Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with virus removal plz

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help with virus removal plz

Unread postby Danica10 » September 24th, 2011, 2:27 pm

I had been getting Mailer-Daemon delivery failure messages in my inbox. Last night and this morning I ran scans with different scanners which came up with Trj\hupigon.BDH virus and the 2nd came up with Heur.Backdoor.Win32.Gen (can't remember this one exactly). Panda deleted the hupigon and kapersky quarantined the other. I have no idea if my problems are fixed and would greatly appreciate any help with this.

Thank You
Danica

the DDS logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Danica at 13:15:24 on 2011-09-24
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Danica\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell.com
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\danica\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2012\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2012\Inicio.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3DC313E9-2D52-44EC-9BEE-6F51A5108E0F} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avldr - avldr.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danica\appdata\roaming\mozilla\firefox\profiles\66snorsd.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch ... b.dns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\supportsoft\bin\nptgctlsi.dll
FF - plugin: c:\program files\common files\supportsoft\bin\nptgctlsr.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\danica\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R? AESTFilters;Andrea ST Filters Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? iaNvStor;Intel(R) Turbo Memory Controller
R? MatSvc;Microsoft Automated Troubleshooting Service
R? McProxy;McAfee Proxy Service
R? mferkdk;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
R? SBAMSvc;VIPRE Antivirus
R? SBRE;SBRE
S? AdobeARMservice;Adobe Acrobat Update Service
S? AmFSM;AmFSM
S? AvFlt;Antivirus Filter Driver
S? FontCache;Windows Font Cache Service
S? Panda Software Controller;Panda Software Controller
S? pavboot;Panda boot driver
S? PAVFNSVR;Panda Function Service
S? PavProc;Panda Process Protection Driver
S? PavPrSrv;Panda Process Protection Service
S? PavSRK.sys;PavSRK.sys
S? PAVSRV;Panda On-Access Anti-Malware Service
S? PavTPK.sys;PavTPK.sys
S? PskSvcRetail;Panda PSK service
S? sbapifs;sbapifs
S? SBPIMSvc;SB Recovery Service
S? SbTis;SbTis
S? ShldDrv;Panda File Shield Driver
.
=============== Created Last 30 ================
.
2011-09-24 17:54:50 388096 ----a-r- c:\users\danica\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-24 17:54:49 -------- d-----w- c:\program files\Trend Micro
2011-09-24 15:26:46 -------- d-----w- c:\users\danica\appdata\local\CrashDumps
2011-09-24 00:48:28 -------- d-----w- c:\users\danica\appdata\local\Panda Security
2011-09-24 00:47:25 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-09-24 00:45:51 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2011-09-24 00:45:51 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys
2011-09-24 00:45:51 -------- d-----w- c:\program files\common files\Panda Security
2011-09-23 22:11:44 -------- d-----w- c:\programdata\Trymedia
2011-09-23 22:09:12 -------- d-----w- C:\GameHouse Games
2011-09-23 22:08:42 -------- d-----w- c:\program files\RealArcade
2011-09-22 22:23:32 -------- d-----w- c:\users\danica\appdata\roaming\AVG
2011-09-21 23:03:37 -------- d-----w- c:\users\danica\appdata\roaming\Sunbelt
2011-09-21 23:03:31 -------- d-----w- c:\programdata\Sunbelt
2011-09-21 22:55:56 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-09-21 22:55:51 -------- d-----w- c:\program files\Sunbelt Software
2011-09-17 00:21:50 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-09-16 22:42:55 -------- d-----w- c:\users\danica\appdata\local\NPE
2011-09-16 22:42:55 -------- d-----w- c:\programdata\Norton
2011-09-09 01:20:49 -------- d-----w- c:\program files\common files\supportsoft
2011-09-09 01:20:49 -------- d-----w- c:\program files\ATTSA
2011-09-09 01:20:17 -------- d-----w- c:\program files\TESTRM
2011-09-06 17:30:42 42832 ----a-w- c:\windows\system32\sbbd.exe
2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-08-29 22:36:34 74456 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-29 22:36:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
==================== Find3M ====================
.
2011-09-24 07:18:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-05 13:22:37 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
.
============= FINISH: 13:15:41.84 ===============



.
==== Installed Programs ======================
.
7-Zip 4.65
Accidental Damage Services Agreement
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Advanced Audio FX Engine
Advanced Video FX Engine
ASPCA Tri Reminder by We-Care.com v4.0.10.5
AT&T Quick Fix Client
AT&T Service & Support Tool
att.net Internet Mail
Banctec Service Agreement
CCleaner
D3DX10
Dell Driver Download Manager
Dell Edoc Viewer
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Fingerprint Reader Suite 5.6
Flickr Uploadr 3.2.1
Google Chrome
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless Software
IrfanView (remove only)
Itibiti RTC
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Mahjongg Dimensions Deluxe - Tiles in Time
Marvell Miniport Driver
mCore
mDriver
MediaDirect
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Fix it Center
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mMHouse
Mozilla Firefox 6.0.2 (x86 en-US)
mPfMgr
MSVCRT
mWMI
NVIDIA 3D Vision Driver 260.99
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
NVIDIA Stereoscopic 3D Driver
OutlookAddinSetup
Panda ActiveScan 2.0
Panda Antivirus Pro 2012
Panda Secure Vault 5
Phoenix Viewer 1.5.2.908 SSE2
QuickSet
Realtek High Definition Audio Driver
SecondLifeViewer2 (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Skype™ 5.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIPRE Antivirus
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! Messenger
.
==== End Of File ===========================
Danica10
Active Member
 
Posts: 10
Joined: September 24th, 2011, 2:08 pm
Advertisement
Register to Remove

Re: Need help with virus removal plz

Unread postby Gary R » September 27th, 2011, 4:00 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need help with virus removal plz

Unread postby Gary R » September 27th, 2011, 4:04 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Danica10

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


DDS seems to have had problems "reading" your machine, since several items seem to be missing, or carrying incomplete information.

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download GMER to your Desktop. (It will have a randomly generated name, for example .... wjkl3ecz.exe)

  • Disconnect from the Internet, and close all running programmes.
  • There is a small chance this programme may crash your computer, so save any work you have open.
  • Double click on the randomly named GMER file (eg .... wjkl3ecz.exe) to launch GMER.
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at programme start about rootkit activity and asks if you want to run a scan ..... click OK.
  • If no warning:
    • Click Rootkit tab.
    • Ensure that All the boxes to the right of the program are checked except Show All.
    • Click Scan.
  • Do not use your computer while the scan is running.
  • Once scan is finished click Copy.
    • Click Start > Run then type Notepad.exe then click OK.
    • This will open a Notepad file.
    • Hit Ctrl+V to paste log into it.
    • Save the log to your Desktop.
  • Reconnect to internet and post the log please.

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • GMER log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

DO NOT edit the logs in any way whatsoever I need to see all the information they contain, if I believe any of them have been edited I will close this topic.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need help with virus removal plz

Unread postby Danica10 » September 27th, 2011, 5:53 pm

Hi there Gary R. Thank you for responding.
Here are those logs:

OTL log

OTL logfile created on: 9/27/2011 6:31:13 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Danica\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 69.98% Memory free
7.18 Gb Paging File | 6.23 Gb Available in Paging File | 86.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 448.20 Gb Total Space | 402.74 Gb Free Space | 89.86% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.21 Gb Free Space | 61.37% Space Free | Partition Type: NTFS

Computer Name: DANICA-PC | User Name: Danica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 06:27:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Danica\Desktop\OTL.exe
PRC - [2011/09/07 18:57:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/06 12:29:38 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/04/05 16:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 13:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/11/01 16:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/08/28 00:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/24 02:18:02 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/07 18:57:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (nvsvc)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel(R)
SRV - File not found [Auto | Stopped] -- -- (EvtEng) Intel(R)
SRV - File not found [Auto | Stopped] -- -- (AESTFilters)
SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/06 12:29:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/09/06 12:29:38 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/29 17:36:34 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/08/29 17:36:34 | 000,074,456 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/10/16 13:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/08/16 09:26:29 | 006,637,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel(R)
DRV - [2010/07/27 04:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 04:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/06/22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2010/05/09 23:38:50 | 000,123,856 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/05/09 23:38:50 | 000,110,608 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/05/09 23:38:50 | 000,099,728 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/05/09 23:38:50 | 000,041,680 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/17 02:37:06 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/10/23 00:45:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/10/23 00:45:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/23 00:45:54 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/12/02 13:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 07:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/07 04:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007/08/28 00:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/07/13 07:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.dell.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1089451973-958431364-2657113909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-1089451973-958431364-2657113909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1089451973-958431364-2657113909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1089451973-958431364-2657113909-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Danica\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Danica\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/24 17:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 18:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/24 02:13:39 | 000,000,000 | ---D | M]

[2010/12/13 08:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danica\AppData\Roaming\Mozilla\Extensions
[2010/12/13 08:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danica\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2011/09/22 17:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danica\AppData\Roaming\Mozilla\Firefox\Profiles\66snorsd.default\extensions
[2011/01/11 18:15:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Danica\AppData\Roaming\Mozilla\Firefox\Profiles\66snorsd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/18 20:02:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Danica\AppData\Roaming\Mozilla\Firefox\Profiles\66snorsd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/02 19:05:07 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbarv) -- C:\Users\Danica\AppData\Roaming\Mozilla\Firefox\Profiles\66snorsd.default\extensions\ALone-live@ya.ru
[2011/09/07 18:57:51 | 000,000,000 | ---D | M] (CuteButtons - Crystal SVG) -- C:\Users\Danica\AppData\Roaming\Mozilla\Firefox\Profiles\66snorsd.default\extensions\CuteButtonsCrystalSVG@ChoGGi
[2011/07/13 06:24:43 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Danica\AppData\Roaming\Mozilla\Firefox\Profiles\66snorsd.default\extensions\wecarereminder@bryan
[2011/09/24 11:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/03 07:35:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 23:23:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/09 09:49:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/07 18:57:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?outpu ... n&command={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Danica\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Danica\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Danica\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Consona SmartIssue Plugin (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll
CHR - plugin: Consona Script Runner Plugin for Firefox (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Danica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: avast! WebRep = C:\Users\Danica\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: We-Care Reminder = C:\Users\Danica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.18_0\
CHR - Extension: We-Care Reminder = C:\Users\Danica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.18_0\.bak
CHR - Extension: Poppit = C:\Users\Danica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Late Night = C:\Users\Danica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_1\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1089451973-958431364-2657113909-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-1089451973-958431364-2657113909-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DC313E9-2D52-44EC-9BEE-6F51A5108E0F}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 06:27:46 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Danica\Desktop\OTL.exe
[2011/09/27 06:23:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/27 06:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/09/27 06:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/27 06:18:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Danica\Desktop\erunt-setup.exe
[2011/09/25 19:40:58 | 000,000,000 | ---D | C] -- C:\Users\Danica\AppData\Local\Microsoft Games
[2011/09/24 17:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/24 17:48:43 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/24 17:48:43 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/24 17:48:42 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/24 17:48:41 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/24 17:48:41 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/24 17:48:40 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/24 17:48:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/24 17:48:28 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/24 17:18:49 | 000,000,000 | ---D | C] -- C:\Users\Danica\.VirtualBox
[2011/09/24 17:14:36 | 000,000,000 | ---D | C] -- C:\Users\Danica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panda Safe Browser
[2011/09/24 17:14:32 | 000,123,856 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2011/09/24 17:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sun VirtualBox
[2011/09/24 17:05:26 | 000,041,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2011/09/24 17:05:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/09/24 17:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/09/24 15:40:13 | 000,000,000 | ---D | C] -- C:\Users\Danica\AppData\Roaming\Arkadium
[2011/09/24 13:14:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Danica\Desktop\dds.scr
[2011/09/24 12:54:50 | 000,000,000 | ---D | C] -- C:\Users\Danica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/24 12:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/24 10:26:46 | 000,000,000 | ---D | C] -- C:\Users\Danica\AppData\Local\CrashDumps
[2011/09/24 02:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/24 02:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/09/24 02:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/09/23 19:47:25 | 000,026,696 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011/09/23 19:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/09/23 19:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/09/23 17:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/09/23 17:09:12 | 000,000,000 | ---D | C] -- C:\GameHouse Games
[2011/09/23 17:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
[2011/09/23 17:08:46 | 000,000,000 | ---D | C] -- C:\Users\Danica\AppData\Roaming\WinRAR
[2011/09/23 17:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcade
[2011/09/22 17:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunbelt Software
[2011/09/22 17:23:32 | 000,000,000 | ---D | C] -- C:\Users\Danica\AppData\Roaming\AVG
[2011/09/21 18:03:37 | 000,000,000 | ---D | C] -- C:\Users\Danica\AppData\Roaming\Sunbelt
[2011/09/21 18:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/09/21 17:55:56 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys
[2011/09/21 17:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2011/09/16 17:42:55 | 000,000,000 | ---D | C] -- C:\Users\Danica\AppData\Local\NPE
[2011/09/16 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/09/08 20:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2011/09/08 20:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATTSA
[2011/09/08 20:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\TESTRM
[2011/09/06 12:30:42 | 000,042,832 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/08/29 17:36:34 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/08/29 17:36:34 | 000,074,456 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\sbapifs.sys

========== Files - Modified Within 30 Days ==========

[2011/09/27 06:31:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1089451973-958431364-2657113909-1000UA.job
[2011/09/27 06:31:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1089451973-958431364-2657113909-1000Core.job
[2011/09/27 06:27:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Danica\Desktop\OTL.exe
[2011/09/27 06:22:14 | 000,000,716 | ---- | M] () -- C:\Users\Danica\Desktop\ERUNT.lnk
[2011/09/27 06:18:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Danica\Desktop\erunt-setup.exe
[2011/09/27 06:14:50 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/27 06:14:50 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/27 06:09:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/27 06:09:05 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/09/27 06:09:03 | 000,007,916 | ---- | M] () -- C:\Users\Danica\AppData\Local\d3d9caps.dat
[2011/09/27 06:09:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 06:09:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 06:08:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/26 23:03:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/24 19:36:55 | 000,105,507 | ---- | M] () -- C:\Users\Danica\Desktop\connection.jpg
[2011/09/24 19:29:27 | 000,158,923 | ---- | M] () -- C:\Users\Danica\Desktop\Untitled.jpg
[2011/09/24 17:48:44 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/24 17:48:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/24 17:14:36 | 000,001,095 | ---- | M] () -- C:\Users\Danica\Desktop\Panda Safe Browser.lnk
[2011/09/24 17:08:56 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Sun VirtualBox.lnk
[2011/09/24 13:14:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Danica\Desktop\dds.scr
[2011/09/24 12:58:39 | 000,002,525 | ---- | M] () -- C:\Users\Danica\Desktop\HiJackThis.lnk
[2011/09/24 03:17:41 | 000,001,617 | ---- | M] () -- C:\Users\Danica\Desktop\Safe Run for Websites.lnk
[2011/09/24 02:56:06 | 000,017,408 | ---- | M] () -- C:\Users\Danica\AppData\Local\WebpageIcons.db
[2011/09/24 02:18:02 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/24 02:13:39 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/23 19:56:16 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/09/23 17:11:43 | 000,000,967 | ---- | M] () -- C:\Users\Danica\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/09/23 17:09:08 | 000,000,137 | ---- | M] () -- C:\Users\Danica\Desktop\More Games at GameHouse.com.url
[2011/09/22 17:27:33 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2011/09/20 20:32:16 | 000,002,049 | ---- | M] () -- C:\Users\Danica\Desktop\Google Chrome.lnk
[2011/09/20 20:32:16 | 000,002,011 | ---- | M] () -- C:\Users\Danica\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/06 15:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/06 12:30:42 | 000,042,832 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/08/31 19:31:39 | 000,000,945 | ---- | M] () -- C:\Users\Danica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/29 17:36:34 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/08/29 17:36:34 | 000,074,456 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\sbapifs.sys

========== Files Created - No Company Name ==========

[2011/09/27 06:22:14 | 000,000,716 | ---- | C] () -- C:\Users\Danica\Desktop\ERUNT.lnk
[2011/09/24 19:36:55 | 000,105,507 | ---- | C] () -- C:\Users\Danica\Desktop\connection.jpg
[2011/09/24 19:29:27 | 000,158,923 | ---- | C] () -- C:\Users\Danica\Desktop\Untitled.jpg
[2011/09/24 17:48:44 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/24 17:14:36 | 000,001,095 | ---- | C] () -- C:\Users\Danica\Desktop\Panda Safe Browser.lnk
[2011/09/24 17:08:56 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Sun VirtualBox.lnk
[2011/09/24 12:54:50 | 000,002,525 | ---- | C] () -- C:\Users\Danica\Desktop\HiJackThis.lnk
[2011/09/24 03:17:41 | 000,001,617 | ---- | C] () -- C:\Users\Danica\Desktop\Safe Run for Websites.lnk
[2011/09/24 02:56:04 | 000,017,408 | ---- | C] () -- C:\Users\Danica\AppData\Local\WebpageIcons.db
[2011/09/24 02:13:39 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/24 02:13:39 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/23 19:56:16 | 000,008,627 | ---- | C] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/09/23 17:11:43 | 000,000,967 | ---- | C] () -- C:\Users\Danica\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/09/23 17:09:08 | 000,000,137 | ---- | C] () -- C:\Users\Danica\Desktop\More Games at GameHouse.com.url
[2011/09/22 17:27:33 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2011/09/16 19:21:50 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011/08/31 19:31:39 | 000,000,945 | ---- | C] () -- C:\Users\Danica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/13 02:27:33 | 000,007,916 | ---- | C] () -- C:\Users\Danica\AppData\Local\d3d9caps.dat
[2011/03/04 19:20:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/04 19:18:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/04 13:04:01 | 000,005,632 | ---- | C] () -- C:\Users\Danica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/04 10:05:22 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/12/04 03:11:42 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/12/03 00:02:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/02 19:12:08 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/12/01 19:07:03 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2009/04/11 13:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 11:07:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,230,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/24 15:40:13 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\Arkadium
[2011/09/22 17:23:32 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\AVG
[2010/12/13 08:07:09 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\Flickr
[2010/12/26 00:05:40 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\Imprudence
[2011/05/14 03:52:07 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\IObit
[2010/12/02 22:33:43 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\IrfanView
[2011/05/28 11:33:28 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\MP3Rocket
[2011/04/02 14:47:44 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\SecondLife
[2010/12/29 02:55:48 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\TeamViewer
[2011/03/17 18:48:58 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\TMP
[2011/03/04 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\Uniblue
[2011/05/16 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\Windows Live Writer
[2011/06/15 01:33:32 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/05/01 01:20:00 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/09/27 06:09:05 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2011/09/26 23:15:50 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
Danica10
Active Member
 
Posts: 10
Joined: September 24th, 2011, 2:08 pm

Re: Need help with virus removal plz

Unread postby Danica10 » September 27th, 2011, 5:55 pm

Extras log

OTL Extras logfile created on: 9/27/2011 6:31:13 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Danica\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 69.98% Memory free
7.18 Gb Paging File | 6.23 Gb Available in Paging File | 86.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 448.20 Gb Total Space | 402.74 Gb Free Space | 89.86% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.21 Gb Free Space | 61.37% Space Free | Partition Type: NTFS

Computer Name: DANICA-PC | User Name: Danica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9281FD77-8BBD-4BEE-A14F-89E3D9AE72D1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C869D092-FE4E-473E-822A-278C71F413E4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0459E9EE-C36C-4F2D-90D5-68D29416F744}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{1EA9A58A-B770-4181-A029-37436DA3A221}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{451F5EB2-D84F-49AB-BE8B-1151A99DC251}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5223732B-B907-47CC-99C9-5AE60E916E91}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{78A97860-43E2-4FD9-8FC4-AB66E004BC86}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{7B863886-A688-4DB0-A9B3-9283FF2708CF}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{866DD436-561A-413D-ADDB-2A2C8787DD50}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8EF1AFCB-3874-4805-8BA9-3EAC3CF99E4F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9CC399F4-D7F8-49EE-8579-93B6D3949DAD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AE3BD402-27AB-4A90-AC75-D15F9E531841}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B0CE3079-B498-40B1-AB34-27144B059A52}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{B74A8CF0-959D-41E9-9AF5-37A12E5075CA}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{F67FFCC0-7DE0-4265-ACB8-F06DCCAC97E2}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{F7F15742-E90A-4934-9522-38DA6EBAA803}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"TCP Query User{0175B5AF-EAEB-4A80-8B3A-C99F57BC52A1}C:\users\danica\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\danica\appdata\local\google\update\googleupdate.exe |
"TCP Query User{141B51DC-63C8-4899-B0BE-C9BF1159FC8D}C:\programdata\yahoo!\yupdater\yupdater.exe" = protocol=6 | dir=in | app=c:\programdata\yahoo!\yupdater\yupdater.exe |
"TCP Query User{22788AD3-1950-4234-81E4-A34DBD02E827}C:\program files\ask.com\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\ask.com\updater\updater.exe |
"TCP Query User{299FA616-6347-4C3F-B9A2-48C73313D2FF}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"TCP Query User{2C01DABD-2D43-4A48-84A3-B98EB4F0B7C1}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"TCP Query User{3AE04621-AB12-4BA1-B399-C8008629EDE9}C:\users\danica\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\danica\appdata\local\google\update\googleupdate.exe |
"TCP Query User{47F4A9D7-4C14-44AE-A923-21F9F518CE34}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{5C14B5E2-93A9-4F8C-B68C-4615F3401165}C:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe |
"TCP Query User{675EF05D-AD34-4A22-9895-E1A2DFF7D538}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{681FDA86-71D1-41A2-91E9-D5E4D429F102}C:\windows\system32\macromed\flash\flashutil10s_plugin.exe" = protocol=6 | dir=in | app=c:\windows\system32\macromed\flash\flashutil10s_plugin.exe |
"TCP Query User{6A534F02-49E3-4C36-8E12-27DD715E435B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{86CB170A-396B-4D21-8AAB-0369E8F1E7F4}C:\program files\common files\java\java update\jaucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"TCP Query User{87FEB223-C6E0-4FC3-853B-EB16CC2F6390}C:\program files\ask.com\updatetask.exe" = protocol=6 | dir=in | app=c:\program files\ask.com\updatetask.exe |
"TCP Query User{A3EB2119-A318-4267-A916-E5920A661A31}C:\windows\system32\werfault.exe" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe |
"TCP Query User{A736E06F-8BB7-4E64-8D33-B366924A5415}C:\program files\ask.com\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\ask.com\updater\updater.exe |
"TCP Query User{B03A7232-1E36-4DC3-84CA-EA635381C6E9}C:\windows\system32\dllhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\dllhost.exe |
"TCP Query User{BFE4ACFE-92CF-4185-AD15-8DA87FD17E3E}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{C041B8B3-FE32-4A7A-BE49-3F1700324F0E}C:\program files\phoenix viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"TCP Query User{D04E7CEC-7CDB-4988-B8CA-DEA5EEDF1693}C:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe |
"TCP Query User{DAC52F36-674B-4064-AD2D-750A16032177}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E92C9056-7F31-489D-9C03-05DAC7E5D5AF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{EE58BDAB-604C-4174-A483-3CB56CE8DB3A}C:\program files\att-sst\mccibrowser.exe" = protocol=6 | dir=in | app=c:\program files\att-sst\mccibrowser.exe |
"UDP Query User{01D101B1-908D-4630-B8B5-C2D6E0D9D71F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{11A8E55E-3DFA-4D42-910E-8C6C97DEF6E7}C:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe |
"UDP Query User{1AF05EB3-7C49-41F8-A0CD-BB7326587800}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1BACD5DD-E4AC-4D58-A3EC-9C55F90701EC}C:\program files\common files\java\java update\jaucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"UDP Query User{1C1808FA-178B-4C42-92E5-73D2B2C8D3A9}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{1CF50DC0-CB1F-4F3E-83DE-CA951E7EAADD}C:\program files\ask.com\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\ask.com\updater\updater.exe |
"UDP Query User{1F1EB8F7-33AB-4C36-9EDD-7D6DDB37E664}C:\users\danica\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\danica\appdata\local\google\update\googleupdate.exe |
"UDP Query User{33689518-2BE1-4958-8FC2-68F085B8B3F0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{430AFB89-F605-460C-8C80-A73ADBC9E2A7}C:\program files\att-sst\mccibrowser.exe" = protocol=17 | dir=in | app=c:\program files\att-sst\mccibrowser.exe |
"UDP Query User{4AE94F93-56C4-4105-8DFD-95CEE249D8C2}C:\windows\system32\macromed\flash\flashutil10s_plugin.exe" = protocol=17 | dir=in | app=c:\windows\system32\macromed\flash\flashutil10s_plugin.exe |
"UDP Query User{4C584EEC-50CD-4BE4-8CDF-7BD6DEF7C2D3}C:\program files\ask.com\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\ask.com\updater\updater.exe |
"UDP Query User{508FD8AA-730C-405B-8A94-82239817A5ED}C:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe |
"UDP Query User{6DB72F28-FAEA-4293-A873-907F96030974}C:\programdata\yahoo!\yupdater\yupdater.exe" = protocol=17 | dir=in | app=c:\programdata\yahoo!\yupdater\yupdater.exe |
"UDP Query User{70D5AC7D-FA59-4FCC-A4DC-165CF16CEBEF}C:\windows\system32\werfault.exe" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe |
"UDP Query User{7308EBC3-24F8-4C6E-B5CB-3824BADDC0CB}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{7DE662D5-CBB1-47FE-893D-82D673E79B0A}C:\windows\system32\dllhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\dllhost.exe |
"UDP Query User{9427F5CF-D704-47EA-AF1D-E227919CC51B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{98EB5373-E8AC-41B5-A542-4E73B883D5DF}C:\users\danica\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\danica\appdata\local\google\update\googleupdate.exe |
"UDP Query User{B8BCFDFB-DD71-4B32-90D0-409D502C6117}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"UDP Query User{D6D46C1F-8F9A-4B85-97AD-CF66623D7AAA}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"UDP Query User{EE57AF31-95E5-4333-9485-9568A289F828}C:\program files\ask.com\updatetask.exe" = protocol=17 | dir=in | app=c:\program files\ask.com\updatetask.exe |
"UDP Query User{F7D7DFCF-FABF-44BD-8B45-458CE4733026}C:\program files\phoenix viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09FC5831-DF65-40D0-A173-768F69B06CFD}" = Sun VirtualBox
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{117F771F-EA62-437B-AA3C-65F77B1E4C63}" = AT&T Quick Fix Client
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.2.908 SSE2
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{39F8E2BF-6868-483A-9AC1-7369C1905D7C}" = ASPCA Tri Reminder by We-Care.com v4.0.10.5
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4EE897E-B059-4084-B76D-37895B0F79F3}" = VIPRE Antivirus
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"am-mahjonggdimensionsdeluxetilesintime" = Mahjongg Dimensions Deluxe - Tiles in Time
"ATT-SST" = AT&T Service & Support Tool
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ERUNT_is1" = ERUNT 1.1j
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Panda Safe Browser" = Panda Safe Browser - Secured browser from Panda
"ProInst" = Intel(R) PROSet/Wireless Software
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Mail" = att.net Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1089451973-958431364-2657113909-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2011 6:30:25 PM | Computer Name = Danica-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/23/2011 7:12:59 AM | Computer Name = Danica-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/23/2011 5:58:13 PM | Computer Name = Danica-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/23/2011 10:41:19 PM | Computer Name = Danica-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/24/2011 3:45:11 AM | Computer Name = Danica-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/24/2011 3:47:38 AM | Computer Name = Danica-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/24/2011 11:21:31 AM | Computer Name = Danica-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/24/2011 11:26:43 AM | Computer Name = Danica-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 14.0.835.186, time stamp
0x4e77dea9, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e,
exception code 0xc0000005, fault offset 0x00047333, process id 0x1520, application
start time 0x01cc7ace28ecfe25.

Error - 9/24/2011 11:30:44 AM | Computer Name = Danica-PC | Source = VSS | ID = 8194
Description =

Error - 9/24/2011 11:33:56 AM | Computer Name = Danica-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/26/2011 5:58:46 PM | Computer Name = Danica-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/26/2011 5:58:46 PM | Computer Name = Danica-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 9/27/2011 7:08:47 AM | Computer Name = Danica-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9/27/2011 7:08:54 AM | Computer Name = Danica-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9/27/2011 7:10:43 AM | Computer Name = Danica-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/27/2011 7:10:43 AM | Computer Name = Danica-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 9/27/2011 7:10:43 AM | Computer Name = Danica-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/27/2011 7:10:43 AM | Computer Name = Danica-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/27/2011 7:10:43 AM | Computer Name = Danica-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/27/2011 7:10:43 AM | Computer Name = Danica-PC | Source = Service Control Manager | ID = 7003
Description =


< End of report >
Danica10
Active Member
 
Posts: 10
Joined: September 24th, 2011, 2:08 pm

Re: Need help with virus removal plz

Unread postby Danica10 » September 27th, 2011, 6:06 pm

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-27 07:52:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD50 rev.01.0
Running: sn3dpgxt.exe; Driver: C:\Users\Danica\AppData\Local\Temp\pwdirpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9041C374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9041E996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9041E9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9041EB04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9041E8EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9041EA3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9041E940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9041EAB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9041C398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9041C162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9041C3BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9041EEFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9041CE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9041E9C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9041EA16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9041EB2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9041E918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9041EA7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9041E96E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9041EADC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9041CD1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9041C3E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9041C404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9041C1BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9041C2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9041C2D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9041C31C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9041C428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90D319A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 820EC890 4 Bytes [74, C3, 41, 90] {JZ 0xffffffffffffffc5; INC ECX; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1D1 820EC954 8 Bytes [96, E9, 41, 90, EE, E9, 41, ...] {XCHG ESI, EAX; JMP 0xffffffffe9ee9047; INC ECX; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1DD 820EC960 4 Bytes [04, EB, 41, 90] {ADD AL, 0xeb; INC ECX; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1F5 820EC978 4 Bytes [EC, E8, 41, 90]
.text ntkrnlpa.exe!KeSetEvent + 215 820EC998 8 Bytes JMP E9409041
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 822175C7 5 Bytes JMP 90D2D3DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 822704F3 5 Bytes JMP 90D2EE84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82279E18 4 Bytes CALL 9041D4C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8227DA8C 4 Bytes CALL 9041D4DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 822D1DAE 7 Bytes JMP 90D319AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 001401F8
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 001403FC
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00160600
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00160804
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00160A08
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00170600
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00171014
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00170804
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00170A08
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00170C0C
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00170E10
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[216] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[640] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\csrss.exe[684] KERNEL32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\SYSTEM32\wininit.exe[692] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000301F8
.text C:\Windows\SYSTEM32\wininit.exe[692] ntdll.dll!LdrUnloadDll 779AB740 3 Bytes JMP 000303FC
.text C:\Windows\SYSTEM32\wininit.exe[692] ntdll.dll!LdrUnloadDll + 4 779AB744 1 Byte [88]
.text C:\Windows\SYSTEM32\wininit.exe[692] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\SYSTEM32\wininit.exe[692] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000503FC
.text C:\Windows\SYSTEM32\wininit.exe[692] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00050600
.text C:\Windows\SYSTEM32\wininit.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00051014
.text C:\Windows\SYSTEM32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00050804
.text C:\Windows\SYSTEM32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00050A08
.text C:\Windows\SYSTEM32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00050C0C
.text C:\Windows\SYSTEM32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00050E10
.text C:\Windows\SYSTEM32\wininit.exe[692] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000501F8
.text C:\Windows\SYSTEM32\wininit.exe[692] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00060600
.text C:\Windows\SYSTEM32\wininit.exe[692] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00060804
.text C:\Windows\SYSTEM32\wininit.exe[692] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00060A08
.text C:\Windows\SYSTEM32\wininit.exe[692] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000601F8
.text C:\Windows\SYSTEM32\wininit.exe[692] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[728] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[728] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[728] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[728] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[728] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[728] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[728] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[728] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[740] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[740] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[740] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[740] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[740] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[740] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[740] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[740] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[740] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[752] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[752] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[752] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\OEM02Mon.exe[884] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 001401F8
.text C:\Windows\OEM02Mon.exe[884] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 001403FC
.text C:\Windows\OEM02Mon.exe[884] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\OEM02Mon.exe[884] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00160600
.text C:\Windows\OEM02Mon.exe[884] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00160804
.text C:\Windows\OEM02Mon.exe[884] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00160A08
.text C:\Windows\OEM02Mon.exe[884] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 001601F8
.text C:\Windows\OEM02Mon.exe[884] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 001603FC
.text C:\Windows\OEM02Mon.exe[884] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 001703FC
.text C:\Windows\OEM02Mon.exe[884] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00170600
.text C:\Windows\OEM02Mon.exe[884] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00171014
.text C:\Windows\OEM02Mon.exe[884] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00170804
.text C:\Windows\OEM02Mon.exe[884] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00170A08
.text C:\Windows\OEM02Mon.exe[884] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00170C0C
.text C:\Windows\OEM02Mon.exe[884] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00170E10
.text C:\Windows\OEM02Mon.exe[884] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000301F8
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ntdll.dll!LdrUnloadDll 779AB740 3 Bytes JMP 000303FC
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ntdll.dll!LdrUnloadDll + 4 779AB744 1 Byte [88]
.text C:\Windows\SYSTEM32\winlogon.exe[1016] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000503FC
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00050600
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00051014
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00050804
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00050A08
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00050C0C
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00050E10
.text C:\Windows\SYSTEM32\winlogon.exe[1016] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000501F8
.text C:\Windows\SYSTEM32\winlogon.exe[1016] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00060600
.text C:\Windows\SYSTEM32\winlogon.exe[1016] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00060804
.text C:\Windows\SYSTEM32\winlogon.exe[1016] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00060A08
.text C:\Windows\SYSTEM32\winlogon.exe[1016] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000601F8
.text C:\Windows\SYSTEM32\winlogon.exe[1016] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00980600
.text C:\Windows\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00980804
.text C:\Windows\system32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00980A08
.text C:\Windows\system32\svchost.exe[1028] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 009801F8
.text C:\Windows\system32\svchost.exe[1028] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 009803FC
.text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 000D0600
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 000D0804
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 000D0A08
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000D01F8
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000D03FC
.text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00C70600
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00C70804
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00C70A08
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 00C701F8
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 00C703FC
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00150A08
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 001503FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1252] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00CB0600
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00CB0804
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00CB0A08
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 00CB01F8
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 00CB03FC
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1556] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1556] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1556] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00B60600
.text C:\Windows\system32\svchost.exe[1556] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00B60804
.text C:\Windows\system32\svchost.exe[1556] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00B60A08
.text C:\Windows\system32\svchost.exe[1556] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 00B601F8
.text C:\Windows\system32\svchost.exe[1556] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 00B603FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1780] kernel32.dll!SetUnhandledExceptionFilter 765DA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1780] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1788] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WLANExt.exe[1788] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WLANExt.exe[1788] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1788] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WLANExt.exe[1788] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WLANExt.exe[1788] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WLANExt.exe[1788] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WLANExt.exe[1788] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WLANExt.exe[1788] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WLANExt.exe[1788] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WLANExt.exe[1788] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WLANExt.exe[1788] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00080600
.text C:\Windows\system32\WLANExt.exe[1788] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WLANExt.exe[1788] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WLANExt.exe[1788] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WLANExt.exe[1788] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[1868] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[1868] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[1868] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1868] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[1868] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[1868] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[1868] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[1868] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[1868] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[1868] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[1868] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[1868] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[1868] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[1940] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[1940] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[1940] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\Explorer.EXE[1940] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[1940] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[1940] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[1940] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[1940] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[1940] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[1940] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[1940] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[1940] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[1940] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[1940] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[1940] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[1940] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000803FC
.text C:\Program Files\DellTPad\Apoint.exe[2032] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 001501F8
.text C:\Program Files\DellTPad\Apoint.exe[2032] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 001503FC
.text C:\Program Files\DellTPad\Apoint.exe[2032] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[2032] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\Apoint.exe[2032] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\Apoint.exe[2032] USER32.dll!UnhookWindowsHookEx 761698DB 3 Bytes JMP 00170A08
Danica10
Active Member
 
Posts: 10
Joined: September 24th, 2011, 2:08 pm

Re: Need help with virus removal plz

Unread postby Danica10 » September 27th, 2011, 6:06 pm

.text C:\Program Files\DellTPad\Apoint.exe[2032] USER32.dll!UnhookWindowsHookEx + 4 761698DF 1 Byte [8A]
.text C:\Program Files\DellTPad\Apoint.exe[2032] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DellTPad\Apoint.exe[2032] USER32.dll!UnhookWinEvent 7616C06F 3 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\Apoint.exe[2032] USER32.dll!UnhookWinEvent + 4 7616C073 1 Byte [8A]
.text C:\Program Files\DellTPad\Apoint.exe[2032] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DellTPad\Apoint.exe[2032] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00180600
.text C:\Program Files\DellTPad\Apoint.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00181014
.text C:\Program Files\DellTPad\Apoint.exe[2032] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00180804
.text C:\Program Files\DellTPad\Apoint.exe[2032] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00180A08
.text C:\Program Files\DellTPad\Apoint.exe[2032] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00180C0C
.text C:\Program Files\DellTPad\Apoint.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00180E10
.text C:\Program Files\DellTPad\Apoint.exe[2032] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2100] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\spoolsv.exe[2164] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[2164] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[2164] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2164] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[2164] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[2164] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[2164] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[2164] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[2164] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[2164] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[2164] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[2164] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 000D0600
.text C:\Windows\System32\spoolsv.exe[2164] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 000D0804
.text C:\Windows\System32\spoolsv.exe[2164] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 000D0A08
.text C:\Windows\System32\spoolsv.exe[2164] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000D01F8
.text C:\Windows\System32\spoolsv.exe[2164] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000D03FC
.text C:\Windows\SYSTEM32\taskeng.exe[2212] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\SYSTEM32\taskeng.exe[2212] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\SYSTEM32\taskeng.exe[2212] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\SYSTEM32\taskeng.exe[2212] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\SYSTEM32\taskeng.exe[2212] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\SYSTEM32\taskeng.exe[2212] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\SYSTEM32\taskeng.exe[2212] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\SYSTEM32\taskeng.exe[2212] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\SYSTEM32\taskeng.exe[2212] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\SYSTEM32\taskeng.exe[2212] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\SYSTEM32\taskeng.exe[2212] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\SYSTEM32\taskeng.exe[2212] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00080600
.text C:\Windows\SYSTEM32\taskeng.exe[2212] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00080804
.text C:\Windows\SYSTEM32\taskeng.exe[2212] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00080A08
.text C:\Windows\SYSTEM32\taskeng.exe[2212] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000801F8
.text C:\Windows\SYSTEM32\taskeng.exe[2212] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2224] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2224] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2224] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00130804
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00130A08
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 001301F8
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 001303FC
.text C:\Windows\SYSTEM32\taskeng.exe[2448] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\SYSTEM32\taskeng.exe[2448] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\SYSTEM32\taskeng.exe[2448] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\SYSTEM32\taskeng.exe[2448] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\SYSTEM32\taskeng.exe[2448] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\SYSTEM32\taskeng.exe[2448] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\SYSTEM32\taskeng.exe[2448] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\SYSTEM32\taskeng.exe[2448] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\SYSTEM32\taskeng.exe[2448] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\SYSTEM32\taskeng.exe[2448] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\SYSTEM32\taskeng.exe[2448] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\SYSTEM32\taskeng.exe[2448] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00080600
.text C:\Windows\SYSTEM32\taskeng.exe[2448] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00080804
.text C:\Windows\SYSTEM32\taskeng.exe[2448] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00080A08
.text C:\Windows\SYSTEM32\taskeng.exe[2448] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000801F8
.text C:\Windows\SYSTEM32\taskeng.exe[2448] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2472] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2688] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2688] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2688] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2688] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[2688] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[2688] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 000F0A08
.text C:\Windows\system32\svchost.exe[2688] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[2688] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000F03FC
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 001501F8
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 001503FC
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] ADVAPI32.DLL!CreateServiceW 77B19EB4 5 Bytes JMP 002B03FC
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] ADVAPI32.DLL!DeleteService 77B1A07E 5 Bytes JMP 002B0600
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] ADVAPI32.DLL!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 002B1014
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] ADVAPI32.DLL!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 002B0804
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] ADVAPI32.DLL!ChangeServiceConfigW 77B56F81 5 Bytes JMP 002B0A08
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] ADVAPI32.DLL!ChangeServiceConfig2A 77B57099 5 Bytes JMP 002B0C0C
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] ADVAPI32.DLL!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 002B0E10
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] ADVAPI32.DLL!CreateServiceA 77B572A1 5 Bytes JMP 002B01F8
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] USER32.DLL!SetWindowsHookExA 76166322 5 Bytes JMP 002C0600
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] USER32.DLL!SetWindowsHookExW 761687AD 5 Bytes JMP 002C0804
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] USER32.DLL!UnhookWindowsHookEx 761698DB 5 Bytes JMP 002C0A08
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] USER32.DLL!SetWinEventHook 76169F3A 5 Bytes JMP 002C01F8
.text C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe[2920] USER32.DLL!UnhookWinEvent 7616C06F 5 Bytes JMP 002C03FC
.text C:\Windows\system32\svchost.exe[2964] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2964] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2964] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2964] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2964] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2964] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2964] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2964] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2964] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2964] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2964] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000B01F8
.text C:\Users\Danica\Desktop\sn3dpgxt.exe[3136] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3376] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3376] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3376] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[3432] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3432] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3432] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3432] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3432] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 000D0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 000D0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 000D0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000D01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3492] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000D03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] USER32.dll!UnhookWindowsHookEx 761698DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3592] USER32.dll!UnhookWinEvent 7616C06F 5 Bytes JMP 000803FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 001501F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 001503FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!UnhookWindowsHookEx 761698DB 3 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!UnhookWindowsHookEx + 4 761698DF 1 Byte [8A]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!UnhookWinEvent 7616C06F 3 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] USER32.dll!UnhookWinEvent + 4 7616C073 1 Byte [8A]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00180600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00181014
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00180804
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00180A08
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00180C0C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00180E10
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3920] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 001801F8
.text C:\Program Files\DellTPad\HidFind.exe[4016] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 001501F8
.text C:\Program Files\DellTPad\HidFind.exe[4016] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 001503FC
.text C:\Program Files\DellTPad\HidFind.exe[4016] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\DellTPad\HidFind.exe[4016] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\HidFind.exe[4016] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\HidFind.exe[4016] USER32.dll!UnhookWindowsHookEx 761698DB 3 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\HidFind.exe[4016] USER32.dll!UnhookWindowsHookEx + 4 761698DF 1 Byte [8A]
.text C:\Program Files\DellTPad\HidFind.exe[4016] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DellTPad\HidFind.exe[4016] USER32.dll!UnhookWinEvent 7616C06F 3 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\HidFind.exe[4016] USER32.dll!UnhookWinEvent + 4 7616C073 1 Byte [8A]
.text C:\Program Files\DellTPad\HidFind.exe[4016] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DellTPad\HidFind.exe[4016] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00180600
.text C:\Program Files\DellTPad\HidFind.exe[4016] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00181014
.text C:\Program Files\DellTPad\HidFind.exe[4016] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00180804
.text C:\Program Files\DellTPad\HidFind.exe[4016] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00180A08
.text C:\Program Files\DellTPad\HidFind.exe[4016] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00180C0C
.text C:\Program Files\DellTPad\HidFind.exe[4016] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00180E10
.text C:\Program Files\DellTPad\HidFind.exe[4016] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 001801F8
.text C:\Program Files\DellTPad\Apntex.exe[4024] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 001501F8
.text C:\Program Files\DellTPad\Apntex.exe[4024] ntdll.dll!LdrUnloadDll 779AB740 5 Bytes JMP 001503FC
.text C:\Program Files\DellTPad\Apntex.exe[4024] kernel32.dll!GetBinaryTypeW + 70 76602247 1 Byte [62]
.text C:\Program Files\DellTPad\Apntex.exe[4024] USER32.dll!SetWindowsHookExA 76166322 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\Apntex.exe[4024] USER32.dll!SetWindowsHookExW 761687AD 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\Apntex.exe[4024] USER32.dll!UnhookWindowsHookEx 761698DB 3 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\Apntex.exe[4024] USER32.dll!UnhookWindowsHookEx + 4 761698DF 1 Byte [8A]
.text C:\Program Files\DellTPad\Apntex.exe[4024] USER32.dll!SetWinEventHook 76169F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DellTPad\Apntex.exe[4024] USER32.dll!UnhookWinEvent 7616C06F 3 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\Apntex.exe[4024] USER32.dll!UnhookWinEvent + 4 7616C073 1 Byte [8A]
.text C:\Program Files\DellTPad\Apntex.exe[4024] ADVAPI32.dll!CreateServiceW 77B19EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DellTPad\Apntex.exe[4024] ADVAPI32.dll!DeleteService 77B1A07E 5 Bytes JMP 00180600
.text C:\Program Files\DellTPad\Apntex.exe[4024] ADVAPI32.dll!SetServiceObjectSecurity 77B56CD9 5 Bytes JMP 00181014
.text C:\Program Files\DellTPad\Apntex.exe[4024] ADVAPI32.dll!ChangeServiceConfigA 77B56DD9 5 Bytes JMP 00180804
.text C:\Program Files\DellTPad\Apntex.exe[4024] ADVAPI32.dll!ChangeServiceConfigW 77B56F81 5 Bytes JMP 00180A08
.text C:\Program Files\DellTPad\Apntex.exe[4024] ADVAPI32.dll!ChangeServiceConfig2A 77B57099 5 Bytes JMP 00180C0C
.text C:\Program Files\DellTPad\Apntex.exe[4024] ADVAPI32.dll!ChangeServiceConfig2W 77B571E1 5 Bytes JMP 00180E10
.text C:\Program Files\DellTPad\Apntex.exe[4024] ADVAPI32.dll!CreateServiceA 77B572A1 5 Bytes JMP 001801F8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[728] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00150002
IAT C:\Windows\system32\services.exe[728] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00150000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Danica10
Active Member
 
Posts: 10
Joined: September 24th, 2011, 2:08 pm

Re: Need help with virus removal plz

Unread postby Gary R » September 28th, 2011, 4:30 am

No sign of any active infection on your machine so far, however there are a few issues that need attention.

First

Your logs show you have 2 anti-virus programs installed ....

avast! Free Antivirus
Panda Antivirus Pro 2012


This is a recipe for disaster, since they will conflict with each other and give you less not more protection.

You must choose which one you want to keep and uninstall the other using control panel > programs > uninstall a program

Reboot your computer when you've uninstalled the program of your choice.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
[2010/12/03 07:35:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 23:23:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll File not found
O3 - HKU\S-1-5-21-1089451973-958431364-2657113909-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
DRV - [2007/07/13 07:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/12/02 13:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 07:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
[2011/05/14 03:52:07 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\IObit
[2011/09/22 17:23:32 | 000,000,000 | ---D | M] -- C:\Users\Danica\AppData\Roaming\AVG
[2011/09/16 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

:Commands
[emptyflash]
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need help with virus removal plz

Unread postby Danica10 » September 28th, 2011, 8:02 pm

OTL log


All processes killed
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1089451973-958431364-2657113909-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Error: Unable to stop service MPFP!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MPFP deleted successfully.
C:\Windows\System32\drivers\Mpfp.sys moved successfully.
Service mfesmfk stopped successfully!
Service mfesmfk deleted successfully!
C:\Windows\System32\drivers\mfesmfk.sys moved successfully.
Service mferkdk stopped successfully!
Service mferkdk deleted successfully!
C:\Windows\System32\drivers\mferkdk.sys moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\IObit SmartDefrag folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\Toolbox folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\SmartRAM folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\EmptyFolder folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit folder moved successfully.
C:\Users\Danica\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Danica\AppData\Roaming\AVG folder moved successfully.
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\ProgramData\Norton\NPE folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Danica
->Flash cache emptied: 6217 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Danica
->Temp folder emptied: 286246945 bytes
->Temporary Internet Files folder emptied: 1884779 bytes
->Java cache emptied: 412396 bytes
->FireFox cache emptied: 62034073 bytes
->Google Chrome cache emptied: 59151821 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 391292 bytes
RecycleBin emptied: 58948734 bytes

Total Files Cleaned = 447.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09282011_170843

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Danica10
Active Member
 
Posts: 10
Joined: September 24th, 2011, 2:08 pm

Re: Need help with virus removal plz

Unread postby Danica10 » September 28th, 2011, 8:03 pm

OTL log


All processes killed
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1089451973-958431364-2657113909-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Error: Unable to stop service MPFP!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MPFP deleted successfully.
C:\Windows\System32\drivers\Mpfp.sys moved successfully.
Service mfesmfk stopped successfully!
Service mfesmfk deleted successfully!
C:\Windows\System32\drivers\mfesmfk.sys moved successfully.
Service mferkdk stopped successfully!
Service mferkdk deleted successfully!
C:\Windows\System32\drivers\mferkdk.sys moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\IObit SmartDefrag folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\Toolbox folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\SmartRAM folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\EmptyFolder folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit\Advanced SystemCare folder moved successfully.
C:\Users\Danica\AppData\Roaming\IObit folder moved successfully.
C:\Users\Danica\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Danica\AppData\Roaming\AVG folder moved successfully.
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\ProgramData\Norton\NPE folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Danica
->Flash cache emptied: 6217 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Danica
->Temp folder emptied: 286246945 bytes
->Temporary Internet Files folder emptied: 1884779 bytes
->Java cache emptied: 412396 bytes
->FireFox cache emptied: 62034073 bytes
->Google Chrome cache emptied: 59151821 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 391292 bytes
RecycleBin emptied: 58948734 bytes

Total Files Cleaned = 447.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09282011_170843

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Danica10
Active Member
 
Posts: 10
Joined: September 24th, 2011, 2:08 pm

Re: Need help with virus removal plz

Unread postby Danica10 » September 28th, 2011, 8:04 pm

ESET log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=472f21287df0784c9299fa7849ba30f9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-28 11:54:12
# local_time=2011-09-28 06:54:12 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 24516845 24516845 0 0
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16774142 0 6 10036728 48790458 0 0
# compatibility_mode=5892 16776573 100 100 6995871 153857178 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=150864
# found=2
# cleaned=0
# scan_time=4402
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Danica\Downloads\PlayItAll-Setup-win32_2.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
Danica10
Active Member
 
Posts: 10
Joined: September 24th, 2011, 2:08 pm

Re: Need help with virus removal plz

Unread postby Gary R » September 29th, 2011, 5:34 am

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll
C:\Users\Danica\Downloads\PlayItAll-Setup-win32_2.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

How is your computer behaving now
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need help with virus removal plz

Unread postby Danica10 » September 29th, 2011, 7:23 am

I haven't had any mailer-daemon delivery failure messages and my computer seems to be running normally. Thank you so much for taking the time to help me.
Danica

========== FILES ==========
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll moved successfully.
C:\Users\Danica\Downloads\PlayItAll-Setup-win32_2.exe moved successfully.

OTL by OldTimer - Version 3.2.29.1 log created on 09292011_061813
Danica10
Active Member
 
Posts: 10
Joined: September 24th, 2011, 2:08 pm

Re: Need help with virus removal plz

Unread postby Gary R » September 29th, 2011, 8:47 am

Time for a little housekeeping then.

Let's clear out OTL and the files and folders it created. This will also remove GMER, except for the randomly named file on your desktop which you'll need to delete manually.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need help with virus removal plz

Unread postby Danica10 » September 29th, 2011, 5:50 pm

My computer seems to be running fine. Thank you very much for your help.

Danica
Danica10
Active Member
 
Posts: 10
Joined: September 24th, 2011, 2:08 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware