Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Assistance required Please!Paypal Account hacked(Malware?)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Assistance required Please!Paypal Account hacked(Malware

Unread postby leroy69 » April 25th, 2012, 5:14 pm

GMER contd

764D9F3A 5 Bytes JMP 00CA01F8
.text C:\Windows\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 00CA03FC
.text C:\Windows\System32\svchost.exe[1320] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00190600
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00190804
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00190A08
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00260600
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00260A08
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 002603FC
.text C:\Windows\system32\rundll32.exe[1400] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000601F8
.text C:\Windows\system32\rundll32.exe[1400] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000603FC
.text C:\Windows\system32\rundll32.exe[1400] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\rundll32.exe[1400] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00070600
.text C:\Windows\system32\rundll32.exe[1400] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00070804
.text C:\Windows\system32\rundll32.exe[1400] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\rundll32.exe[1400] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\rundll32.exe[1400] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00080600
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000801F8
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1548] kernel32.dll!SetUnhandledExceptionFilter 76C1A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1548] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1996] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1996] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 001A0600
.text C:\Windows\System32\spoolsv.exe[1996] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 001A0804
.text C:\Windows\System32\spoolsv.exe[1996] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 001A0A08
.text C:\Windows\System32\spoolsv.exe[1996] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001A01F8
.text C:\Windows\System32\spoolsv.exe[1996] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001A03FC
.text C:\Windows\system32\taskeng.exe[2028] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2028] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2028] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2028] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2028] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2028] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2028] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2028] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\taskeng.exe[2144] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2144] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2144] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00170600
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\taskeng.exe[2144] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00180600
.text C:\Windows\system32\taskeng.exe[2144] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00180804
.text C:\Windows\system32\taskeng.exe[2144] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\taskeng.exe[2144] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\taskeng.exe[2144] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[2436] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2436] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2492] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2492] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2492] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\SearchIndexer.exe[2576] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2576] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2576] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2576] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2576] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2576] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2576] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2576] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[2652] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[2652] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[2652] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WUDFHost.exe[2652] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[2652] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[2652] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[2652] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WUDFHost.exe[2652] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 001701F8
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 001501F8
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 001503FC
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 001903FC
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00190600
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00191014
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00190804
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00190A08
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00190C0C
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00190E10
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 001901F8
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 001A0600
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 001A0804
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 001A0A08
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001A01F8
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001A03FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3700] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00080600
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00080804
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00080A08
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000803FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[624] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00B70002
IAT C:\Windows\system32\services.exe[624] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00B70000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
leroy69
Active Member
 
Posts: 10
Joined: April 19th, 2012, 1:25 pm
Advertisement
Register to Remove

Re: Assistance required Please!Paypal Account hacked(Malware

Unread postby deltalima » April 25th, 2012, 5:28 pm

Hi leroy69,

Have you any idea how someone could have got our paypal account details if not through spyware/malware?


There are various posibilities, have you ever logged into paypal from another computer that may have been compromised?

Have you ever told anyone else your password? Is it a password that could be guessed?

The best thing to do is to change your password to one using a mixture of random letters and numbers and never tell anyone the password. Also do not use the same password for any other account.

As you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Assistance required Please!Paypal Account hacked(Malware

Unread postby deltalima » April 26th, 2012, 1:47 pm

As your problems do not appear to be malware related, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 88 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware