Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old April 16th, 2012, 02:52 PM
llanita llanita is offline
Member
 
Join Date: Feb 2007
Posts: 97
My laptop is taking forever to load pages.

Hi, I have a Dell Inspiron 1525 laptop with Windows Vista.
I don't know why my laptop is taking a long time to load pages. It also takes a good while when I first start it up in the mornings.
I have a HJT log maybe you can help me and let me know what I can get rid off.
Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:44:36 AM, on 4/16/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://search.notepad.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-

B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement

Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9

-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12

\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-

D17F00898D06} - C:\Program Files\AVAST

Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-

8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550

-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-

F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-

BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-

0BAB4151CAD8} - C:\Program Files\Yontoo Layers

Runtime\YontooIEClient.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-

19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-

D17F00898D06} - C:\Program Files\AVAST

Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI]

C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common

Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST

Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RegZooka Scheduler] C:\Program

Files\RegZooka\RegZookaScheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common

Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver -

res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Program

Files\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program

Files\LastPass\context.html?cmd=fillforms
O9 - Extra button: @C:\Program Files\Windows

Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2

-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows

Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2

-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935

-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-

479B-8935-AEC46303B9E5} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12

\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop

Utility) - http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -

file:///C:/Program%20Files/Vacation%20Quest%20-%20The%

20Hawaiian%20Islands/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper

Control) - file:///C:/Program%20Files/Vacation%20Quest%20-%

20The%20Hawaiian%20Islands/Images/armhelper.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-

3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12

\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-

07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}

- C:\Program Files\Windows Live\Photo

Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32

\browseui.dll
O23 - Service: Adobe Flash Player Update Service

(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -

C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program

Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program

Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service

(GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1

\GFIHInst.exe
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service

(GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1

\GFIHSC~1.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. -

C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google

Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks

SAS - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common

Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 7575 bytes
Reply With Quote


  #2  
Old April 17th, 2012, 01:16 AM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,626
Hello llanita,

Some adware at least showing here. Let's check in more detail.

Before posting log files, please go to Format in Notepad and uncheck, then recheck Word Wrap. Keeps it from breaking up logs like this one was.



The system is Vista, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
Reply With Quote
  #3  
Old April 18th, 2012, 08:53 PM
llanita llanita is offline
Member
 
Join Date: Feb 2007
Posts: 97
Ok here's the logs for the first scan with Oldtimes OTL

OTL logfile created on: 4/18/2012 9:38:59 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\shoshi\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.15% Memory free
4.21 Gb Paging File | 2.97 Gb Available in Paging File | 70.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.86 Gb Total Space | 43.01 Gb Free Space | 32.62% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 0.53 Gb Free Space | 3.59% Space Free | Partition Type: NTFS

Computer Name: LAP | User Name: shoshi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/18 09:37:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\shoshi\Desktop\OTL.exe
PRC - [2012/03/16 16:44:18 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) -- C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
PRC - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) -- C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/03 18:07:04 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/13 16:51:33 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_20 2_233.dll
MOD - [2012/03/16 16:44:17 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/09 16:00:13 | 000,968,704 | ---- | M] () -- C:\Users\shoshi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\taygf65z.default\extensions\support@lastpas s.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/02/16 16:53:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784 \System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 16:37:18 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/12 19:39:18 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni .dll
MOD - [2008/10/13 14:17:24 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/13 16:51:33 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt)
SRV - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/03 18:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/21 08:50:46 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/09/21 08:50:43 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/06/06 23:21:32 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/01 19:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2003/09/06 08:37:22 | 000,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003/09/06 07:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 07:25:52 | 000,051,744 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/09/06 07:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm002YYUS&ptb=Zrk4si5AvZppLg66h bfZXw&ind=2011012620&ptnrS=ZLxdm002YYUS&si=&n=77dd 9e0c&psa=&st=sb&searchfor={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2092843724-655634709-2051809142-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.notepad.com
IE - HKU\S-1-5-21-2092843724-655634709-2051809142-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2092843724-655634709-2051809142-1000\..\SearchScopes,DefaultScope = {CEE3FC4A-7BD6-4E9D-9CF2-8729A2E30EF3}
IE - HKU\S-1-5-21-2092843724-655634709-2051809142-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2092843724-655634709-2051809142-1000\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm002YYUS&ptb=Zrk4si5AvZppLg66h bfZXw&ind=2011012620&ptnrS=ZLxdm002YYUS&si=&n=77dd 9e0c&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2092843724-655634709-2051809142-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={6B5410EF-491C-4CD9-AD01-38114B886E52}&mid=accf50fc0b3c47d196b8d16ae8ff2a3d-d4a4120061e5ccb5e86dbd7db8f2b427c8c9da2e&lang=en&d s=AVG&pr=fr&d=2011-11-22 10:42:25&v=8.0.0.40&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2092843724-655634709-2051809142-1000\..\SearchScopes\{CEE3FC4A-7BD6-4E9D-9CF2-8729A2E30EF3}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2092843724-655634709-2051809142-1000\..\SearchScopes\{D7B280F4-86BF-460B-AE2C-D92047535630}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-2092843724-655634709-2051809142-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/login.php"
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.21.0.11
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B750bd007-a4eb-49c8-8930-2aed115c607e%7D&mid=accf50fc0b3c47d196b8d16ae8ff2a 3d-d4a4120061e5ccb5e86dbd7db8f2b427c8c9da2e&ds=AVG&v= 8.0.0.40&lang=en&pr=fr&d=2011-11-22%2010%3A42%3A25&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_20 2_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp .dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgames player.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\shoshi\AppData\LocalLow\Unity\WebPlayer\l oader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/09 16:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/16 16:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 07:26:05 | 000,000,000 | ---D | M]

[2010/11/04 11:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shoshi\AppData\Roaming\Mozilla\Extensions
[2010/11/04 11:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shoshi\AppData\Roaming\Mozilla\Extensions \{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/21 17:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shoshi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\taygf65z.default\extensions
[2011/07/30 18:38:54 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\shoshi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\taygf65z.default\extensions\2020Player_WEB@ 2020Technologies.com
[2011/08/09 18:44:21 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\shoshi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\taygf65z.default\extensions\DeviceDetection @logitech.com
[2011/09/03 08:21:29 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\shoshi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\taygf65z.default\extensions\plugin@yontoo.c om
[2012/03/21 17:16:38 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\shoshi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\taygf65z.default\extensions\support@lastpas s.com
[2011/11/10 11:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/23 09:47:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/09 16:17:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\SHOSHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\TAYGF65Z.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@D IVX.COM.XPI
() (No name found) -- C:\USERS\SHOSHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\TAYGF65Z.DEFAULT\EXTENSIONS\FIREFOX@RED-COG.COM.XPI
() (No name found) -- C:\USERS\SHOSHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\TAYGF65Z.DEFAULT\EXTENSIONS\PERSONAS@CHRIST OPHER.BEARD.XPI
[2012/03/16 16:44:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/10/23 16:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/02/10 18:57:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/24 21:29:20 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/10 18:57:57 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RegZooka Scheduler] C:\Program Files\RegZooka\RegZookaScheduler.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Vacation%20Quest%20-%20The%20Hawaiian%20Islands/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Vacation%20Quest%20-%20The%20Hawaiian%20Islands/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{7B7E85E0-0AF5-48D0-B8E8-62F3F0A814AF}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Resources\Themes\Aero Blue\wallpaper.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Resources\Themes\Aero Blue\wallpaper.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{d372fb13-1c2c-11e1-a25c-0023ae1bc3ce}\Shell - "" = AutoRun
O33 - MountPoints2\{d372fb13-1c2c-11e1-a25c-0023ae1bc3ce}\Shell\AutoRun\command - "" = H:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 09:37:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\shoshi\Desktop\OTL.exe
[2012/04/18 09:30:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/04/18 08:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/04/11 10:38:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/11 10:38:14 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/11 10:38:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/11 10:38:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 10:38:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/11 10:38:03 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/11 08:59:07 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/11 08:59:06 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/08 09:25:38 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/18 09:44:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\shoshi\Desktop\aswMBR.exe
[2012/04/18 09:37:58 | 000,302,592 | ---- | M] () -- C:\Users\shoshi\Desktop\l3emxbfr.exe
[2012/04/18 09:37:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\shoshi\Desktop\OTL.exe
[2012/04/18 09:36:51 | 000,002,485 | ---- | M] () -- C:\Users\shoshi\Desktop\HiJackThis.lnk
[2012/04/18 09:30:39 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/18 09:30:34 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/18 09:15:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/18 08:51:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/18 08:15:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/18 08:05:14 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 08:05:08 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 08:03:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/16 08:43:25 | 001,402,880 | ---- | M] () -- C:\Users\shoshi\Documents\HijackThis.msi
[2012/04/13 19:38:44 | 000,000,099 | ---- | M] () -- C:\Users\shoshi\Desktop\Kitchen Craft Recipe Guide.URL
[2012/04/13 16:51:33 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/13 16:51:33 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/11 08:55:12 | 000,613,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/11 08:55:12 | 000,108,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/03 08:58:29 | 000,069,720 | ---- | M] () -- C:\Users\shoshi\Desktop\BotRule.jpg
[2012/03/31 07:51:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/03/28 09:33:20 | 269,367,744 | ---- | M] () -- C:\Windows\MEMORY.DMP
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/18 09:37:58 | 000,302,592 | ---- | C] () -- C:\Users\shoshi\Desktop\l3emxbfr.exe
[2012/04/18 09:30:39 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/18 09:30:34 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/16 08:43:38 | 000,002,485 | ---- | C] () -- C:\Users\shoshi\Desktop\HiJackThis.lnk
[2012/04/16 08:38:27 | 001,402,880 | ---- | C] () -- C:\Users\shoshi\Documents\HijackThis.msi
[2012/04/13 19:38:44 | 000,000,099 | ---- | C] () -- C:\Users\shoshi\Desktop\Kitchen Craft Recipe Guide.URL
[2012/04/08 09:25:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/03 08:58:29 | 000,069,720 | ---- | C] () -- C:\Users\shoshi\Desktop\BotRule.jpg
[2012/03/04 11:02:03 | 000,173,917 | ---- | C] () -- C:\Windows\Leah's Tale Uninstaller.exe
[2012/03/02 21:19:56 | 000,173,728 | ---- | C] () -- C:\Windows\Ella's Hope Uninstaller.exe
[2011/11/07 22:05:24 | 000,000,000 | ---- | C] () -- C:\Windows\Captive.INI
[2011/10/29 20:38:10 | 000,000,000 | ---- | C] () -- C:\Windows\Shadow.INI
[2011/10/01 20:49:43 | 000,012,800 | ---- | C] () -- C:\Windows\sysutils.dll
[2011/09/01 09:39:03 | 000,000,297 | ---- | C] () -- C:\Users\shoshi\AppData\Roaming\Network Meter_Settings.ini
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/08/09 17:49:41 | 000,000,094 | ---- | C] () -- C:\Users\shoshi\AppData\Local\fusioncache.dat
[2011/07/26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/07/14 21:00:42 | 000,000,000 | ---- | C] () -- C:\Windows\Curses.INI
[2011/07/05 23:43:53 | 000,000,000 | ---- | C] () -- C:\Users\shoshi\AppData\Local\{AD3915F9-36FA-42E1-BA04-E458AED2DCAB}
[2011/07/05 23:42:02 | 000,000,000 | ---- | C] () -- C:\Users\shoshi\AppData\Local\{2BFA1CD8-BED7-4139-A81C-5F58C0A614B7}
[2011/07/05 15:25:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/07/05 15:25:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/06/26 09:06:07 | 000,000,000 | ---- | C] () -- C:\Windows\Twister.INI
[2011/01/22 12:02:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2011/01/22 12:02:29 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2011/01/22 12:02:29 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2011/01/22 12:02:29 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2011/01/22 12:02:29 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2011/01/22 12:02:29 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2011/01/22 12:02:29 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2011/01/22 12:02:29 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2011/01/22 12:02:29 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2011/01/22 12:02:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2011/01/22 12:02:29 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2011/01/22 12:02:29 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2011/01/22 12:02:29 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2011/01/22 12:02:29 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2011/01/22 12:02:29 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2011/01/22 12:02:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2011/01/22 12:02:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2011/01/22 12:02:29 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2011/01/22 12:02:28 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2011/01/22 12:02:28 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2011/01/22 12:02:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2011/01/22 12:02:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2011/01/22 12:02:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2011/01/22 12:02:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2011/01/22 12:02:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2011/01/22 12:02:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2010/06/25 21:03:11 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/31 20:55:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/14 07:35:29 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2010/05/07 19:42:35 | 000,000,000 | ---- | C] () -- C:\Windows\Waverly.INI
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMPA18FD1D
@Alternate Data Stream - 684 bytes -> C:\Users\Public\Documents\Pool Pictures.eml:OECustomProperty
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:76987FE5
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:5D114334
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:F3591DDB
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:A6B07419
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:9D03192E
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:3AD6342E
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:5F7DD688
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:C9B27A06
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:B4F0E275
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:35629AE6
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:99AC3203
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:5C4A588B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:F5FC5DCE
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:664852B0
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:663B62CA
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:29C0641D
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:0ACF1AF5
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:3AB8D21A
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:CAE2C3A5
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:2CED8825
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:A9ABA3FF
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:124322E4
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:9E3E060F
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:9742C5DF
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:09161C63
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:C1308100
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:BB3CECA4
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:AFB24B00
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMPCA79AB3
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:3807D082
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP29191BC
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:14750D76
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:6514A833
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:2DAD076E
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMPAB09BDB
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:1409277B
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:A267D091
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:19F08842
@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:C66222F3
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:29B58DE5
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:9AC90CCA
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:49EF37B6
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:36B7CE4C
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:5F59E8EA
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:4A0EB22A
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:590253A0
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMPE6E76CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:2E5DF4FF
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E99D1D3C
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:696F7DA7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FE54D9EC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EA7D76BE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP01ACC06
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:64170090
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5BBAFAAC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AEEC88F6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AC73CDCE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3CA74DCC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6DD124E2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:000D6A25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:14362DF8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:ED2998F5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:4F8B72C9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:211ED887

< End of report >
Reply With Quote
  #4  
Old April 18th, 2012, 08:54 PM
llanita llanita is offline
Member
 
Join Date: Feb 2007
Posts: 97
Here's Extra.Txt

OTL Extras logfile created on: 4/18/2012 9:38:59 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\shoshi\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.15% Memory free
4.21 Gb Paging File | 2.97 Gb Available in Paging File | 70.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.86 Gb Total Space | 43.01 Gb Free Space | 32.62% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 0.53 Gb Free Space | 3.59% Space Free | Partition Type: NTFS

Computer Name: LAP | User Name: shoshi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2092843724-655634709-2051809142-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2092843724-655634709-2051809142-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{02FDA331-EBA3-4032-88D2-39011B931DBA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1A1F7A95-CA7C-46D8-B314-896ABA0D08FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1BD97B95-A82E-4F99-AA73-419DD14C9BE5}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C7A8ADD-C95D-4BBC-9451-F67C2BA0A4AC}" = rport=138 | protocol=17 | dir=out | app=system |
"{5EE43B58-6697-479D-BC3B-2EC24989F74A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6EE1C858-DBB9-42E6-8306-F4FD1D525655}" = lport=138 | protocol=17 | dir=in | app=system |
"{842B4039-42C8-46A2-99A8-5497A5E1E23F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{96ADB83A-901A-41C2-ADCD-07D74EC82EA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BDDB107D-DAF5-4BBC-A746-AA3288869632}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E5AA5BB8-C576-49A9-B628-0461EE24E222}" = lport=137 | protocol=17 | dir=in | app=system |
"{E5EB0B35-04BF-48DE-A856-8B22678D2363}" = lport=445 | protocol=6 | dir=in | app=system |
"{F022F8F5-8ED5-4852-AC7D-16F0C35ABCF7}" = lport=139 | protocol=6 | dir=in | app=system |
"{F183534D-B4F9-40C4-9804-CFEED305F573}" = rport=139 | protocol=6 | dir=out | app=system |
"{F2FEA659-16E9-45D1-9814-8BA8BA97010D}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{007EBF78-BF89-41E4-BB42-5FCD5829D604}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{019DED3A-3CB7-45E5-A033-F9BDD4FAFE3B}" = protocol=6 | dir=in | app=c:\users\shoshi\appdata\roaming\dropbox\bin\dr opbox.exe |
"{167AC0F2-FB35-47A4-874B-D6AB1384109B}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{17CA93EE-8D92-467E-9E67-C339BA600821}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1AC51DA4-39F9-4372-83C3-BD4D508F597C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25935BBD-CA2F-4D49-B571-F834BD7D033F}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{2C656592-35F9-43A4-8D4B-BF2D401BE35C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31ECBBA0-C682-48B0-9DDB-3459828B66AD}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{35EA7C8B-A78B-4684-9219-F0DA675D5900}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{407BBE82-FC13-413B-BFDF-D810D7480487}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4415B078-DDE9-4313-8E3B-2C462EFEAA2E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4704C264-2920-414E-BE44-626F08556062}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4770FA3A-89B9-4428-90EC-7E8A241F67F2}" = protocol=17 | dir=in | app=c:\users\shoshi\appdata\roaming\dropbox\bin\dr opbox.exe |
"{4A4760EC-E874-4A33-87FC-1EE282FEF034}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4F5B1547-A9A8-410D-8D6A-20B6E08567CD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{54E6F558-04B9-40CF-AB30-F76FB57602E7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlc xpswx.exe |
"{56FE5D06-BB37-48E2-8FA5-0B55B2F82E91}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6AAAE9C0-420B-47B1-AECA-1408FE3D79B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D2EB466-A662-48E9-B4E3-16383A2CC96A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{88195288-DC5D-4F2D-B382-CA616D27A11D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9532D725-CD1E-4E09-BA0B-CD66296CCFEC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A44DE1B3-D47C-446E-92D9-BF6CACC9BF20}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BF0B09E5-29E5-47CA-A524-10822E125D92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0C1A541-F276-48E4-9AD7-F26A48A01F96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F861F1F7-56D3-4F6C-A3AC-FFDB4EE2986A}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{FF9BC975-A082-4B4C-BE86-5260BA980750}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlc xpswx.exe |
"TCP Query User{09A3BE5D-5897-4E91-B245-7508D96C9B6E}C:\users\shoshi\appdata\roaming\dropb ox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\shoshi\appdata\roaming\dropbox\bin\dr opbox.exe |
"TCP Query User{DE84A26D-4A88-49AF-B595-7BA148AED0FA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E5A708C6-DE97-4F4B-BB05-9AC62EEEA30A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{2D851495-65E7-4F1E-8A13-8349700C824B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{3795D9AA-740F-4552-A9A4-9A94F7E69DF8}C:\users\shoshi\appdata\roaming\dropb ox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\shoshi\appdata\roaming\dropbox\bin\dr opbox.exe |
"UDP Query User{8C1C881F-829A-4249-9BEB-4BB91B026B84}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{04588786-A0D1-44BA-84D6-7BB377DED8B9}_is1" = Vista Flip 3D Activator
"{076F8BD1-58FA-49A1-9CA1-31278D496338}" = Nancy Drew: The Captive Curse
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 23
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Fairy Treasure" = Fairy Treasure
"BFG-Fantastic Creations - House of Brass Survey" = Fantastic Creations: House of Brass Survey
"BFG-Hidden World" = Hidden World
"BFG-Island Tribe" = Island Tribe
"BFG-Island Tribe 2" = Island Tribe 2
"BFG-Nancy Drew - Shadow at the Water's Edge" = Nancy Drew: Shadow at the Water's Edge
"BFG-Pioneer Lands" = Pioneer Lands
"BFG-Rescue Frenzy" = Rescue Frenzy
"BFG-Roads of Rome" = Roads of Rome
"BFG-Roads of Rome III" = Roads of Rome III
"BFG-Royal Envoy" = Royal Envoy
"BFG-Royal Envoy 2" = Royal Envoy 2
"BFG-Surface - Mystery of Another World" = Surface: Mystery of Another World
"BFG-The Timebuilders - Caveman's Prophecy" = The Timebuilders: Caveman's Prophecy
"CameraUserGuide-PSSD1300IS_IXUS105" = Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Dell Fax Solutions" = Fax Solutions
"Dell Support Center" = Dell Support Center
"Easy Uninstaller" = Easy Uninstaller
"Ella's Hope" = Ella's Hope
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GFI Backup 2009 - Home Edition" = GFI Backup 2009 - Home Edition
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Info Center_is1" = Info Center 1.0.0.6
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Basic)
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"Leah's Tale" = Leah's Tale
"Logitech Resource Center" = Logitech Resource Center
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"Nancy Drew: Secrets Can Kill" = Nancy Drew: Secrets Can Kill
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RegiDean_is1" = Regi Dean's Recipes 3.3.4.1
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SystemRequirementsLab" = System Requirements Lab
"The Black Mirror_is1" = The Black Mirror 1.0
"The Font Thing" = The Font Thing
"Update Notifier" = Update Notifier
"VistaGlazz_is1" = VistaGlazz 1.2
"What's Running_is1" = What's Running 2.2
"WildTangent CDA" = WildTangent Web Driver
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WTA-063ac76c-f188-4bac-9269-4614a456f3e2" = Rescue Team 2
"WTA-20564128-ead2-4c89-a86a-ba267dd4c5d2" = Mystery Stories: Mountains of Madness
"WTA-5066c5cb-c73c-43d1-baf1-3ce8e5b25245" = The Secret of Margrave Manor
"WTA-62f45e5d-9977-497c-b0c9-1bc05d47f99f" = Royal Envoy 2 Collector's Edition
"WTA-7f9a8849-a8d1-4975-b4eb-61af2071ff21" = Youda Mystery: The Stanwick Legacy
"WTA-960dfeeb-6ab1-4f91-89bc-b8ece35c3e74" = Lost Lagoon 2: Cursed and Forgotten
"WTA-a9bb44ee-2eb5-4e8e-865d-ac46b4d5139e" = Island Tribe 3
"WTA-b696055b-e2c3-4e10-b0f4-a427f4b09f65" = Crystal Maze
"WTA-ba1417a4-0469-4843-9def-0f03537e5c5d" = Vacation Quest™ - Australia
"WTA-bfbcefff-551b-4d5a-a471-661b071b0853" = Nancy Drew: Shadow at the Water's Edge
"WTA-d39aae6e-718d-4673-9c62-e4421d1224b8" = House of 1000 Doors: Family Secret
"WTA-e30eb72d-d7f3-4648-9f97-6b44ca24e4bb" = Fairy Treasure
"WTA-e43d7189-1c90-482e-b15e-522138c57647" = Enchanted Cavern
"WTA-e496d563-b805-4fc0-9a1f-c96cab6a382b" = The Island: Castaway 2
"WTA-f231f6bc-3eed-412a-87a5-2be1fac177b5" = Roads of Rome 3
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2092843724-655634709-2051809142-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Dropbox" = Dropbox
"LastPass" = LastPass (uninstall only)
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2011 8:28:12 AM | Computer Name = lap | Source = WinMgmt | ID = 10
Description =

Error - 5/11/2011 4:00:06 PM | Computer Name = lap | Source = Perflib | ID = 1010
Description =

Error - 5/11/2011 4:00:08 PM | Computer Name = lap | Source = Perflib | ID = 1008
Description =

Error - 5/12/2011 7:25:20 AM | Computer Name = lap | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2011 4:00:08 PM | Computer Name = lap | Source = Perflib | ID = 1010
Description =

Error - 5/12/2011 4:00:09 PM | Computer Name = lap | Source = Perflib | ID = 1008
Description =

Error - 5/13/2011 7:41:12 AM | Computer Name = lap | Source = WinMgmt | ID = 10
Description =

Error - 5/13/2011 4:00:13 PM | Computer Name = lap | Source = Perflib | ID = 1010
Description =

Error - 5/13/2011 4:00:16 PM | Computer Name = lap | Source = Perflib | ID = 1008
Description =

Error - 5/14/2011 9:05:25 AM | Computer Name = lap | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 7/31/2009 10:05:12 PM | Computer Name = lap | Source = WLAN-Tray | ID = 0
Description = 21:05:12, Fri, Jul 31, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/31/2009 10:19:16 PM | Computer Name = lap | Source = WLAN-Tray | ID = 0
Description = 21:19:16, Fri, Jul 31, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/31/2009 10:19:16 PM | Computer Name = lap | Source = WLAN-Tray | ID = 0
Description = 21:19:16, Fri, Jul 31, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/31/2009 10:40:06 PM | Computer Name = lap | Source = WLAN-Tray | ID = 0
Description = 21:40:06, Fri, Jul 31, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/31/2009 10:40:06 PM | Computer Name = lap | Source = WLAN-Tray | ID = 0
Description = 21:40:06, Fri, Jul 31, 09 Error - User "" does not have administrative
privileges on this system

Error - 8/1/2009 8:44:56 AM | Computer Name = lap | Source = WLAN-Tray | ID = 0
Description = 07:44:56, Sat, Aug 01, 09 Error - User "" does not have administrative
privileges on this system

Error - 8/1/2009 8:44:56 AM | Computer Name = lap | Source = WLAN-Tray | ID = 0
Description = 07:44:56, Sat, Aug 01, 09 Error - User "" does not have administrative
privileges on this system

Error - 8/1/2009 9:45:31 AM | Computer Name = lap | Source = WLAN-Tray | ID = 0
Description = 08:45:31, Sat, Aug 01, 09 Error - User "" does not have administrative
privileges on this system

Error - 8/1/2009 9:45:31 AM | Computer Name = lap | Source = WLAN-Tray | ID = 0
Description = 08:45:31, Sat, Aug 01, 09 Error - User "" does not have administrative
privileges on this system

Error - 8/1/2009 5:36:35 PM | Computer Name = lap | Source = WLAN-Tray | ID = 0
Description = 16:36:35, Sat, Aug 01, 09 Error - User "" does not have administrative
privileges on this system

[ Dell Events ]
Error - 1/12/2011 10:16:18 AM | Computer Name = lap | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/12/2011 10:16:19 AM | Computer Name = lap | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/28/2011 4:35:54 PM | Computer Name = lap | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/28/2011 4:35:54 PM | Computer Name = lap | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/20/2011 2:45:34 PM | Computer Name = lap | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/20/2011 2:45:34 PM | Computer Name = lap | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/9/2012 7:57:18 PM | Computer Name = lap | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/9/2012 7:57:18 PM | Computer Name = lap | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/14/2012 7:09:48 PM | Computer Name = lap | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/14/2012 7:09:48 PM | Computer Name = lap | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ OSession Events ]
Error - 7/17/2011 4:54:47 PM | Computer Name = lap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/14/2012 6:55:00 AM | Computer Name = lap | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:53:39 AM on 4/14/2012 was unexpected.

Error - 4/14/2012 6:56:36 AM | Computer Name = lap | Source = Service Control Manager | ID = 7000
Description =

Error - 4/14/2012 7:01:16 AM | Computer Name = lap | Source = Service Control Manager | ID = 7022
Description =

Error - 4/15/2012 9:01:55 AM | Computer Name = lap | Source = Service Control Manager | ID = 7000
Description =

Error - 4/16/2012 8:13:12 AM | Computer Name = lap | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:11:34 AM on 4/16/2012 was unexpected.

Error - 4/16/2012 8:14:49 AM | Computer Name = lap | Source = Service Control Manager | ID = 7000
Description =

Error - 4/16/2012 8:51:02 PM | Computer Name = lap | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:48:12 PM on 4/16/2012 was unexpected.

Error - 4/16/2012 8:52:40 PM | Computer Name = lap | Source = Service Control Manager | ID = 7000
Description =

Error - 4/17/2012 6:01:44 AM | Computer Name = lap | Source = Service Control Manager | ID = 7000
Description =

Error - 4/18/2012 9:05:21 AM | Computer Name = lap | Source = Service Control Manager | ID = 7000
Description =


< End of report >
Reply With Quote
  #5  
Old April 18th, 2012, 08:56 PM
llanita llanita is offline
Member
 
Join Date: Feb 2007
Posts: 97
GMER scan

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-18 11:42:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK1652GSX rev.LV011D
Running: l3emxbfr.exe; Driver: C:\Users\shoshi\AppData\Local\Temp\fxldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DD70DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E87EA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8DD7185E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DD762E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DD76330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DD76422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DD76252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DD76374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DD7629A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DD763DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DD70E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E87EB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DD70AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DD70E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DD73D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DD71B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DD7630E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DD76352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DD76446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DD76278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DD763AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DD762C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DD76400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E87ECA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DD719CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DD70EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DD70F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DD70B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DD70CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DD70C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DD70D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8E87ED60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DD70F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E87EBE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E894D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 82CCB890 4 Bytes [F8, 0D, D7, 8D]
.text ntkrnlpa.exe!KeSetEvent + 131 82CCB8B4 4 Bytes JMP 97878E87
.text ntkrnlpa.exe!KeSetEvent + 191 82CCB914 4 Bytes JMP D7185E82
.text ntkrnlpa.exe!KeSetEvent + 1D1 82CCB954 8 Bytes [E4, 62, D7, 8D, 30, 63, D7, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 82CCB960 4 Bytes [22, 64, D7, 8D] {AND AH, [EDI+EDX*8-0x73]}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82DF6633 5 Bytes JMP 8E891C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82E4F573 5 Bytes JMP 8E89374C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E58E98 4 Bytes CALL 8DD721B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E5CB0C 4 Bytes CALL 8DD721CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EB0E70 7 Bytes JMP 8E894D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 4537 978CFC70 5 Bytes JMP 8DD7467C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + 104A 978DFE7E 5 Bytes JMP 8DD7470C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 978E8ED9 5 Bytes JMP 8DD752EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 978E9CC5 5 Bytes JMP 8DD75450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 978F2427 5 Bytes JMP 8DD73D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 978F337E 5 Bytes JMP 8DD750BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30F6 978FEAB7 5 Bytes JMP 8DD74536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4569 978FFF2A 5 Bytes JMP 8DD73F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 46B8 97900079 5 Bytes JMP 8DD747E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4C4D 9790060E 5 Bytes JMP 8DD747FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119EE 97919A85 5 Bytes JMP 8DD74384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A42 97919AD9 5 Bytes JMP 8DD74562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 97940ABE 5 Bytes JMP 8DD74F8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 9794341D 5 Bytes JMP 8DD73E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 97949D6E 5 Bytes JMP 8DD73FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 9795420C 5 Bytes JMP 8DD754F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 979570F4 5 Bytes JMP 8DD73E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1D73 97960F17 5 Bytes JMP 8DD7507C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + B973 979714A0 5 Bytes JMP 8DD74724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 8C4 97975692 5 Bytes JMP 8DD75232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6F65 9797BD33 5 Bytes JMP 8DD75036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 9797F4CA 5 Bytes JMP 8DD75180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 97986DE9 5 Bytes JMP 8DD73F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 979A5384 5 Bytes JMP 8DD741AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 979AAC02 5 Bytes JMP 8DD740B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 979AE73A 5 Bytes JMP 8DD753A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 375D 979C6B04 5 Bytes JMP 8DD7473C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 979CCC47 5 Bytes JMP 8DD74104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D229 979D9461 5 Bytes JMP 8DD742E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + 10C9A 979DCED2 5 Bytes JMP 8DD74248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xAC494300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xAC4FF300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskeng.exe[364] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[364] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[364] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[364] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[364] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[364] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[364] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[364] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[364] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[364] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[364] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[364] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00090600
.text C:\Windows\system32\taskeng.exe[364] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00090804
.text C:\Windows\system32\taskeng.exe[364] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\taskeng.exe[364] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[364] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\csrss.exe[524] KERNEL32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[568] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000701F8
.text C:\Windows\system32\wininit.exe[568] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000703FC
.text C:\Windows\system32\wininit.exe[568] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000903FC
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00090600
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00091014
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00090804
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00090A08
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00090C0C
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00090E10
.text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000901F8
.text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 000A0600
.text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 000A0804
.text C:\Windows\system32\wininit.exe[568] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 000A0A08
.text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000A01F8
.text C:\Windows\system32\wininit.exe[568] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\csrss.exe[576] KERNEL32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[608] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[608] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[608] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[608] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[656] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[656] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[656] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[656] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[656] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[656] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[656] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[684] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[684] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[684] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[684] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[684] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[692] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 002A0600
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 002A0804
.text C:\Windows\System32\svchost.exe[960] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 002A0A08
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 002A01F8
.text C:\Windows\System32\svchost.exe[960] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 002A03FC
.text C:\Windows\system32\taskeng.exe[1004] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 001E0600
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 001E0804
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 001E0A08
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 001E01F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 001E03FC
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00D70600
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00D70804
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00D70A08
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 00D701F8
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 00D703FC
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 001E03FC
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00270600
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00271014
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00270804
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00270A08
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00270C0C
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00270E10

Last edited by llanita; April 18th, 2012 at 09:06 PM.
Reply With Quote
  #6  
Old April 18th, 2012, 09:10 PM
llanita llanita is offline
Member
 
Join Date: Feb 2007
Posts: 97
GMER scan prt 2

.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 002A0600
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 002A0804
.text C:\Windows\System32\svchost.exe[960] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 002A0A08
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 002A01F8
.text C:\Windows\System32\svchost.exe[960] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 002A03FC
.text C:\Windows\system32\taskeng.exe[1004] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 001E0600
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 001E0804
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 001E0A08
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 001E01F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 001E03FC
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00D70600
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00D70804
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00D70A08
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 00D701F8
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 00D703FC
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 001E03FC
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00270600
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00271014
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00270804
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00270A08
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00270C0C
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00270E10
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 002701F8
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00280600
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00280804
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00280A08
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 002801F8
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1148] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 002803FC
.text C:\Windows\system32\AUDIODG.EXE[1204] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[1240] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[1240] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[1240] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[1240] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[1240] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[1240] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[1240] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[1240] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 002B0600
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 002B0804
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 002B0A08
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 002B01F8
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 002B03FC
.text C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1440] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1440] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1440] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000B03FC
.text C:\Windows\system32\WLANExt.exe[1544] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\WLANExt.exe[1544] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\WLANExt.exe[1544] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1544] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WLANExt.exe[1544] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WLANExt.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WLANExt.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WLANExt.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WLANExt.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WLANExt.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WLANExt.exe[1544] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WLANExt.exe[1544] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00080600
.text C:\Windows\system32\WLANExt.exe[1544] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WLANExt.exe[1544] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WLANExt.exe[1544] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WLANExt.exe[1544] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[1552] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[1552] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[1552] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1552] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[1552] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[1552] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[1552] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[1552] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[1552] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[1552] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[1552] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[1636] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[1636] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[1636] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\Explorer.EXE[1636] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[1636] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[1636] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[1636] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[1636] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[1636] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[1636] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[1636] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[1636] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[1636] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[1636] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[1636] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[1636] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000803FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!SetUnhandledExceptionFilter 7704A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 000F0600
.text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 000F0804
.text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 000F0A08
.text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000F01F8
.text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000F03FC
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\ctfmon.exe[2284] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\WLTRAY.EXE[2316] KERNEL32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2516] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000703FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2552] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\dlcxcoms.exe[2792] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 001401F8
.text C:\Windows\system32\dlcxcoms.exe[2792] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 001403FC
.text C:\Windows\system32\dlcxcoms.exe[2792] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\dlcxcoms.exe[2792] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00160600
.text C:\Windows\system32\dlcxcoms.exe[2792] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00160804
.text C:\Windows\system32\dlcxcoms.exe[2792] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\dlcxcoms.exe[2792] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\dlcxcoms.exe[2792] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\dlcxcoms.exe[2792] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\dlcxcoms.exe[2792] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\dlcxcoms.exe[2792] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\dlcxcoms.exe[2792] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\dlcxcoms.exe[2792] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\dlcxcoms.exe[2792] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\dlcxcoms.exe[2792] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\dlcxcoms.exe[2792] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 001701F8
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 001401F8
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 001403FC
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00160600
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00160804
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00160A08
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 001601F8
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 001603FC
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 001703FC
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00170600
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00171014
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00170804
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00170A08
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00170C0C
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00170E10
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe[2952] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 001701F8
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 001501F8
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 001503FC
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00170600
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00170804
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00170A08
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 001701F8
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 001703FC
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 002803FC
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00280600
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00281014
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00280804
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00280A08
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00280C0C
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00280E10
.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996]
Reply With Quote
  #7  
Old April 18th, 2012, 09:13 PM
llanita llanita is offline
Member
 
Join Date: Feb 2007
Posts: 97
GMER Scan Prt 3

.text C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE[2996] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 002801F8
.text C:\Windows\system32\svchost.exe[3044] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3044] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3044] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3044] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3044] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3044] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3044] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3044] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3044] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3044] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3044] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3044] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00170600
.text C:\Windows\system32\svchost.exe[3044] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00170804
.text C:\Windows\system32\svchost.exe[3044] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\svchost.exe[3044] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[3044] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3088] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000803FC
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 001501F8
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 001503FC
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 003603FC
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00360600
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00361014
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00360804
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00360A08
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00360C0C
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00360E10
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 003601F8
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00370600
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00370804
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00370A08
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 003701F8
.text C:\Users\shoshi\Desktop\l3emxbfr.exe[3180] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 003703FC
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 001501F8
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 001503FC
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 003B0600
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 003B0804
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 003B0A08
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 003B01F8
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 003B03FC
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 003C03FC
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 003C0600
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 003C1014
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 003C0804
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 003C0A08
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 003C0C0C
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 003C0E10
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[3240] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 003C01F8
.text C:\Windows\system32\svchost.exe[3264] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3264] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3264] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3308] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3308] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3308] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3308] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 002303FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00230600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00231014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00230804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00230A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00230C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00230E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 002301F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00240600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00240804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00240A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 002401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3396] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 002403FC
.text C:\Windows\system32\SearchIndexer.exe[3464] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3464] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3464] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3464] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3464] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3464] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3464] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3464] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3464] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3464] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3464] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3464] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3464] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3464] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3464] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3464] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3516] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3660] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ntdll.dll!LdrLoadDll 77349378 5 Bytes JMP 646D9720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ntdll.dll!LdrUnloadDll 7735B680 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] kernel32.dll!MapViewOfFile 77066B10 5 Bytes JMP 6490E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] kernel32.dll!VirtualAlloc 7706AF75 5 Bytes JMP 6490E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] kernel32.dll!GetBinaryTypeW + 70 77072467 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 00070600
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 00070804
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] USER32.dll!UnhookWindowsHookEx 772898DB 5 Bytes JMP 00070A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] USER32.dll!SetWinEventHook 77289F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] USER32.dll!UnhookWinEvent 7728C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] GDI32.dll!CreateDIBSection 77237461 5 Bytes JMP 6490E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!CreateServiceW 76F99EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!DeleteService 76F9A07E 5 Bytes JMP 00080600
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 76FD6CD9 5 Bytes JMP 00081014
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 76FD6DD9 5 Bytes JMP 00080804
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 76FD6F81 5 Bytes JMP 00080A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 76FD7099 5 Bytes JMP 00080C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 76FD71E1 5 Bytes JMP 00080E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!CreateServiceA 76FD72A1 5 Bytes JMP 000801F8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[656] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002
IAT C:\Windows\system32\services.exe[656] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000B0000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [750BF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2552] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [750BF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 88E7F828

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Reply With Quote
  #8  
Old April 18th, 2012, 09:14 PM
llanita llanita is offline
Member
 
Join Date: Feb 2007
Posts: 97
And finally, the asw scan

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-18 11:44:45
-----------------------------
11:44:45.269 OS Version: Windows 6.0.6002 Service Pack 2
11:44:45.269 Number of processors: 1 586 0x1601
11:44:45.269 ComputerName: LAP UserName:
11:44:48.701 Initialize success
11:44:49.372 AVAST engine defs: 12041801
11:44:56.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
11:44:56.611 Disk 0 Vendor: TOSHIBA_MK1652GSX LV011D Size: 152627MB BusType: 3
11:44:56.938 Disk 0 MBR read successfully
11:44:56.954 Disk 0 MBR scan
11:44:56.954 Disk 0 Windows VISTA default MBR code
11:44:57.016 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:44:57.094 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:44:57.188 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 135026 MB offset 30801920
11:44:57.203 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 307337216
11:44:57.359 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 307339264
11:44:57.578 Disk 0 scanning sectors +312578048
11:44:58.295 Disk 0 scanning C:\Windows\system32\drivers
11:46:52.409 Service scanning
11:47:22.985 Modules scanning
11:49:57.675 Disk 0 trace - called modules:
11:49:57.815 ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
11:49:57.831 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d2d238]
11:49:57.831 3 CLASSPNP.SYS[887e08b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85be6b98]
11:49:57.847 \Driver\atapi[0x85bb7848] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0x8875c661]
11:49:59.157 AVAST engine scan C:\Windows
11:52:25.641 AVAST engine scan C:\Windows\system32
12:08:35.321 AVAST engine scan C:\Windows\system32\drivers
12:12:47.386 AVAST engine scan C:\Users\shoshi
14:05:56.662 File: C:\Users\shoshi\Downloads\Games\Wildgames\dreamday weddingbellaitalia-wildgames.exe **INFECTED** Win32:Malware-gen
14:05:57.801 File: C:\Users\shoshi\Downloads\Games\Wildgames\escapewh ispervalley-wildgames.exe **INFECTED** Win32:Malware-gen
14:06:00.547 File: C:\Users\shoshi\Downloads\Games\Wildgames\paigehar perandthetomeofmystery-wildgames.exe **INFECTED** Win32:Malware-gen
14:06:32.137 File: C:\Users\shoshi\Downloads\IWON.exe **INFECTED** Win32:Adware-gen [Adw]
14:14:03.070 AVAST engine scan C:\ProgramData
14:43:03.734 File: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll **INFECTED** Win32:Adware-gen [Adw]
14:47:36.515 Scan finished successfully
14:51:02.139 Disk 0 MBR has been saved successfully to "C:\Users\shoshi\Desktop\MBR.dat"
14:51:02.155 The log file has been saved successfully to "C:\Users\shoshi\Desktop\aswMBR.txt"
Reply With Quote
  #9  
Old April 19th, 2012, 12:10 AM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,626
Some adware showing there, and some of McAfee, though not seeing any install for it. aswMBR also reflects the adware, but that long Gmer log is mostly Avast activities.

In Firefox, go to Help - Restart with Add-ons Disabled. In that "Firefox Safe Mode" display that opens, place checks next to the following, then click "Make changes and restart".

Reset toolbars and controls

Reset all user preferences to Firefox defaults

Restore default search engines

You can change those later to whatever you prefer, but for now, too many search hijackers have altered things there. I think that will also address McAfee, though we'll check in a while.

---------

Go to Start - Control Panel - Programs - Programs and Features, then click on each of the following programs, if they show there, and click "Uninstall/Change".

Yontoo Layers Runtime 1.10.01 - Adware.
Auslogics Registry Cleaner - All Registry "cleaners" are mostly snake oil, and too often cause problems.

----------

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
Reply With Quote
  #10  
Old April 19th, 2012, 03:31 PM
llanita llanita is offline
Member
 
Join Date: Feb 2007
Posts: 97
Malwarebytes scan

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.19.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
shoshi :: LAP [administrator]

4/19/2012 6:37:01 AM
mbam-log-2012-04-19 (06-37-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207566
Time elapsed: 12 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Scheme s\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\shoshi\Downloads\IWON.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)
Reply With Quote
  #11  
Old April 19th, 2012, 03:33 PM
llanita llanita is offline
Member
 
Join Date: Feb 2007
Posts: 97
ESET scan

C:\DELL\Drivers\R171786\WDM\AESTSr64.exe Win32/Virut.NBU virus deleted - quarantined
C:\DELL\Drivers\R171786\WDM\stacsv64.exe Win32/Virut.NBU virus deleted - quarantined
C:\DELL\Drivers\R171786\WDM\sttray64.exe Win32/Virut.NBU virus deleted - quarantined
C:\DELL\Drivers\R171786\WDM\suhlp64.exe Win32/Virut.NBU virus deleted - quarantined
C:\Drivers\audio\R170217\AESTSr64.exe Win32/Virut.NBU virus deleted - quarantined
C:\Drivers\audio\R170217\stacsv64.exe Win32/Virut.NBU virus deleted - quarantined
C:\Drivers\audio\R170217\sttray64.exe Win32/Virut.NBU virus deleted - quarantined
C:\Drivers\audio\R170217\suhlp64.exe Win32/Virut.NBU virus deleted - quarantined
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\shoshi\AppData\LocalLow\RecipeHub_2jEI\In stallr\Cache\00F19927.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\shoshi\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application deleted - quarantined
C:\Users\shoshi\Downloads\Drivers\setup_1282161.ex e Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\shoshi\Downloads\Games\SoftonicDownloader _for_directx.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\shoshi\Downloads\Games\Gaea_Fallen\XvidSe tup.exe multiple threats deleted - quarantined


I couldn't quite uninstall Yontoo. It said something like Setup Initialization Error
Reply With Quote
  #12  
Old April 20th, 2012, 12:06 AM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,626
Shoot - Virut. Please reboot, and run the Eset scan again, and hope you don't get a repeat of Virut finds.

As mentioned here, Virut is a very active and aggressive file infector, where any file can be infected, and replicate the virus in other files. The solution unfortunately is to forgo trying to offload anything, as any file can restart the infection procedure, reformat the drive and reinstall Windows.
Reply With Quote
  #13  
Old April 20th, 2012, 03:18 PM
llanita llanita is offline
Member
 
Join Date: Feb 2007
Posts: 97
I run the scan again, and it's clean. Nothing was found. Thank you so very much for taking the time to help. I really appreciate it.

Have a great day
Reply With Quote
  #14  
Old April 20th, 2012, 11:54 PM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,626
That is very strange. I wonder if Eset gave a false Virut read on those driver files? Never saw where Virut was there, then gone. Be sure to check with Eset periodically even after we are finished here, to make sure there really is no hint of Virut there. But for now really good news.

Go here and download and install the free trial version of Revo's Uninstaller, and see if that shows Yontoo.

If so, right click Yontoo, and select Uninstall, then follow the prompts to complete the uninstall. Be sure to leave the setting as "Moderate", and it is okay to use "Select All" to Delete what Revo finds.

Reboot after, then post back on any issues we still need to address please.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:29 AM.