1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus found, computer not shutting down, can't uninstall some programs

Discussion in 'Virus & Other Malware Removal' started by capescafe, Jan 27, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    TSG SysInfo:
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz, x86 Family 6 Model 15 Stepping 11
    Processor Count: 2
    RAM: 3070 Mb
    Graphics Card: ATI Radeon HD 2400 PRO, 256 Mb
    Hard Drives: C: Total - 301807 MB, Free - 209868 MB; F: Total - 194418 MB, Free - 98703 MB;
    Motherboard: Dell Inc., 0RY007
    Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled
    ---------------------------------------------------------------------------------------------------------------------------------------------
    I've been having some problems with my computer running slow and then yesterday morning I got the blue screen of death. The problem that it said on the blue screen was something about this file: bcmwlhigh5.sys and it said Page_Fault_in_Nonpaged_area. So after re-starting I ran my antivirus software but it didn't find anything. I had Microsoft Security Essentials. Then I used my NovaStor backup software to make a backup of my C drive but to exclude any viruses detected. It detected 1 file that said was infected and it was: C:\Documents and Settings\Carolyn\Local Settings\Temp\ICReinstall\cnet2_revosetup_exe.exe. So I then uninstalled MSE and installed Avast Free antivirus and it found a different file with a virus which was this:
    C:\Program Files\InstallShield Installation Information\{8EA79DBF-D637-448A-89D6-410A087A4493}\setup.exe
    Threat: Win32:WrongInf-E [Susp]
    So I quarantined that file and then tried to restart my computer and it just would not shut down. I tried logging off, restarting and shutting down and it just wouldn't do anything. So had to force the shut down.

    Another problem I'm having is that I want to uninstall some programs from my computer. I use RevoUninstaller and normally have no problems with it. But there are 2 programs that I just cannot uninstall. I tried the Window XP remove programs from the Control Panel and Revo and I tried using the softwares uninstall.exe in the folder. The 2 programs I'm trying to uninstall are My Faster PC because I didn't want to pay to use it. Also I tried out Secunia PSI but I don't really need it so wanted to uninstall it but I can't.

    So I just need to know what is happening with my computer.
     
  2. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    Here is my Hijack This Log (I just read the sticky for this forum):

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:52:52 PM, on 1/28/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Online Armor\OAcat.exe
    C:\Program Files\Online Armor\oasrv.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Online Armor\oaui.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Online Armor\OAhlp.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe
    C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Desktop\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080121
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080121
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080121
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [My Faster PC] C:\Program Files\ConsumerSoft\My Faster PC\mfpchelper.exe
    O4 - HKCU\..\Run: [DefragReminder] C:\Program Files\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe
    O4 - HKUS\S-1-5-21-2735878217-613473070-2586340739-1007\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'Carolyn Lee')
    O4 - HKUS\S-1-5-21-2735878217-613473070-2586340739-1007\..\Run: [Google Update] "C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Carolyn Lee')
    O4 - HKUS\S-1-5-21-2735878217-613473070-2586340739-1007\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US (User 'Carolyn Lee')
    O4 - HKUS\S-1-5-21-2735878217-613473070-2586340739-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Carolyn Lee')
    O4 - HKUS\S-1-5-21-2735878217-613473070-2586340739-1007\..\Run: [MusicManager] "C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" (User 'Carolyn Lee')
    O4 - HKUS\S-1-5-21-2735878217-613473070-2586340739-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Carolyn Lee')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - S-1-5-21-2735878217-613473070-2586340739-1007 Startup: Dropbox.lnk = C:\Documents and Settings\Carolyn Lee\Application Data\Dropbox\bin\Dropbox.exe (User 'Carolyn Lee')
    O4 - S-1-5-21-2735878217-613473070-2586340739-1007 User Startup: Dropbox.lnk = C:\Documents and Settings\Carolyn Lee\Application Data\Dropbox\bin\Dropbox.exe (User 'Carolyn Lee')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://novastor.cleverreach.com
    O15 - Trusted Zone: http://*.google-analytics.com
    O15 - Trusted Zone: http://*.novastor.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1355168598609
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Backup Client Agent Service - NovaStor Corporation - C:\Program Files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (nsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
    O23 - Service: WSWNDA3100 - Unknown owner - C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe

    --
    End of file - 12415 bytes
     
  3. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    From the DDS.txt file:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Carolyn at 15:55:17 on 2013-01-28
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1162 [GMT -8:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Online Armor Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Online Armor\OAcat.exe
    C:\Program Files\Online Armor\oasrv.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Online Armor\oaui.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Online Armor\OAhlp.exe
    C:\Program Files\AIM\aim.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Carolyn Lee\Application Data\Dropbox\bin\Dropbox.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn Lee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Online Armor\oaui.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Online Armor\OAhlp.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe
    C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Carolyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080121
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080121
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080121
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    uRun: [Google Update] "c:\documents and settings\carolyn\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [My Faster PC] c:\program files\consumersoft\my faster pc\mfpchelper.exe
    uRun: [DefragReminder] c:\program files\consumersoft\my faster pc\my defragmenter\DefragReminder.exe
    mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
    mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\carolyn\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\carolyn\application data\dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: google-analytics.com
    Trusted Zone: novastor.com
    Trusted Zone: novastor.com
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355168598609
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{3FB8F3EB-E894-459A-B138-DCBC8840CCA7} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E} : DHCPNameServer = 192.168.10.1
    SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-27 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-27 361032]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-3-27 208320]
    R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-3-27 44992]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-3-27 27648]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2012-3-27 31920]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-27 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-27 44808]
    R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2011-11-11 371856]
    R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2012-3-27 216072]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
    R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\OAsrv.exe [2012-3-27 4463864]
    R2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-3-27 278528]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-3-27 632576]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
    S3 Backup Client Agent Service;Backup Client Agent Service;c:\program files\novastor\novastor novabackup\ManagementServer.Agent.Service.exe [2011-11-8 217600]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-3-27 50704]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-27 20:37:48 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-01-27 20:37:10 41224 ----a-w- c:\windows\avastSS.scr
    2013-01-27 20:36:52 -------- d-----w- c:\program files\AVAST Software
    2013-01-27 20:36:52 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2013-01-14 01:14:07 -------- d-----w- c:\program files\Solveig Multimedia
    2013-01-14 01:14:07 -------- d-----w- c:\program files\common files\Solveig Multimedia
    2013-01-14 01:03:28 -------- d-----w- c:\program files\VideoLAN
    2013-01-13 04:24:00 -------- d-----w- c:\program files\iPod
    2013-01-13 04:23:57 -------- d-----w- c:\program files\iTunes
    2013-01-13 04:23:57 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-01-13 04:12:42 -------- d-----w- c:\documents and settings\carolyn\application data\ConsumerSoft
    2013-01-13 04:12:14 -------- d-----w- c:\program files\ConsumerSoft
    .
    ==================== Find3M ====================
    .
    2013-01-16 23:48:44 952 --sh--w- c:\windows\system32\KGyGaAvL.sys
    2012-12-16 21:44:15 83760 ------w- c:\windows\system32\stkMonitor.dll
    2012-12-16 12:23:59 290560 ------w- c:\windows\system32\atmfd.dll
    2012-11-13 01:25:12 1866368 ------w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ------w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ------w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
    .
    ============= FINISH: 15:56:01.29 ===============
     
  4. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    Attached is the attach.txt file.
     

    Attached Files:

  5. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    Ok sorry, just read at the end I can just copy and paste the attach.txt file, so here's the contents of that:
    -----------------------------------------------------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/26/2012 6:26:08 PM
    System Uptime: 1/28/2013 9:32:03 AM (6 hours ago)
    .
    Motherboard: Dell Inc. | | 0RY007
    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 1977/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 295 GiB total, 205.124 GiB free.
    D: is CDROM ()
    F: is FIXED (FAT32) - 190 GiB total, 49.757 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP348: 10/31/2012 9:57:04 AM - Software Distribution Service 3.0
    RP349: 11/1/2012 9:56:35 AM - Software Distribution Service 3.0
    RP350: 11/2/2012 1:13:57 AM - Software Distribution Service 3.0
    RP351: 11/2/2012 9:56:54 AM - Software Distribution Service 3.0
    RP352: 11/3/2012 9:58:17 AM - Software Distribution Service 3.0
    RP353: 11/4/2012 8:56:39 AM - Software Distribution Service 3.0
    RP354: 11/5/2012 8:56:43 AM - Software Distribution Service 3.0
    RP355: 11/6/2012 10:18:51 AM - System Checkpoint
    RP356: 11/6/2012 10:07:54 PM - Software Distribution Service 3.0
    RP357: 11/8/2012 8:32:11 AM - Software Distribution Service 3.0
    RP358: 11/9/2012 12:48:51 AM - Software Distribution Service 3.0
    RP359: 11/10/2012 2:04:14 AM - Software Distribution Service 3.0
    RP360: 11/11/2012 2:04:15 AM - Software Distribution Service 3.0
    RP361: 11/12/2012 10:24:13 AM - Software Distribution Service 3.0
    RP362: 11/13/2012 12:16:20 PM - System Checkpoint
    RP363: 11/14/2012 8:57:51 AM - Software Distribution Service 3.0
    RP364: 11/15/2012 8:57:49 AM - Software Distribution Service 3.0
    RP365: 11/15/2012 9:00:18 AM - Software Distribution Service 3.0
    RP366: 11/16/2012 12:42:15 AM - Software Distribution Service 3.0
    RP367: 11/16/2012 9:33:39 AM - Software Distribution Service 3.0
    RP368: 11/17/2012 9:33:33 AM - Software Distribution Service 3.0
    RP369: 11/17/2012 7:09:03 PM - Software Distribution Service 3.0
    RP370: 11/18/2012 7:06:48 PM - Software Distribution Service 3.0
    RP371: 11/19/2012 7:05:43 PM - Software Distribution Service 3.0
    RP372: 11/20/2012 7:05:21 PM - Software Distribution Service 3.0
    RP373: 11/21/2012 8:46:06 PM - System Checkpoint
    RP374: 11/22/2012 7:21:43 AM - Software Distribution Service 3.0
    RP375: 11/23/2012 12:49:32 AM - Software Distribution Service 3.0
    RP376: 11/23/2012 7:12:59 AM - Software Distribution Service 3.0
    RP377: 11/24/2012 7:53:53 AM - System Checkpoint
    RP378: 11/24/2012 10:00:47 AM - Software Distribution Service 3.0
    RP379: 11/25/2012 10:00:50 AM - Software Distribution Service 3.0
    RP380: 11/26/2012 9:59:17 AM - Software Distribution Service 3.0
    RP381: 11/27/2012 10:00:01 AM - Software Distribution Service 3.0
    RP382: 11/28/2012 9:59:07 AM - Software Distribution Service 3.0
    RP383: 11/29/2012 9:59:06 AM - Software Distribution Service 3.0
    RP384: 11/30/2012 1:15:43 AM - Software Distribution Service 3.0
    RP385: 11/30/2012 10:00:25 AM - Software Distribution Service 3.0
    RP386: 12/1/2012 9:59:21 AM - Software Distribution Service 3.0
    RP387: 12/2/2012 9:59:16 AM - Software Distribution Service 3.0
    RP388: 12/3/2012 9:58:32 AM - Software Distribution Service 3.0
    RP389: 12/4/2012 9:44:45 AM - Software Distribution Service 3.0
    RP390: 12/4/2012 9:46:34 AM - Revo Uninstaller's restore point - Ask Toolbar
    RP391: 12/4/2012 9:46:46 AM - Removed Ask Toolbar.
    RP392: 12/4/2012 9:50:29 AM - Revo Uninstaller's restore point - Canon MP830
    RP393: 12/4/2012 9:54:09 AM - Revo Uninstaller's restore point - MediaMonkey 4.0
    RP394: 12/4/2012 10:03:34 AM - Revo Uninstaller's restore point - MediaMonkey 4.0
    RP395: 12/4/2012 10:07:57 AM - Revo Uninstaller's restore point - Secunia PSI (3.0.0.3001)
    RP396: 12/4/2012 10:30:27 AM - Revo Uninstaller's restore point - Secunia PSI (3.0.0.3001)
    RP397: 12/4/2012 10:56:59 AM - Revo Uninstaller's restore point - Secunia PSI (3.0.0.3001)
    RP398: 12/5/2012 11:58:45 AM - System Checkpoint
    RP399: 12/5/2012 10:05:26 PM - Software Distribution Service 3.0
    RP400: 12/6/2012 10:05:15 PM - Software Distribution Service 3.0
    RP401: 12/7/2012 12:33:52 AM - Software Distribution Service 3.0
    RP402: 12/7/2012 10:05:32 PM - Software Distribution Service 3.0
    RP403: 12/8/2012 10:04:37 PM - Software Distribution Service 3.0
    RP404: 12/9/2012 10:04:24 PM - Software Distribution Service 3.0
    RP405: 12/10/2012 9:09:59 AM - Software Distribution Service 3.0
    RP406: 12/11/2012 8:18:21 AM - Software Distribution Service 3.0
    RP407: 12/11/2012 11:48:43 AM - Software Distribution Service 3.0
    RP408: 12/12/2012 9:00:18 AM - Software Distribution Service 3.0
    RP409: 12/12/2012 9:03:51 PM - Software Distribution Service 3.0
    RP410: 12/13/2012 10:23:25 PM - System Checkpoint
    RP411: 12/14/2012 1:18:40 AM - Software Distribution Service 3.0
    RP412: 12/14/2012 10:32:12 AM - Software Distribution Service 3.0
    RP413: 12/15/2012 12:43:15 PM - System Checkpoint
    RP414: 12/16/2012 10:00:34 AM - Software Distribution Service 3.0
    RP415: 12/16/2012 1:44:26 PM - Printer Driver Send to Kindle Installed
    RP416: 12/17/2012 2:16:08 PM - Software Distribution Service 3.0
    RP417: 12/18/2012 2:28:13 PM - Software Distribution Service 3.0
    RP418: 12/19/2012 2:16:57 PM - Software Distribution Service 3.0
    RP419: 12/20/2012 3:03:31 PM - Software Distribution Service 3.0
    RP420: 12/21/2012 1:05:03 AM - Software Distribution Service 3.0
    RP421: 12/21/2012 8:42:18 AM - Software Distribution Service 3.0
    RP422: 12/22/2012 9:52:41 AM - System Checkpoint
    RP423: 12/22/2012 3:48:42 PM - Software Distribution Service 3.0
    RP424: 12/23/2012 3:48:28 PM - Software Distribution Service 3.0
    RP425: 12/24/2012 3:47:33 PM - Software Distribution Service 3.0
    RP426: 12/25/2012 3:46:36 PM - Software Distribution Service 3.0
    RP427: 12/26/2012 3:46:41 PM - Software Distribution Service 3.0
    RP428: 12/27/2012 3:44:44 PM - Software Distribution Service 3.0
    RP429: 12/28/2012 12:47:42 AM - Software Distribution Service 3.0
    RP430: 12/28/2012 3:43:51 PM - Software Distribution Service 3.0
    RP431: 12/29/2012 4:04:38 PM - System Checkpoint
    RP432: 12/29/2012 11:55:07 PM - Software Distribution Service 3.0
    RP433: 12/30/2012 11:53:48 PM - Software Distribution Service 3.0
    RP434: 1/1/2013 12:09:06 AM - System Checkpoint
    RP435: 1/1/2013 12:16:07 PM - Software Distribution Service 3.0
    RP436: 1/2/2013 12:16:08 PM - Software Distribution Service 3.0
    RP437: 1/3/2013 12:16:34 PM - Software Distribution Service 3.0
    RP438: 1/4/2013 12:59:26 AM - Software Distribution Service 3.0
    RP439: 1/4/2013 9:00:16 AM - Software Distribution Service 3.0
    RP440: 1/4/2013 12:17:50 PM - Software Distribution Service 3.0
    RP441: 1/5/2013 12:15:19 PM - Software Distribution Service 3.0
    RP442: 1/6/2013 12:15:16 PM - Software Distribution Service 3.0
    RP443: 1/7/2013 12:13:59 PM - Software Distribution Service 3.0
    RP444: 1/8/2013 12:14:44 PM - Software Distribution Service 3.0
    RP445: 1/9/2013 9:00:18 AM - Software Distribution Service 3.0
    RP446: 1/10/2013 9:20:32 AM - System Checkpoint
    RP447: 1/10/2013 9:27:31 AM - Software Distribution Service 3.0
    RP448: 1/11/2013 12:59:34 AM - Software Distribution Service 3.0
    RP449: 1/12/2013 1:45:51 AM - System Checkpoint
    RP450: 1/12/2013 9:26:33 AM - Software Distribution Service 3.0
    RP451: 1/13/2013 10:36:14 AM - System Checkpoint
    RP452: 1/13/2013 8:41:57 PM - Software Distribution Service 3.0
    RP453: 1/14/2013 8:41:07 PM - Software Distribution Service 3.0
    RP454: 1/15/2013 9:00:14 AM - Software Distribution Service 3.0
    RP455: 1/15/2013 10:03:18 PM - Software Distribution Service 3.0
    RP456: 1/16/2013 10:41:10 PM - System Checkpoint
    RP457: 1/17/2013 6:09:52 PM - Software Distribution Service 3.0
    RP458: 1/18/2013 1:23:22 AM - Software Distribution Service 3.0
    RP459: 1/18/2013 6:09:47 PM - Software Distribution Service 3.0
    RP460: 1/19/2013 6:09:54 PM - Software Distribution Service 3.0
    RP461: 1/20/2013 6:42:15 PM - System Checkpoint
    RP462: 1/21/2013 6:08:54 PM - Software Distribution Service 3.0
    RP463: 1/22/2013 6:08:38 PM - Software Distribution Service 3.0
    RP464: 1/23/2013 6:08:39 PM - Software Distribution Service 3.0
    RP465: 1/24/2013 6:08:47 PM - Software Distribution Service 3.0
    RP466: 1/25/2013 1:23:48 AM - Software Distribution Service 3.0
    RP467: 1/25/2013 6:08:40 PM - Software Distribution Service 3.0
    RP468: 1/26/2013 6:43:49 PM - System Checkpoint
    RP469: 1/26/2013 9:52:52 PM - Software Distribution Service 3.0
    RP470: 1/27/2013 9:34:10 AM - Software Distribution Service 3.0
    RP471: 1/27/2013 12:36:52 PM - avast! Free Antivirus Setup
    RP472: 1/27/2013 3:17:06 PM - Revo Uninstaller's restore point - Microsoft Security Essentials
    RP473: 1/27/2013 3:19:00 PM - Revo Uninstaller's restore point - My Faster PC
    RP474: 1/27/2013 3:30:21 PM - Revo Uninstaller's restore point - My Faster PC
    RP475: 1/27/2013 4:13:44 PM - Revo Uninstaller's restore point - Secunia PSI (3.0.0.3001)
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Fran├žais, Deutsch
    Adobe Acrobat 9.5.2 - CPSID_83708
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Design Premium
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 8.3.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe SING CS4
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AIM 7
    Amazon Send to Kindle
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Aspell Spanish Dictionary-0.50-2
    ATI Catalyst Control Center
    ATI Display Driver
    Audacity 2.0.2
    avast! Free Antivirus
    Bonjour
    Bulk Rename Utility 2.7.1.2
    Canon Easy-PhotoPrint EX
    Canon IJ Network Scanner Selector EX
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 5.1
    Canon MX890 series MP Drivers
    Canon MX890 series On-screen Manual
    Canon MX890 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    Canon Speed Dial Utility
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Conexant D850 56K V.9x DFVc Modem
    Connect
    Corel Ventura 10
    CorelDRAW Graphics Suite X3
    Dell System Restore
    Download Updater (AOL LLC)
    Dropbox
    EN
    FileZilla Client 3.6.0.2
    FontNav
    Gadwin PrintScreen
    Games, Music, & Photos Launcher
    Google Chrome
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Intel(R) PRO Network Connections Drivers
    Internet Service Offers Launcher
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 37
    JavaFX 2.1.1
    kuler
    LAME v3.99.3 (for Windows)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Modem Diagnostic Tool
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    NETGEAR WNDA3100v2 wireless USB 2.0 adapter
    NovaBACKUP
    Online Armor 5.5
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.94
    Safari
    Samsung_MonSetup
    Secunia PSI (3.0.0.3001)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647516)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SolveigMM AVI Trimmer
    Sonic Activation Module
    Suite Shared Configuration CS4
    UltraCompare v7.20
    UltraEdit 15.20
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Manager
    VBA
    VLC media player 2.0.5
    WebFldrs XP
    Windows 7 Upgrade Advisor
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    XAMPP 1.8.1
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/28/2013 8:25:02 AM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
    1/28/2013 7:47:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
    1/28/2013 7:46:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    1/28/2013 7:45:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.
    1/28/2013 7:45:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
    1/28/2013 7:44:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
    1/28/2013 7:44:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HidServ service.
    1/28/2013 7:43:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
    1/28/2013 7:43:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
    1/28/2013 7:42:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
    1/28/2013 7:42:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
    1/28/2013 7:41:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.
    1/27/2013 12:39:49 PM, error: Service Control Manager [7000] - The AswRdr service failed to start due to the following error: Access is denied.
    1/26/2013 9:52:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'My Music' on the volume 'HarddiskVolumeShadowCopy1'. It has stopped monitoring the volume.
    1/26/2013 9:52:16 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'boot.ini' on the volume 'HarddiskVolumeShadowCopy1'. It has stopped monitoring the volume.
    1/26/2013 9:20:13 PM, error: Service Control Manager [7000] - The WSWNDA3100 service failed to start due to the following error: Access is denied.
    1/26/2013 9:19:56 PM, error: Service Control Manager [7031] - The WSWNDA3100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    1/26/2013 9:18:16 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WSWNDA3100 service.
    1/26/2013 12:55:19 PM, error: System Error [1003] - Error code 10000050, parameter1 a8bbce08, parameter2 00000001, parameter3 abf3eea6, parameter4 00000000.
    .
    ==== End Of File ===========================
     
  6. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    And here is the contents of ark.txt from GMER scan:
    ----------------------------------------------------------------------------
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-01-28 19:12:22
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD321KJ rev.CP100-12 298.09GB
    Running: owv3vrwj.exe; Driver: C:\DOCUME~1\Carolyn\LOCALS~1\Temp\pxlyqpog.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAC02D4BA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAC0DAC22]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAC02DED6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAC06F811]
    SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwConnectPort [0xAC19664C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAC038FA8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAC038FF4]
    SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateFile [0xAC19D316]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAC039176]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAC06F1C5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAC038F16]
    SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreatePort [0xAC19646A]
    SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcess [0xAC197EE8]
    SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcessEx [0xAC194978]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAC039038]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAC038F5E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xAC02E11C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAC039130]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xAC02E93E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAC02D508]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAC06FED7]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAC07018D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAC0321C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAC06FD42]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAC06FBAD]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAC0DACEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAC02D170]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAC02D556]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAC032534]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAC02F3A6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAC038FD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAC039016]
    SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenFile [0xAC19D694]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAC03919A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAC06F521]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAC038F3C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAC031C3E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAC0390BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAC038F86]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAC031F14]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAC039154]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAC0DAE4A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAC06FA28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAC02F272]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAC06F87A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xAC02EDD4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAC0E77D2]
    SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestPort [0xAC196CB0]
    SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0xAC197018]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAC06E838]
    SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwResumeThread [0xAC1960CE]
    SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSecureConnectPort [0xAC19686E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAC02D5A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAC02D5F2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xAC02E7BE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAC02D1FA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAC02D3AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAC06FFDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAC02D350]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xAC02EAF8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xAC02EC54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAC02D41A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xAC02E4D4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xAC02E636]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xAC0D941C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAC02D640]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xAC02DF1A]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C68 80504560 16 Bytes [A8, 8F, 03, AC, F4, 8F, 03, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2C94 8050458C 12 Bytes CALL F8FC5F0F
    .text ntkrnlpa.exe!ZwCallbackReturn + 2CC1 805045B9 3 Bytes JMP BCDEF1C0
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CAC0DAC
    .text ntkrnlpa.exe!ZwCallbackReturn + 2DA4 8050469C 16 Bytes [D2, 8F, 03, AC, 16, 90, 03, ...]
    .text ...
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL AC02FA77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP AC0F0CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP AC0F2810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 674 BF80991D 4 Bytes JMP AC033B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 35D0 BF80C879 4 Bytes JMP AC033A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF813911 4 Bytes JMP AC0339F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 4 Bytes JMP AC0330A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 79A8 BF8240DB 4 Bytes JMP AC0327C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828A45 4 Bytes JMP AC033CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 4 Bytes JMP AC033EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP AC0338FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP AC032688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP AC03316A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 4 Bytes JMP AC032C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP AC032EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F600 4 Bytes JMP AC032670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 5466 BF8649DE 4 Bytes JMP AC033A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 3651 BF87322E 4 Bytes JMP AC032CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 418E BF873D6B 4 Bytes JMP AC032E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF890E66 4 Bytes JMP AC033182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 26EE BF894410 4 Bytes JMP AC033BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 583 BF894EE8 4 Bytes JMP AC033E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 3862 BF89C29E 4 Bytes JMP AC033090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DF7 BF89D833 4 Bytes JMP AC032834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A977 BF8C1CCC 5 Bytes JMP AC032944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA15D 4 Bytes JMP AC032A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA3DD 5 Bytes JMP AC032B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD71 4 Bytes JMP AC03256A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + CB31 BF8F4D74 4 Bytes JMP AC0330C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1A40 BF914401 5 Bytes JMP AC032760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2614 BF914FD5 4 Bytes JMP AC0328F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F8D BF91794E 5 Bytes JMP AC032FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1934 BF947AAD 5 Bytes JMP AC033D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\Carolyn\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe[344] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[348] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\smss.exe[592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[636] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[692] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\wdfmgr.exe[1200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wdfmgr.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe[1340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Online Armor\OAcat.exe[1364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Online Armor\OAcat.exe[1364] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Online Armor\oasrv.exe[1376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Online Armor\oasrv.exe[1376] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\Online Armor\oasrv.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Online Armor\oasrv.exe[1376] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 71A4000A
    .text C:\Program Files\Online Armor\oasrv.exe[1376] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 71AF000A
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1576] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1876] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01811014
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01810804
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01810A08
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01810C0C
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01810E10
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 018101F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 018103FC
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01810600
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 012F0804
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 012F0A08
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 012F0600
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 012F01F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3344] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 012F03FC
    .text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3452] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\sua.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Secunia\PSI\sua.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Secunia\PSI\sua.exe[3484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Secunia\PSI\sua.exe[3484] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[17212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\winlogon.exe[17212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[17212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\winlogon.exe[17212] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[17212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004A1014
    .text C:\WINDOWS\system32\winlogon.exe[17212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004A0804
    .text C:\WINDOWS\system32\winlogon.exe[17212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004A0A08
    .text C:\WINDOWS\system32\winlogon.exe[17212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004A0C0C
    .text C:\WINDOWS\system32\winlogon.exe[17212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004A0E10
    .text C:\WINDOWS\system32\winlogon.exe[17212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004A01F8
    .text C:\WINDOWS\system32\winlogon.exe[17212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004A03FC
    .text C:\WINDOWS\system32\winlogon.exe[17212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004A0600
    .text C:\WINDOWS\system32\winlogon.exe[17212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00F80804
    .text C:\WINDOWS\system32\winlogon.exe[17212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00F80A08
    .text C:\WINDOWS\system32\winlogon.exe[17212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00F80600
    .text C:\WINDOWS\system32\winlogon.exe[17212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00F801F8
    .text C:\WINDOWS\system32\winlogon.exe[17212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00F803FC
    .text C:\WINDOWS\system32\csrss.exe[21320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[21320] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ntdll.dll!NtAcceptConnectPort 7C90CE5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ntdll.dll!NtAcceptConnectPort + 4 7C90CE62 2 Bytes [5C, 71]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [5F, 71]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7166000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A1000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A4000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7163000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] USER32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] USER32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [80, 71]
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00DF0804
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00DF0A08
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00DF0600
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00DF01F8
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00DF03FC
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719E000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] USER32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 7184000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7178000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 7175000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 717E000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 717B000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 6 Bytes JMP 7198000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 6 Bytes JMP 7192000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!InitiateSystemShutdownA 77E34D7F 6 Bytes JMP 719B000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!InitiateSystemShutdownExA 77E34E1A 6 Bytes JMP 7195000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00CB1014
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00CB0804
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00CB0A08
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00CB0C0C
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00CB0E10
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00CB01F8
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CB03FC
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00CB0600
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] NETAPI32.dll!NetScheduleJobAdd 5B8981F5 6 Bytes JMP 7169000A
    .text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[21776] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 718F000A
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 71A4000A
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BD0804
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 71AF000A
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BD0A08
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BD0600
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BD01F8
    .text C:\Program Files\Online Armor\OAhlp.exe[22956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BD03FC
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ntdll.dll!NtAcceptConnectPort 7C90CE5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ntdll.dll!NtAcceptConnectPort + 4 7C90CE62 2 Bytes [67, 71]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [6A, 71] {PUSH 0x71}
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7171000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A1000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A4000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716E000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 6 Bytes JMP 7198000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 6 Bytes JMP 7192000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ADVAPI32.dll!InitiateSystemShutdownA 77E34D7F 6 Bytes JMP 719B000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ADVAPI32.dll!InitiateSystemShutdownExA 77E34E1A 6 Bytes JMP 7195000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 718C000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7189000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] USER32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] USER32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [82, 71]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719E000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] USER32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 7186000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 717A000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 7177000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7180000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 717D000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] NETAPI32.dll!NetScheduleJobAdd 5B8981F5 6 Bytes JMP 7174000A
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[23008] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 718F000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ntdll.dll!NtAcceptConnectPort 7C90CE5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ntdll.dll!NtAcceptConnectPort + 4 7C90CE62 2 Bytes [65, 71]
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [68, 71]
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716F000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A1000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A4000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716C000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 6 Bytes JMP 7198000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 6 Bytes JMP 7192000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!InitiateSystemShutdownA 77E34D7F 6 Bytes JMP 719B000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!InitiateSystemShutdownExA 77E34E1A 6 Bytes JMP 7195000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7178000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 7175000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 717E000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 717B000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] USER32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] USER32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [80, 71]
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719E000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] USER32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 7184000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] NETAPI32.dll!NetScheduleJobAdd 5B8981F5 6 Bytes JMP 7172000A
    .text C:\Program Files\ConsumerSoft\My Faster PC\MFPCReminder.exe[23128] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 718F000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ntdll.dll!NtAcceptConnectPort 7C90CE5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ntdll.dll!NtAcceptConnectPort + 4 7C90CE62 2 Bytes [65, 71]
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [68, 71]
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716F000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A1000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A4000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716C000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 6 Bytes JMP 7198000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 6 Bytes JMP 7192000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!InitiateSystemShutdownA 77E34D7F 6 Bytes JMP 719B000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!InitiateSystemShutdownExA 77E34E1A 6 Bytes JMP 7195000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A61014
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A60804
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A60A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A60C0C
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A60E10
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A601F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A603FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A60600
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7178000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 7175000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 717E000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 717B000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] USER32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] USER32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [80, 71]
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02940804
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 02940A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 02940600
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 029401F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 029403FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719E000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] USER32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 7184000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 7157000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!select 71AB30A8 6 Bytes JMP 7154000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 7163000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!ioctlsocket 71AB3F50 6 Bytes JMP 7151000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 7160000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!send 71AB4C27 6 Bytes JMP 715A000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 7145000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!recv 71AB676F 6 Bytes JMP 7149000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 7142000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!WSAAsyncSelect 71AC0991 6 Bytes JMP 714E000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 713C000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] NETAPI32.dll!NetScheduleJobAdd 5B8981F5 6 Bytes JMP 7172000A
    .text C:\Program Files\iTunes\iTunesHelper.exe[23644] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 718F000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ntdll.dll!NtAcceptConnectPort 7C90CE5E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ntdll.dll!NtAcceptConnectPort + 4 7C90CE62 2 Bytes [65, 71]
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [68, 71]
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716F000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A1000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A4000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716C000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] USER32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] USER32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [80, 71]
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01000804
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01000A08
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01000600
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 010001F8
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 010003FC
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719E000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] USER32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 7184000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7178000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 7175000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 717E000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 717B000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 6 Bytes JMP 7198000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 6 Bytes JMP 7192000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!InitiateSystemShutdownA 77E34D7F 6 Bytes JMP 719B000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!InitiateSystemShutdownExA 77E34E1A 6 Bytes JMP 7195000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00FC1014
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00FC0804
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00FC0A08
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00FC0C0C
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00FC0E10
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00FC01F8
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00FC03FC
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!DeleteService 77E374B1 3 Bytes JMP 00FC0600
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] ADVAPI32.dll!DeleteService + 4 77E374B5 1 Byte [89]
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 7157000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!select 71AB30A8 6 Bytes JMP 7154000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 7163000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!ioctlsocket 71AB3F50 6 Bytes JMP 7151000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 7160000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!send 71AB4C27 6 Bytes JMP 715A000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 7145000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!recv 71AB676F 6 Bytes JMP 7149000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 7142000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!WSAAsyncSelect 71AC0991 6 Bytes JMP 714E000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 713C000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] NETAPI32.dll!NetScheduleJobAdd 5B8981F5 6 Bytes JMP 7172000A
    .text C:\Documents and Settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe[23884] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 718F000A
    .text C:\WINDOWS\Explorer.EXE[23888] ntdll.dll!NtAcceptConnectPort 7C90CE5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[23888] ntdll.dll!NtAcceptConnectPort + 4 7C90CE62 2 Bytes [65, 71]
    .text C:\WINDOWS\Explorer.EXE[23888] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[23888] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [68, 71]
    .text C:\WINDOWS\Explorer.EXE[23888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[23888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[23888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[23888] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\WINDOWS\Explorer.EXE[23888] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716F000A
    .text C:\WINDOWS\Explorer.EXE[23888] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A1000A
    .text C:\WINDOWS\Explorer.EXE[23888] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A4000A
    .text C:\WINDOWS\Explorer.EXE[23888] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716C000A
    .text C:\WINDOWS\Explorer.EXE[23888] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 6 Bytes JMP 7198000A
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 6 Bytes JMP 7192000A
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!InitiateSystemShutdownA 77E34D7F 6 Bytes JMP 719B000A
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!InitiateSystemShutdownExA 77E34E1A 6 Bytes JMP 7195000A
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
    .text C:\WINDOWS\Explorer.EXE[23888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
    .text C:\WINDOWS\Explorer.EXE[23888] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7178000A
    .text C:\WINDOWS\Explorer.EXE[23888] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 7175000A
    .text C:\WINDOWS\Explorer.EXE[23888] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 717E000A
    .text C:\WINDOWS\Explorer.EXE[23888] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 717B000A
    .text C:\WINDOWS\Explorer.EXE[23888] USER32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[23888] USER32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [80, 71]
    .text C:\WINDOWS\Explorer.EXE[23888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01FC0804
    .text C:\WINDOWS\Explorer.EXE[23888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01FC0A08
    .text C:\WINDOWS\Explorer.EXE[23888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01FC0600
    .text C:\WINDOWS\Explorer.EXE[23888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01FC01F8
    .text C:\WINDOWS\Explorer.EXE[23888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01FC03FC
    .text C:\WINDOWS\Explorer.EXE[23888] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719E000A
    .text C:\WINDOWS\Explorer.EXE[23888] USER32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 7184000A
    .text C:\WINDOWS\Explorer.EXE[23888] NETAPI32.dll!NetScheduleJobAdd 5B8981F5 6 Bytes JMP 7172000A
    .text C:\WINDOWS\Explorer.EXE[23888] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF000A
    .text C:\WINDOWS\Explorer.EXE[23888] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 718F000A
    .text C:\Program Files\Online Armor\oaui.exe[23948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Online Armor\oaui.exe[23948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Online Armor\oaui.exe[23948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Online Armor\oaui.exe[23948] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\Online Armor\oaui.exe[23948] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Online Armor\oaui.exe[23948] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Program Files\Online Armor\oaui.exe[23948] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Program Files\Online Armor\oaui.exe[23948] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Program Files\Online Armor\oaui.exe[23948] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Program Files\Online Armor\oaui.exe[23948] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Program Files\Online Armor\oaui.exe[23948] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Program Files\Online Armor\oaui.exe[23948] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Program Files\Online Armor\oaui.exe[23948] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Program Files\Online Armor\oaui.exe[23948] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 71A4000A
    .text C:\Program Files\Online Armor\oaui.exe[23948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BD0804
    .text C:\Program Files\Online Armor\oaui.exe[23948] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 71AF000A
    .text C:\Program Files\Online Armor\oaui.exe[23948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BD0A08
    .text C:\Program Files\Online Armor\oaui.exe[23948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BD0600
    .text C:\Program Files\Online Armor\oaui.exe[23948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BD01F8
    .text C:\Program Files\Online Armor\oaui.exe[23948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BD03FC
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ntdll.dll!NtAcceptConnectPort 7C90CE5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ntdll.dll!NtAcceptConnectPort + 4 7C90CE62 2 Bytes [5C, 71]
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [5F, 71]
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7166000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A1000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A4000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7163000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 6 Bytes JMP 7198000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 6 Bytes JMP 7192000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!InitiateSystemShutdownA 77E34D7F 6 Bytes JMP 719B000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!InitiateSystemShutdownExA 77E34E1A 6 Bytes JMP 7195000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00AA1014
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00AA0804
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00AA0A08
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00AA0C0C
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00AA0E10
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00AA01F8
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AA03FC
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00AA0600
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7178000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 7175000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 717E000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 717B000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] USER32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] USER32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [80, 71]
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B00804
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00B00A08
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00B00600
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00B001F8
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00B003FC
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719E000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] USER32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 7184000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] NETAPI32.dll!NetScheduleJobAdd 5B8981F5 6 Bytes JMP 7169000A
    .text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[24476] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 718F000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] ntdll.dll!NtAcceptConnectPort 7C90CE5E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] ntdll.dll!NtAcceptConnectPort + 4 7C90CE62 2 Bytes [65, 71]
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [68, 71]
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716F000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A1000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A4000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716C000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [80, 71]
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C60804
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C60A08
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C60600
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C601F8
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C603FC
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719E000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 7184000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7178000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 7175000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 717E000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 717B000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!InitiateSystemShutdownW 77E34C51 6 Bytes JMP 7198000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!InitiateSystemShutdownExW 77E34CE5 6 Bytes JMP 7192000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!InitiateSystemShutdownA 77E34D7F 6 Bytes JMP 719B000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!InitiateSystemShutdownExA 77E34E1A 6 Bytes JMP 7195000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B11014
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B10804
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B10A08
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B10C0C
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B10E10
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B101F8
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B103FC
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 00B10600
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] NETAPI32.dll!NetScheduleJobAdd 5B8981F5 6 Bytes JMP 7172000A
    .text C:\Documents and Settings\Carolyn\Desktop\owv3vrwj.exe[26116] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 718F000A

    ---- EOF - GMER 2.0 ----
     
  7. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    Still need help! I know everyone is busy and I've been waiting patiently but my computer is still having some issues. It never lets me shut it down or restart and is still freezing up on me every now and then. If anyone could help I would much appreciate it. It's been over a week since I first posted. Thanks so much.
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,373
    First Name:
    Kevin
    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  9. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    Ok, so I ran the ComboFix.exe with no problems and my computer rebooted. Before ComboFix ran I disabled my anti-virus software and also I have Online Armor, so I disabled that as well. But after my system rebooted before everything even started up I got an error window saying "C:\ComboFix\CF7717.3XE - Windows cannot access the specified device, path, of file. You may not have the appropriate permissions to access the item." So I clicked "OK" and then after everything started up I saw that Online Armor had not let the file run until I Allowed it to do so. So I clicked allow but I'm not sure if it created that txt file. I looked in C:\ and did not see the ComboFix.txt file. Also, for some reason my wireless connection will not connect. So I tried to restart my computer but of course it is not restarting again. So I'm on another computer right now, wasn't sure what I should do next.
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,373
    First Name:
    Kevin
    When Combofix is run it will disconnect the internet connection as part of its normal routine, that connection is reinstated as the scan progresses. If your Firewall (Online Armor) stops critical CF components there will be issues such as you`re experiencing now.
    If you look back at the instructions you will note this link:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    If you access that link, scroll to the bottom you will see what should be done if the connection is lost. Can you do that please, let me know if the connection is restored...

    Also navigate here C:\QooBox\ComboFix-quarantined-files.txt post the contents of that file..

    Kevin...
     
  11. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    Ok, so I followed the instructions and I'm still not getting an internet connection. I first restarted and the good news is the ComboFix.txt report was created. So I'll paste that below as well as the quarantine list. But for my internet connection, I was not able to get it to work even after doing the repair several times.

    ComboFix.txt:
    --------------------------------------------------------
    ComboFix 13-02-07.01 - Carolyn 02/07/2013 15:43:55.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2295 [GMT -8:00]
    Running from: c:\documents and settings\Carolyn\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\system32\wpcap.dll
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-08 to 2013-02-08 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-07 01:57 . 2013-02-07 01:57 -------- d-----w- c:\documents and settings\Carolyn\Local Settings\Application Data\IsolatedStorage
    2013-02-07 01:57 . 2013-02-07 01:57 -------- d-----w- c:\documents and settings\Carolyn\Local Settings\Application Data\Intuit
    2013-02-07 01:56 . 2013-02-07 01:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
    2013-02-07 01:56 . 2013-02-07 01:56 -------- d-----w- c:\documents and settings\Carolyn\Application Data\Intuit
    2013-02-07 01:54 . 2013-02-07 01:54 -------- d-----w- c:\program files\Common Files\Intuit
    2013-02-07 01:53 . 2013-02-07 01:53 -------- d-----w- c:\program files\TurboTax
    2013-02-07 01:47 . 2013-02-07 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
    2013-02-01 00:26 . 2013-02-01 01:13 -------- d-----w- C:\Fonts
    2013-01-27 20:38 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-01-27 20:38 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-01-27 20:37 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2013-01-27 20:37 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-01-27 20:37 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-01-27 20:37 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2013-01-27 20:37 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2013-01-27 20:37 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2013-01-27 20:37 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
    2013-01-27 20:37 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2013-01-27 20:36 . 2013-01-27 20:36 -------- d-----w- c:\program files\AVAST Software
    2013-01-27 20:36 . 2013-01-27 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2013-01-20 22:19 . 2013-01-20 22:20 -------- d-----w- c:\documents and settings\Carolyn Lee\Application Data\.minecraft
    2013-01-14 01:14 . 2013-01-14 01:14 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
    2013-01-14 01:14 . 2013-01-14 01:14 -------- d-----w- c:\program files\Solveig Multimedia
    2013-01-14 01:09 . 2013-01-14 01:09 -------- d-----w- c:\documents and settings\Carolyn Lee\Local Settings\Application Data\WMTools Downloaded Files
    2013-01-14 01:04 . 2013-01-23 01:42 -------- d-----w- c:\documents and settings\Carolyn Lee\Application Data\vlc
    2013-01-14 01:03 . 2013-01-14 01:03 -------- d-----w- c:\program files\VideoLAN
    2013-01-13 04:24 . 2013-01-13 04:24 -------- d-----w- c:\program files\iPod
    2013-01-13 04:23 . 2013-01-13 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-01-13 04:23 . 2013-01-13 04:24 -------- d-----w- c:\program files\iTunes
    2013-01-13 04:12 . 2013-01-13 04:12 -------- d-----w- c:\documents and settings\Carolyn\Application Data\ConsumerSoft
    2013-01-13 04:12 . 2013-01-13 04:12 -------- d-----w- c:\program files\ConsumerSoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-14 16:48 . 2013-01-14 16:48 10 ----a-w- c:\windows\Fonts\wfonts.key
    2012-12-16 21:44 . 2012-12-16 21:44 83760 ------w- c:\windows\system32\stkMonitor.dll
    2012-12-16 12:23 . 2004-08-11 23:00 290560 ------w- c:\windows\system32\atmfd.dll
    2012-11-13 01:25 . 2004-08-11 23:00 1866368 ------w- c:\windows\system32\win32k.sys
    2012-11-29 08:27 . 2012-12-24 06:17 262112 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ------w- c:\documents and settings\Carolyn\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ------w- c:\documents and settings\Carolyn\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ------w- c:\documents and settings\Carolyn\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ------w- c:\documents and settings\Carolyn\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim"="c:\program files\AIM\aim.exe" [2012-05-30 4331392]
    "My Faster PC"="c:\program files\ConsumerSoft\My Faster PC\mfpchelper.exe" [2012-07-05 1238440]
    "DefragReminder"="c:\program files\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe" [2012-07-05 919464]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2012-10-04 2415104]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
    "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
    "IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
    .
    c:\documents and settings\Carolyn Lee\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    c:\documents and settings\Carolyn\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Carolyn\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-10-04 366440]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Smart Wizard.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WNDA3100v2 Smart Wizard.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk
    backup=c:\windows\pss\NovaBACKUP Tray Control.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2012-12-18 20:14 642816 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2012-12-19 14:38 44280 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:57 40368 ------w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2012-04-02 05:00 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2007-07-17 01:48 69632 ------w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-11-28 22:13 59280 ------w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    2006-09-25 15:12 90112 ------w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2007-05-24 13:03 17920 ------w- c:\dell\E-Center\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
    2011-05-03 09:18 487424 ------w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-03-27 17:37 116648 -----tw- c:\documents and settings\Carolyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-08-11 23:30 249856 ------w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-08-11 23:30 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 21:57 152544 ------w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-10-25 11:12 421888 ------w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2007-07-17 01:48 16132608 ------w- c:\windows\RTHDCPL.EXE
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Documents and Settings\\Carolyn\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Documents and Settings\\Carolyn Lee\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/27/2013 12:37 PM 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/27/2013 12:38 PM 361032]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/27/2012 4:49 PM 208320]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/27/2012 4:49 PM 27648]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/27/2012 4:49 PM 31920]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/27/2013 12:38 PM 21256]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 12:37 PM 13672]
    R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [11/11/2011 5:33 PM 371856]
    R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [3/27/2012 4:49 PM 216072]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [7/25/2012 12:46 AM 1326176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [7/25/2012 12:46 AM 681056]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [3/27/2012 9:29 AM 632576]
    S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [3/27/2012 4:49 PM 44992]
    S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\OAsrv.exe [3/27/2012 4:49 PM 4463864]
    S2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [3/27/2012 9:29 AM 278528]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 288112]
    S3 Backup Client Agent Service;Backup Client Agent Service;c:\program files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [11/8/2011 3:40 AM 217600]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 12:30 AM 15544]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
    .
    2013-02-08 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-27 23:50]
    .
    2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2735878217-613473070-2586340739-1005Core.job
    - c:\documents and settings\Carolyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-27 17:37]
    .
    2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2735878217-613473070-2586340739-1005UA.job
    - c:\documents and settings\Carolyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-27 17:37]
    .
    2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2735878217-613473070-2586340739-1007Core.job
    - c:\documents and settings\Carolyn Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-29 18:36]
    .
    2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2735878217-613473070-2586340739-1007UA.job
    - c:\documents and settings\Carolyn Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-29 18:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080121
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080121
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: aol.com\free
    Trusted Zone: cleverreach.com\novastor
    Trusted Zone: google-analytics.com
    Trusted Zone: novastor.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
    AddRemove-{8EA79DBF-D637-448A-89D6-410A087A4493} - c:\program files\InstallShield Installation Information\{8EA79DBF-D637-448A-89D6-410A087A4493}\setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-08 10:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(720)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'explorer.exe'(1060)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Carolyn\Application Data\Dropbox\bin\DropboxExt.17.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\ConsumerSoft\My Faster PC\MFPCReminder.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2013-02-08 10:24:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-02-08 18:24
    .
    Pre-Run: 215,436,853,248 bytes free
    Post-Run: 218,361,528,320 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 5826219F3A940B2D0CA2290FC6315EAC
     
  12. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    ComboFix-quarantined-files.txt:

    ------------------------------------------------------------------

    2013-02-08 18:24:03 . 2013-02-08 18:24:03 2,284 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{8EA79DBF-D637-448A-89D6-410A087A4493}.reg.dat
    2013-02-08 18:23:51 . 2013-02-08 18:23:51 165 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-MSC.reg.dat
    2013-02-07 23:46:49 . 2013-02-07 23:46:49 2,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
    2013-02-07 23:46:38 . 2013-02-07 23:46:38 7,893 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2013-02-07 23:39:30 . 2013-02-07 23:39:30 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2012-03-27 17:29:44 . 2009-10-20 17:19:46 100,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Packet.dll.vir
    2012-03-27 17:29:44 . 2009-10-20 17:19:54 281,104 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
    2012-03-27 17:29:44 . 2009-10-20 17:19:30 53,299 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
    2012-03-27 17:29:44 . 2009-10-20 17:19:44 50,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
    2008-01-21 16:59:57 . 2008-01-21 16:59:57 120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wininit.ini.vir
    2007-11-07 15:03:18 . 2007-11-07 15:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
    2004-08-11 23:21:46 . 2004-08-11 23:21:48 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
    2004-08-11 23:21:46 . 2003-02-21 10:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
    2004-08-11 23:21:46 . 2003-02-21 01:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
    2004-08-11 23:21:46 . 2003-02-21 01:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
    2004-08-11 23:21:46 . 2003-02-21 01:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
    2004-08-11 23:21:46 . 2003-02-21 01:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
    2003-02-21 11:16:08 . 2003-02-21 11:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,373
    First Name:
    Kevin
    Select start > right click on My Computer > select > Manage > Device Manager. Scroll to and expand "Network Adapters" right on the current adapter and select "UNinstall"

    Reboot your PC, is the connection restored?
     
  14. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    Nope that didn't work either.
     
  15. capescafe

    capescafe Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    193
    Now it's working...was a bit slow I guess. I have my internet back. Did you see anything in the logs from combofix?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087160

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice