrGetProcedureAddress[f7c71ab0.x86.dll!0x35672A1E]"><attr n="pid" v="1276"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="LdrGetProcedureAddress"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A1E"/><attr n="crc8" v="00D089003E200D6A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1276,ntdll.dll!NtWriteFile[f7c71ab0.x86.dll!0x35672A94]"><attr n="pid" v="1276"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="NtWriteFile"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A94"/><attr n="crc8" v="00D089003E200D6A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1304,ntdll.dll!LdrGetProcedureAddress[f7c71ab0.x86.dll!0x35672A1E]"><attr n="pid" v="1304"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="LdrGetProcedureAddress"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A1E"/><attr n="crc8" v="00D03C662E3706BE"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1304,ntdll.dll!NtWriteFile[f7c71ab0.x86.dll!0x35672A94]"><attr n="pid" v="1304"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="NtWriteFile"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A94"/><attr n="crc8" v="00D03C662E3706BE"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1640,ntdll.dll!LdrGetProcedureAddress[f7c71ab0.x86.dll!0x35672A1E]"><attr n="pid" v="1640"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\spoolsv.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="LdrGetProcedureAddress"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A1E"/><attr n="crc8" v="00D02C81C62E5A5C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1640,ntdll.dll!NtWriteFile[f7c71ab0.x86.dll!0x35672A94]"><attr n="pid" v="1640"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\spoolsv.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="NtWriteFile"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A94"/><attr n="crc8" v="00D02C81C62E5A5C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="180,ntdll.dll!LdrGetProcedureAddress[f7c71ab0.x86.dll!0x35672A1E]"><attr n="pid" v="180"/><attr n="procPath" v="c:\program files\Bonjour\mdnsresponder.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="LdrGetProcedureAddress"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A1E"/><attr n="crc8" v="00D028A4F869A84A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="180,ntdll.dll!NtWriteFile[f7c71ab0.x86.dll!0x35672A94]"><attr n="pid" v="180"/><attr n="procPath" v="c:\program files\Bonjour\mdnsresponder.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="NtWriteFile"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A94"/><attr n="crc8" v="00D028A4F869A84A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1828,ntdll.dll!LdrGetProcedureAddress[f7c71ab0.x86.dll!0x35672A1E]"><attr n="pid" v="1828"/><attr n="procPath" v="c:\program files\common files\Apple\mobile device support\bin\applemobiledeviceservice.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="LdrGetProcedureAddress"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A1E"/><attr n="crc8" v="00D0CAAAE181E466"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="1828,ntdll.dll!NtWriteFile[f7c71ab0.x86.dll!0x35672A94]"><attr n="pid" v="1828"/><attr n="procPath" v="c:\program files\common files\Apple\mobile device support\bin\applemobiledeviceservice.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="NtWriteFile"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A94"/><attr n="crc8" v="00D0CAAAE181E466"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="2612,ntdll.dll!LdrGetProcedureAddress[f7c71ab0.x86.dll!0x35672A1E]"><attr n="pid" v="2612"/><attr n="procPath" v="c:\viprerescue\viprerescuescanner.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="LdrGetProcedureAddress"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A1E"/><attr n="crc8" v="00D0BD699716771C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="26" dispValue="2612,ntdll.dll!NtWriteFile[f7c71ab0.x86.dll!0x35672A94]"><attr n="pid" v="2612"/><attr n="procPath" v="c:\viprerescue\viprerescuescanner.exe"/><attr n="tgtModPath" v="C:\WINDOWS\System32\ntdll.dll"/><attr n="tgtImgBase" v="77E60000"/><attr n="tgtImgSize" v="E7000"/><attr n="tgtFuncName" v="NtWriteFile"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672A94"/><attr n="crc8" v="00D0BD699716771C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="22" dispValue="0,C:\WINDOWS\win32k.sys:1"><attr n="pid" v="0"/><attr n="modPath" v="C:\WINDOWS\win32k.sys:1"/><attr n="base" v="F778F000"/><attr n="size" v="5000"/><attr n="entryPoint" v="FFFFFFFF"/><attr n="crc8" v="0050A14049EF5838"/><attr n="detectionType" v="9"/></trace><trace type="22" dispValue="0,C:\WINDOWS\win32k.sys:2"><attr n="pid" v="0"/><attr n="modPath" v="C:\WINDOWS\win32k.sys:2"/><attr n="base" v="F7697000"/><attr n="size" v="F000"/><attr n="entryPoint" v="FFFFFFFF"/><attr n="crc8" v="00F052D2C8E483E9"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1012,gdi32.dll!GetBkColor[f7c71ab0.x86.dll!0x35672DDE]"><attr n="flags" v="9"/><attr n="pid" v="1012"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetBkColor"/><attr n="tgtFuncAddr" v="7F006B15"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DDE"/><attr n="codeLen" v="2"/><attr n="tgtCode" v="FFD2"/><attr n="rktCode" v="E8C4"/><attr n="crc8" v="00D0596824528FEA"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1012,gdi32.dll!GetTextExtentPointW[f7c71ab0.x86.dll!0x35672DC2]"><attr n="flags" v="9"/><attr n="pid" v="1012"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetTextExtentPointW"/><attr n="tgtFuncAddr" v="7F00731C"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DC2"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="4C03DAEBE6558B"/><attr n="rktCode" v="E8A1BA66B6EBF9"/><attr n="crc8" v="00D0596824528FEA"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1012,user32.dll!LoadMenuW[f7c71ab0.x86.dll!0x35672D96]"><attr n="flags" v="9"/><attr n="pid" v="1012"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\user32.dll"/><attr n="tgtImgBase" v="77D40000"/><attr n="tgtImgSize" v="8D000"/><attr n="tgtFuncName" v="LoadMenuW"/><attr n="tgtFuncAddr" v="77D51668"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672D96"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="25CC10D477558B"/><attr n="rktCode" v="E8291792BDEBF9"/><attr n="crc8" v="00D0596824528FEA"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1080,gdi32.dll!GetBkColor[f7c71ab0.x86.dll!0x35672DDE]"><attr n="flags" v="9"/><attr n="pid" v="1080"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetBkColor"/><attr n="tgtFuncAddr" v="7F006B15"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DDE"/><attr n="codeLen" v="2"/><attr n="tgtCode" v="FFD2"/><attr n="rktCode" v="E8C4"/><attr n="crc8" v="00D034D4EA5A55AC"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1080,gdi32.dll!GetTextExtentPointW[f7c71ab0.x86.dll!0x35672DC2]"><attr n="flags" v="9"/><attr n="pid" v="1080"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetTextExtentPointW"/><attr n="tgtFuncAddr" v="7F00731C"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DC2"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="4C03DAEBE6558B"/><attr n="rktCode" v="E8A1BA66B6EBF9"/><attr n="crc8" v="00D034D4EA5A55AC"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1080,user32.dll!LoadMenuW[f7c71ab0.x86.dll!0x35672D96]"><attr n="flags" v="9"/><attr n="pid" v="1080"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\user32.dll"/><attr n="tgtImgBase" v="77D40000"/><attr n="tgtImgSize" v="8D000"/><attr n="tgtFuncName" v="LoadMenuW"/><attr n="tgtFuncAddr" v="77D51668"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672D96"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="25CC10D477558B"/><attr n="rktCode" v="E8291792BDEBF9"/><attr n="crc8" v="00D034D4EA5A55AC"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="124,gdi32.dll!GetBkColor[f7c71ab0.x86.dll!0x35672DDE]"><attr n="flags" v="9"/><attr n="pid" v="124"/><attr n="procPath" v="c:\Program Files\Grisoft\AVG Free\avgemc.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetBkColor"/><attr n="tgtFuncAddr" v="7F006B15"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DDE"/><attr n="codeLen" v="2"/><attr n="tgtCode" v="FFD2"/><attr n="rktCode" v="E8C4"/><attr n="crc8" v="00D06A26F2AD82C4"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="124,gdi32.dll!GetTextExtentPointW[f7c71ab0.x86.dll!0x35672DC2]"><attr n="flags" v="9"/><attr n="pid" v="124"/><attr n="procPath" v="c:\Program Files\Grisoft\AVG Free\avgemc.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetTextExtentPointW"/><attr n="tgtFuncAddr" v="7F00731C"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DC2"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="4C03DAEBE6558B"/><attr n="rktCode" v="E8A1BA66B6EBF9"/><attr n="crc8" v="00D06A26F2AD82C4"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="124,user32.dll!LoadMenuW[f7c71ab0.x86.dll!0x35672D96]"><attr n="flags" v="9"/><attr n="pid" v="124"/><attr n="procPath" v="c:\Program Files\Grisoft\AVG Free\avgemc.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\user32.dll"/><attr n="tgtImgBase" v="77D40000"/><attr n="tgtImgSize" v="8D000"/><attr n="tgtFuncName" v="LoadMenuW"/><attr n="tgtFuncAddr" v="77D51668"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672D96"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="25CC10D477558B"/><attr n="rktCode" v="E8291792BDEBF9"/><attr n="crc8" v="00D06A26F2AD82C4"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1276,gdi32.dll!GetBkColor[f7c71ab0.x86.dll!0x35672DDE]"><attr n="flags" v="9"/><attr n="pid" v="1276"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetBkColor"/><attr n="tgtFuncAddr" v="7F006B15"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DDE"/><attr n="codeLen" v="2"/><attr n="tgtCode" v="FFD2"/><attr n="rktCode" v="E8C4"/><attr n="crc8" v="00D089003E200D6A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1276,gdi32.dll!GetTextExtentPointW[f7c71ab0.x86.dll!0x35672DC2]"><attr n="flags" v="9"/><attr n="pid" v="1276"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetTextExtentPointW"/><attr n="tgtFuncAddr" v="7F00731C"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DC2"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="4C03DAEBE6558B"/><attr n="rktCode" v="E8A1BA66B6EBF9"/><attr n="crc8" v="00D089003E200D6A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1276,user32.dll!LoadMenuW[f7c71ab0.x86.dll!0x35672D96]"><attr n="flags" v="9"/><attr n="pid" v="1276"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\user32.dll"/><attr n="tgtImgBase" v="77D40000"/><attr n="tgtImgSize" v="8D000"/><attr n="tgtFuncName" v="LoadMenuW"/><attr n="tgtFuncAddr" v="77D51668"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672D96"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="25CC10D477558B"/><attr n="rktCode" v="E8291792BDEBF9"/><attr n="crc8" v="00D089003E200D6A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1304,gdi32.dll!GetBkColor[f7c71ab0.x86.dll!0x35672DDE]"><attr n="flags" v="9"/><attr n="pid" v="1304"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetBkColor"/><attr n="tgtFuncAddr" v="7F006B15"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DDE"/><attr n="codeLen" v="2"/><attr n="tgtCode" v="FFD2"/><attr n="rktCode" v="E8C4"/><attr n="crc8" v="00D03C662E3706BE"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1304,gdi32.dll!GetTextExtentPointW[f7c71ab0.x86.dll!0x35672DC2]"><attr n="flags" v="9"/><attr n="pid" v="1304"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetTextExtentPointW"/><attr n="tgtFuncAddr" v="7F00731C"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DC2"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="4C03DAEBE6558B"/><attr n="rktCode" v="E8A1BA66B6EBF9"/><attr n="crc8" v="00D03C662E3706BE"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1304,user32.dll!LoadMenuW[f7c71ab0.x86.dll!0x35672D96]"><attr n="flags" v="9"/><attr n="pid" v="1304"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\user32.dll"/><attr n="tgtImgBase" v="77D40000"/><attr n="tgtImgSize" v="8D000"/><attr n="tgtFuncName" v="LoadMenuW"/><attr n="tgtFuncAddr" v="77D51668"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672D96"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="25CC10D477558B"/><attr n="rktCode" v="E8291792BDEBF9"/><attr n="crc8" v="00D03C662E3706BE"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1640,gdi32.dll!GetBkColor[f7c71ab0.x86.dll!0x35672DDE]"><attr n="flags" v="9"/><attr n="pid" v="1640"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\spoolsv.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetBkColor"/><attr n="tgtFuncAddr" v="7F006B15"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DDE"/><attr n="codeLen" v="2"/><attr n="tgtCode" v="FFD2"/><attr n="rktCode" v="E8C4"/><attr n="crc8" v="00D02C81C62E5A5C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1640,gdi32.dll!GetTextExtentPointW[f7c71ab0.x86.dll!0x35672DC2]"><attr n="flags" v="9"/><attr n="pid" v="1640"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\spoolsv.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetTextExtentPointW"/><attr n="tgtFuncAddr" v="7F00731C"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DC2"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="4C03DAEBE6558B"/><attr n="rktCode" v="E8A1BA66B6EBF9"/><attr n="crc8" v="00D02C81C62E5A5C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1640,user32.dll!LoadMenuW[f7c71ab0.x86.dll!0x35672D96]"><attr n="flags" v="9"/><attr n="pid" v="1640"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\spoolsv.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\user32.dll"/><attr n="tgtImgBase" v="77D40000"/><attr n="tgtImgSize" v="8D000"/><attr n="tgtFuncName" v="LoadMenuW"/><attr n="tgtFuncAddr" v="77D51668"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672D96"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="25CC10D477558B"/><attr n="rktCode" v="E8291792BDEBF9"/><attr n="crc8" v="00D02C81C62E5A5C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="180,gdi32.dll!GetBkColor[f7c71ab0.x86.dll!0x35672DDE]"><attr n="flags" v="9"/><attr n="pid" v="180"/><attr n="procPath" v="c:\program files\Bonjour\mdnsresponder.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetBkColor"/><attr n="tgtFuncAddr" v="7F006B15"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DDE"/><attr n="codeLen" v="2"/><attr n="tgtCode" v="FFD2"/><attr n="rktCode" v="E8C4"/><attr n="crc8" v="00D028A4F869A84A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="180,gdi32.dll!GetTextExtentPointW[f7c71ab0.x86.dll!0x35672DC2]"><attr n="flags" v="9"/><attr n="pid" v="180"/><attr n="procPath" v="c:\program files\Bonjour\mdnsresponder.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetTextExtentPointW"/><attr n="tgtFuncAddr" v="7F00731C"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DC2"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="4C03DAEBE6558B"/><attr n="rktCode" v="E8A1BA66B6EBF9"/><attr n="crc8" v="00D028A4F869A84A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="180,user32.dll!LoadMenuW[f7c71ab0.x86.dll!0x35672D96]"><attr n="flags" v="9"/><attr n="pid" v="180"/><attr n="procPath" v="c:\program files\Bonjour\mdnsresponder.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\user32.dll"/><attr n="tgtImgBase" v="77D40000"/><attr n="tgtImgSize" v="8D000"/><attr n="tgtFuncName" v="LoadMenuW"/><attr n="tgtFuncAddr" v="77D51668"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672D96"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="25CC10D477558B"/><attr n="rktCode" v="E8291792BDEBF9"/><attr n="crc8" v="00D028A4F869A84A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1828,gdi32.dll!GetBkColor[f7c71ab0.x86.dll!0x35672DDE]"><attr n="flags" v="9"/><attr n="pid" v="1828"/><attr n="procPath" v="c:\program files\common files\Apple\mobile device support\bin\applemobiledeviceservice.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetBkColor"/><attr n="tgtFuncAddr" v="7F006B15"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DDE"/><attr n="codeLen" v="2"/><attr n="tgtCode" v="FFD2"/><attr n="rktCode" v="E8C4"/><attr n="crc8" v="00D0CAAAE181E466"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1828,gdi32.dll!GetTextExtentPointW[f7c71ab0.x86.dll!0x35672DC2]"><attr n="flags" v="9"/><attr n="pid" v="1828"/><attr n="procPath" v="c:\program files\common files\Apple\mobile device support\bin\applemobiledeviceservice.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetTextExtentPointW"/><attr n="tgtFuncAddr" v="7F00731C"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DC2"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="4C03DAEBE6558B"/><attr n="rktCode" v="E8A1BA66B6EBF9"/><attr n="crc8" v="00D0CAAAE181E466"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="1828,user32.dll!LoadMenuW[f7c71ab0.x86.dll!0x35672D96]"><attr n="flags" v="9"/><attr n="pid" v="1828"/><attr n="procPath" v="c:\program files\common files\Apple\mobile device support\bin\applemobiledeviceservice.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\user32.dll"/><attr n="tgtImgBase" v="77D40000"/><attr n="tgtImgSize" v="8D000"/><attr n="tgtFuncName" v="LoadMenuW"/><attr n="tgtFuncAddr" v="77D51668"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672D96"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="25CC10D477558B"/><attr n="rktCode" v="E8291792BDEBF9"/><attr n="crc8" v="00D0CAAAE181E466"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="2612,gdi32.dll!GetBkColor[f7c71ab0.x86.dll!0x35672DDE]"><attr n="flags" v="9"/><attr n="pid" v="2612"/><attr n="procPath" v="c:\viprerescue\viprerescuescanner.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetBkColor"/><attr n="tgtFuncAddr" v="7F006B15"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DDE"/><attr n="codeLen" v="2"/><attr n="tgtCode" v="FFD2"/><attr n="rktCode" v="E8C4"/><attr n="crc8" v="00D0BD699716771C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="2612,gdi32.dll!GetTextExtentPointW[f7c71ab0.x86.dll!0x35672DC2]"><attr n="flags" v="9"/><attr n="pid" v="2612"/><attr n="procPath" v="c:\viprerescue\viprerescuescanner.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\gdi32.dll"/><attr n="tgtImgBase" v="7F000000"/><attr n="tgtImgSize" v="42000"/><attr n="tgtFuncName" v="GetTextExtentPointW"/><attr n="tgtFuncAddr" v="7F00731C"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672DC2"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="4C03DAEBE6558B"/><attr n="rktCode" v="E8A1BA66B6EBF9"/><attr n="crc8" v="00D0BD699716771C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="30" dispValue="2612,user32.dll!LoadMenuW[f7c71ab0.x86.dll!0x35672D96]"><attr n="flags" v="9"/><attr n="pid" v="2612"/><attr n="procPath" v="c:\viprerescue\viprerescuescanner.exe"/><attr n="sectionName" v=".text"/><attr n="tgtModPath" v="c:\WINDOWS\SYSTEM32\user32.dll"/><attr n="tgtImgBase" v="77D40000"/><attr n="tgtImgSize" v="8D000"/><attr n="tgtFuncName" v="LoadMenuW"/><attr n="tgtFuncAddr" v="77D51668"/><attr n="rktModPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="rktImgBase" v="35670000"/><attr n="rktImgSize" v="D000"/><attr n="rktFuncName" v=""/><attr n="rktFuncAddr" v="35672D96"/><attr n="codeLen" v="7"/><attr n="tgtCode" v="25CC10D477558B"/><attr n="rktCode" v="E8291792BDEBF9"/><attr n="crc8" v="00D0BD699716771C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="19" dispValue="1012,c:\WINDOWS\SYSTEM32\svchost.exe,\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"><attr n="pid" v="1012"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="modPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="base" v="35670000"/><attr n="size" v="D000"/><attr n="entryPoint" v="35673355"/><attr n="crc8" v="00D0596824528FEA"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="19" dispValue="1080,c:\WINDOWS\SYSTEM32\svchost.exe,\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"><attr n="pid" v="1080"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="modPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="base" v="35670000"/><attr n="size" v="D000"/><attr n="entryPoint" v="35673355"/><attr n="crc8" v="00D034D4EA5A55AC"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="19" dispValue="124,c:\Program Files\Grisoft\AVG Free\avgemc.exe,\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"><attr n="pid" v="124"/><attr n="procPath" v="c:\Program Files\Grisoft\AVG Free\avgemc.exe"/><attr n="modPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="base" v="35670000"/><attr n="size" v="D000"/><attr n="entryPoint" v="35673355"/><attr n="crc8" v="00D06A26F2AD82C4"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="19" dispValue="1276,c:\WINDOWS\SYSTEM32\svchost.exe,\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"><attr n="pid" v="1276"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="modPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="base" v="35670000"/><attr n="size" v="D000"/><attr n="entryPoint" v="35673355"/><attr n="crc8" v="00D089003E200D6A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="19" dispValue="1304,c:\WINDOWS\SYSTEM32\svchost.exe,\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"><attr n="pid" v="1304"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\svchost.exe"/><attr n="modPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="base" v="35670000"/><attr n="size" v="D000"/><attr n="entryPoint" v="35673355"/><attr n="crc8" v="00D03C662E3706BE"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="19" dispValue="1640,c:\WINDOWS\SYSTEM32\spoolsv.exe,\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"><attr n="pid" v="1640"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\spoolsv.exe"/><attr n="modPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="base" v="35670000"/><attr n="size" v="D000"/><attr n="entryPoint" v="35673355"/><attr n="crc8" v="00D02C81C62E5A5C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="19" dispValue="180,c:\program files\Bonjour\mdnsresponder.exe,\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"><attr n="pid" v="180"/><attr n="procPath" v="c:\program files\Bonjour\mdnsresponder.exe"/><attr n="modPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="base" v="35670000"/><attr n="size" v="D000"/><attr n="entryPoint" v="35673355"/><attr n="crc8" v="00D028A4F869A84A"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="19" dispValue="1828,c:\program files\common files\Apple\mobile device support\bin\applemobiledeviceservice.exe,\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"><attr n="pid" v="1828"/><attr n="procPath" v="c:\program files\common files\Apple\mobile device support\bin\applemobiledeviceservice.exe"/><attr n="modPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="base" v="35670000"/><attr n="size" v="D000"/><attr n="entryPoint" v="35673355"/><attr n="crc8" v="00D0CAAAE181E466"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace><trace type="19" dispValue="2612,c:\viprerescue\viprerescuescanner.exe,\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"><attr n="pid" v="2612"/><attr n="procPath" v="c:\viprerescue\viprerescuescanner.exe"/><attr n="modPath" v="\\?\globalroot\device\__max++&gt;\f7c71ab0.x86.dll"/><attr n="base" v="35670000"/><attr n="size" v="D000"/><attr n="entryPoint" v="35673355"/><attr n="crc8" v="00D0BD699716771C"/><attr n="md5" v="082C6997B595B156696CDD6693D7331A"/><attr n="detectionType" v="9"/></trace></traces></threat><threat id="4324079" name="Trojan-Downloader.Win32.Pacoheir.A" level="2" category="Trojan Downloader" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>A Trojan Downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\net.net"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\net.net"/><attr n="fileSize" v="37257"/><attr n="crc8" v="89913747C7D5CD11"/><attr n="md5" v="0F977372AFB1B30F50F3576C08855B67"/><attr n="detectionType" v="11"/></trace></traces></threat><threat id="4324090" name="VirTool.Win32.DelfInject" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="2" dispValue="1584, c:\WINDOWS\SYSTEM32\DRIVERS\smss.exe"><attr n="pid" v="1584"/><attr n="procPath" v="c:\WINDOWS\SYSTEM32\DRIVERS\smss.exe"/><attr n="crc8" v="00AA6DB60F0C5128"/><attr n="md5" v="92B0B0C4887D4F424E5816049E73AF79"/><attr n="detectionType" v="1"/></trace></traces></threat><threat id="4332905" name="Windows Police Pro (fs)" level="3" category="Rogue Security Program" type="Misc" quarantineId="" adviseType="3" canQuarantine="true" author="Innovagest2000" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL>gotothefile.com</authorURL><desc>A Rogue Security Program is software that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results. Rogue Security Programs typically use aggressive, deceptive advertising and may be installed without adequate notice and consent, often though exploits.</desc><threatAdviceDetails>This is an elevated risk and should be removed or quarantined as it may compromise your privacy and security, make unwanted changes to your computer's settings, and negatively impact your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\PROGRAM FILES\WINDOWS POLICE PRO\ANTI_files.exe"><attr n="path" v="C:\PROGRAM FILES\WINDOWS POLICE PRO\ANTI_files.exe"/><attr n="fileSize" v="2556324"/><attr n="md5" v="49ABCEA224233777E2ACBF7044F068D8"/></trace><trace type="5" dispValue="C:\PROGRAM FILES\WINDOWS POLICE PRO"><attr n="path" v="C:\PROGRAM FILES\WINDOWS POLICE PRO"/></trace></traces></threat><threat id="4362670" name="Trojan.Win32.FraudPack.tbi (v)" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="c:\WINDOWS\temp\a.exe"><attr n="path" v="c:\WINDOWS\temp\a.exe"/><attr n="fileSize" v="155136"/><attr n="crc8" v="005ED6DF14904D9E"/><attr n="md5" v="3A4090AE76D88BFA04EA2FF93707BC41"/><attr n="detectionType" v="4"/></trace><trace type="3" dispValue="HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\POPROCK -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v=".DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN"/><attr n="valueType" v="-1"/><attr n="valueName" v="POPROCK"/></trace><trace type="3" dispValue="HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\POPROCK -1"><attr n="hive" v="HKEY_USERS"/><attr n="key" v="S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN"/><attr n="valueType" v="-1"/><attr n="valueName" v="POPROCK"/></trace></traces></threat><threat id="4370339" name="Trojan.Win32.TDSS.amve" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\DRIVERS\SKYNETwerqoqxy.sys"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\DRIVERS\SKYNETwerqoqxy.sys"/><attr n="fileSize" v="70656"/><attr n="crc8" v="00143A179335FA0D"/><attr n="md5" v="0F6C6EE38847520768D0D306B8597FAC"/><attr n="detectionType" v="1"/></trace></traces></threat><threat id="4370373" name="Trojan.Win32.Tdss.anuv" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\SKYNETkvoolpfj.dll"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\SKYNETkvoolpfj.dll"/><attr n="fileSize" v="20480"/><attr n="crc8" v="0050CDDC3B952779"/><attr n="md5" v="4CF965D4727F0945BB974C39E859289E"/><attr n="detectionType" v="1"/></trace></traces></threat><threat id="4370393" name="Trojan.Win32.Tdss.anus" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\SKYNETiqrdnbmm.dll"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\SKYNETiqrdnbmm.dll"/><attr n="fileSize" v="44544"/><attr n="crc8" v="00AE2AF80E2BBDE1"/><attr n="md5" v="6DD292B69ADEE79F4A90FAED5091B2E7"/><attr n="detectionType" v="1"/></trace></traces></threat><threat id="4382445" name="Trojan-Win32/Wimpixo.gen!A" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\temp\yxcklfrbst.exe"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\temp\yxcklfrbst.exe"/><attr n="fileSize" v="241152"/><attr n="crc8" v="00AE699CCDA8E08E"/><attr n="md5" v="B6E6C1B9D09D6D9CEDAED9B9E16E3C9D"/><attr n="detectionType" v="1"/></trace></traces></threat><threat id="4388896" name="Backdoor.Win32.Agent.alhw" level="2" category="Backdoor" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\6to4v32.dll"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\6to4v32.dll"/><attr n="fileSize" v="61440"/><attr n="crc8" v="00F0760C8B7F43A7"/><attr n="md5" v="9D9279A33E4646F60E37E77BF02D1F2D"/><attr n="detectionType" v="1"/></trace><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\Iasv32.dll"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\Iasv32.dll"/><attr n="fileSize" v="61440"/><attr n="crc8" v="00F0760C8B7F43A7"/><attr n="md5" v="9D9279A33E4646F60E37E77BF02D1F2D"/><attr n="detectionType" v="1"/></trace></traces></threat><threat id="4391874" name="Trojan.Win32.FraudPack.qav" level="2" category="Trojan" type="Malware" quarantineId="" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="-1"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><traces><trace type="4" dispValue="C:\WINDOWS\SYSTEM32\msxml71.dll"><attr n="hidden" v="true"/><attr n="path" v="C:\WINDOWS\SYSTEM32\msxml71.dll"/><attr n="fileSize" v="208900"/><attr n="crc8" v="0430086A57C147CA"/><attr n="md5" v="01B35222295773ABB5AF78DB8ACDDBB2"/><attr n="detectionType" v="1"/></trace></traces></threat></threats></SBCSThreatEngineResults>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users