Thanks for the reply Salagubang,
I'm using an old computer, its Intel Pentium IV 1.5ghz, 512mbram, Windows XP, SP2.
Here's my OTL Log.
OTL logfile created on: 4/17/2011 8:49:18 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nelvin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
512.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 2.47 Gb Free Space | 13.26% Space Free | Partition Type: NTFS
Drive D: | 18.65 Gb Total Space | 3.87 Gb Free Space | 20.76% Space Free | Partition Type: NTFS
Drive F: | 573.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: NELVINPC | User Name: Nelvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/04/17 20:46:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nelvin\My Documents\Downloads\OTL (1).exe
PRC - [2011/04/13 08:51:02 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/05 23:53:47 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/08 19:29:55 | 003,250,664 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2011/02/23 23:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/05/24 15:24:10 | 000,275,456 | ---- | M] () -- D:\Games\ePSXe\ePSXe.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/08/04 06:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ========== MOD - [2011/04/17 20:46:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nelvin\My Documents\Downloads\OTL (1).exe
MOD - [2011/02/23 23:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011/02/23 23:04:11 | 000,122,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\ashShell.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2004/08/04 06:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ========== DRV - [2011/02/23 22:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 22:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 22:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 22:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 22:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 22:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 22:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/09 11:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 07:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 21:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NtApm.sys -- (NtApm)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.thechatphone.comIE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-746137067-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://slirsredirect...&query=facebookIE - HKU\S-1-5-21-220523388-746137067-854245398-1003\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\TheChatPhone Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-220523388-746137067-854245398-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-220523388-746137067-854245398-1003\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
IE - HKU\S-1-5-21-220523388-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "
http://search.aol.co...romesbox-en-us"FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://search.thechatphone.com/"FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems:
[email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.4896
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {16AEBD03-85CA-4E9D-9626-6A9CEAE9AB06}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..keyword.URL: "
http://search.thecha...tphone.com/?q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/24 22:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/08 20:11:41 | 000,000,000 | ---D | M]
[2010/08/11 21:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Extensions
[2011/04/11 09:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions
[2011/01/13 20:14:55 | 000,000,000 | ---D | M] (TheChatPhone Toolbar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{16AEBD03-85CA-4E9D-9626-6A9CEAE9AB06}
[2010/09/17 00:10:12 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/09/11 00:25:29 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/11 22:36:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/11 22:36:18 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\
[email protected][2010/09/17 00:15:00 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\searchplugins\aol-search.xml
[2011/01/14 07:18:16 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\searchplugins\thechatphone-powered-by-google.xml
[2011/04/11 09:54:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 22:50:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/24 10:45:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/24 10:43:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/24 10:43:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2001/01/01 01:21:44 | 000,000,801 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O2 - BHO: (TBSB02381 Class) - {77245F75-3D8C-40CD-8F64-F9AA1388406F} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O3 - HKU\S-1-5-21-220523388-746137067-854245398-1003\..\Toolbar\WebBrowser: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-220523388-746137067-854245398-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKU\S-1-5-21-220523388-746137067-854245398-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-220523388-746137067-854245398-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Nelvin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nelvin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/01/01 00:41:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07c42fd1-bb31-11df-a046-00e04c391e60}\Shell\AutoRun\command - "" = wscript.exe tumauini.vbs
O33 - MountPoints2\{07c42fd1-bb31-11df-a046-00e04c391e60}\Shell\Open\Command - "" = wscript.exe tumauini.vbs
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\AutoRun\command - "" = F:\siljo/kramponja.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\Explore\command - "" = F:\siljo/kramponja.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\Open\command - "" = F:\siljo/kramponja.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (InterVideo Digital Technology Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSACM.l3codec - C:\windows\System32\L3CODECP.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "gupdate"
MsConfig - Services: "QueryExplorer Service"
MsConfig - StartUpFolder: C:^Documents and Settings^Nelvin^Start Menu^Programs^Startup^LimeWire On Startup.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Nelvin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg:
Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg:
HBLiteSA - hkey= - key= - File not found
MsConfig - StartUpReg:
Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg:
PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg:
QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg:
Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg:
uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\system32\rundll32.exe" "C:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
========== Files/Folders - Created Within 30 Days ========== [2011/04/17 07:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI
[2011/04/11 14:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Application Data\Unity
[2011/04/11 13:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\Unity
[2011/04/08 15:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Application Data\Malwarebytes
[2011/04/08 15:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 15:11:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/08 15:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/08 15:11:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/08 15:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/07 22:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\My Documents\Snagit
[2011/04/07 21:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Snagit 9
[2011/04/07 21:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/04/07 21:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2011/04/07 21:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\TechSmith
[2011/04/05 22:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/04/05 22:50:40 | 000,151,552 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm
[2011/04/05 22:50:38 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2011/04/05 22:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/04/02 10:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Globe Broadband
[2011/04/02 10:57:02 | 000,113,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2011/04/02 10:57:02 | 000,102,528 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2011/04/02 10:57:02 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbdev.sys
[2011/04/02 10:57:02 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2011/04/02 10:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Globe Broadband
[2011/03/29 17:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\My Documents\NBA LIVE 2005
[2011/03/19 07:59:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nelvin\Recent
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/04/17 20:25:36 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/17 18:55:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Nelvin\Desktop\Shortcut to ePSXe.lnk
[2011/04/17 18:25:03 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/17 16:45:04 | 000,186,097 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2011/04/17 16:44:26 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/17 16:44:23 | 536,469,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/17 07:33:48 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\METAL GEAR SOLID2 SUBSTANCE.lnk
[2011/04/17 02:05:52 | 000,054,272 | -H-- | M] () -- C:\Documents and Settings\Nelvin\My Documents\photothumb.db
[2011/04/15 23:31:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/15 03:35:59 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 18:26:54 | 000,000,081 | ---- | M] () -- C:\windows\System32\asr_lkxlkt
[2011/04/13 08:26:07 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2011/04/08 16:05:34 | 000,436,831 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\2012.gif
[2011/04/08 15:11:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 22:07:45 | 015,741,952 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\tifa vs loz.avi
[2011/04/07 21:55:32 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9 Editor.lnk
[2011/04/07 21:55:32 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2011/04/07 21:55:32 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9.lnk
[2011/04/07 20:55:36 | 000,824,661 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4997.JPG
[2011/04/07 20:55:26 | 000,809,515 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4996.JPG
[2011/04/07 20:55:02 | 000,800,615 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4995.JPG
[2011/04/07 20:54:54 | 000,785,204 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4994.JPG
[2011/04/07 14:34:23 | 027,430,069 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\Marine Scout Snipers School - Surviving The Cut - S01E06 par.flv
[2011/04/02 10:57:48 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2011/03/29 16:00:00 | 000,080,896 | ---- | M] () -- C:\windows\System32\ff_vfw.dll
[2011/03/29 16:00:00 | 000,000,038 | ---- | M] () -- C:\windows\avisplitter.ini
[2011/03/29 12:49:58 | 000,000,025 | ---- | M] () -- C:\windows\popcinfot.dat
[2011/03/25 03:35:18 | 000,243,200 | ---- | M] () -- C:\windows\System32\xvidvfw.dll
[2011/03/25 03:28:12 | 000,631,808 | ---- | M] () -- C:\windows\System32\xvidcore.dll
[2011/03/20 03:00:38 | 000,151,552 | ---- | M] (fccHandler) -- C:\windows\System32\ac3acm.acm
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/04/17 18:55:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Nelvin\Desktop\Shortcut to ePSXe.lnk
[2011/04/17 07:33:48 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\METAL GEAR SOLID2 SUBSTANCE.lnk
[2011/04/13 18:26:54 | 000,000,081 | ---- | C] () -- C:\windows\System32\asr_lkxlkt
[2011/04/08 16:05:44 | 000,436,831 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\2012.gif
[2011/04/08 15:11:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 22:07:05 | 015,741,952 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\tifa vs loz.avi
[2011/04/07 21:55:32 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9 Editor.lnk
[2011/04/07 21:55:32 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Nelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2011/04/07 21:55:32 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9.lnk
[2011/04/07 20:55:36 | 000,824,661 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4997.JPG
[2011/04/07 20:55:24 | 000,809,515 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4996.JPG
[2011/04/07 20:55:02 | 000,800,615 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4995.JPG
[2011/04/07 20:54:54 | 000,785,204 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4994.JPG
[2011/04/07 14:28:17 | 027,430,069 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\Marine Scout Snipers School - Surviving The Cut - S01E06 par.flv
[2011/04/05 22:51:16 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/04/05 22:50:36 | 000,631,808 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/04/05 22:50:35 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/04/05 22:50:27 | 000,080,896 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/04/02 10:57:48 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2011/02/19 15:53:19 | 000,210,456 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2011/02/19 15:53:19 | 000,206,360 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2011/02/19 15:53:19 | 000,198,168 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2011/02/19 15:53:19 | 000,198,168 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2011/02/19 15:53:19 | 000,194,072 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2011/02/19 15:53:19 | 000,026,136 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2011/02/06 08:56:40 | 000,000,532 | ---- | C] () -- C:\windows\eReg.dat
[2011/01/17 18:55:30 | 000,000,004 | ---- | C] () -- C:\windows\msoffice.ini
[2010/10/04 22:53:34 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/09/09 22:54:15 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/08/21 19:25:21 | 000,000,025 | ---- | C] () -- C:\windows\popcinfot.dat
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,630,208 | ---- | C] () -- C:\windows\System32\nwiz.exe
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\windows\System32\nview.dll
[2008/05/16 14:01:00 | 001,339,392 | ---- | C] () -- C:\windows\System32\nvdspsch.exe
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,442,368 | ---- | C] () -- C:\windows\System32\nvappbar.exe
[2008/05/16 14:01:00 | 000,425,984 | ---- | C] () -- C:\windows\System32\keystone.exe
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2004/08/04 07:07:22 | 000,001,788 | ---- | C] () -- C:\windows\System32\Dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2001/08/23 20:00:00 | 000,311,604 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2001/08/23 20:00:00 | 000,039,992 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2001/01/01 08:25:18 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2001/01/01 08:22:17 | 000,322,728 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2001/01/01 08:06:06 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2001/01/01 07:52:38 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2001/01/01 00:50:58 | 000,049,152 | ---- | C] () -- C:\windows\System32\ChCfg.exe
[2001/01/01 00:50:16 | 000,147,456 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2001/01/01 00:45:34 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2001/01/01 00:37:09 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
========== LOP Check ========== [2011/03/15 01:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2001/01/01 01:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/02/19 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/01/10 21:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/08/14 09:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/04/07 21:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/04/07 22:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/19 15:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/09/17 00:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/17 18:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YSFLIGHT.COM
[2010/08/17 09:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Gearbox Software
[2011/02/19 22:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Kalydo
[2010/10/12 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\LimeWire
[2010/09/26 03:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\PhotoScape
[2011/02/18 18:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Rovio
[2011/01/13 20:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Toolbar4
[2011/02/19 16:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Ulead Systems
[2011/04/11 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Unity
[2011/04/17 20:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\uTorrent
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >
Here's Extras.txtOTL Extras logfile created on: 4/12/2011 7:17:37 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nelvin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
512.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 4.90 Gb Free Space | 26.29% Space Free | Partition Type: NTFS
Drive D: | 18.65 Gb Total Space | 1.11 Gb Free Space | 5.98% Space Free | Partition Type: NTFS
Computer Name: NELVINPC | User Name: Nelvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"D:\Games\Earned\System\EiB.exe" = D:\Games\Earned\System\EiB.exe:*:Enabled:Brothers In Arms Earned In Blood
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service
"C:\Program Files\Common Files\aol\1284653305\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1284653305\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"D:\Games\Doom3\Doom 3\DOOM3DED.exe" = D:\Games\Doom3\Doom 3\DOOM3DED.exe:*:Enabled:DOOM 3
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24
"{28CC29B1-2F66-4671-0081-651745DB4A2E}" = NBA LIVE 2005
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"CES 4.1" = CES 4.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Globe Broadband" = Globe Broadband
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"PowerISO" = PowerISO
"RaidenII" = RaidenII (Remove only, requires CD)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TheChatPhone Toolbar" = TheChatPhone Toolbar
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"KalydoPlayer" = Kalydo Player 3.09.00
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 4/3/2011 4:37:32 AM | Computer Name = NELVINPC | Source = Application Hang | ID = 1002
Description = Hanging application ePSXe.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/5/2011 12:08:38 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module netapi32.dll, version 5.1.2600.2180, fault address 0x000187ad.
Error - 4/5/2011 9:14:17 AM | Computer Name = NELVINPC | Source = Application Hang | ID = 1002
Description = Hanging application ePSXe.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/6/2011 10:28:37 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001f1cb0.
Error - 4/7/2011 10:22:45 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application vstudio.exe, version 11.0.0.0, faulting module
mfc80.dll, version 8.0.50727.4053, fault address 0x00030264.
Error - 4/8/2011 1:18:33 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application epsxe.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0xf6330875.
Error - 4/8/2011 1:52:06 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application vstudio.exe, version 11.0.0.0, faulting module
mfc80.dll, version 8.0.50727.4053, fault address 0x000270d7.
Error - 4/9/2011 8:07:12 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001f1cb0.
Error - 4/9/2011 12:33:57 PM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001f1cb0.
Error - 4/9/2011 12:39:17 PM | Computer Name = NELVINPC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
[ OSession Events ]
Error - 9/20/2010 5:54:01 AM | Computer Name = NELVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 483
seconds with 420 seconds of active time. This session ended with a crash.
Error - 9/20/2010 5:54:38 AM | Computer Name = NELVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/20/2010 5:55:37 AM | Computer Name = NELVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/3/2010 4:50:37 AM | Computer Name = NELVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 9297 seconds with 1860 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 4/4/2011 10:15:05 AM | Computer Name = NELVINPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 4/4/2011 10:15:05 AM | Computer Name = NELVINPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 4/4/2011 10:15:05 AM | Computer Name = NELVINPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 4/4/2011 10:23:27 AM | Computer Name = NELVINPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 4/4/2011 10:23:27 AM | Computer Name = NELVINPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 4/5/2011 12:09:58 AM | Computer Name = NELVINPC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056
Error - 4/6/2011 10:30:06 AM | Computer Name = NELVINPC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056
Error - 4/9/2011 12:39:02 PM | Computer Name = NELVINPC | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).
Error - 4/9/2011 12:39:05 PM | Computer Name = NELVINPC | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.
Error - 4/12/2011 5:02:20 AM | Computer Name = NELVINPC | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.
< End of report >
Here's my GMER log.GMER 1.0.15.15570 -
http://www.gmer.netRootkit scan 2011-04-17 21:39:57
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_SV4012H rev.RM100-05
Running: gmer.exe; Driver: C:\DOCUME~1\Nelvin\LOCALS~1\Temp\pxdcqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF5EA59CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF5EFAA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF5EC5AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF5EA7EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF5EA7F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF5EA801A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF5EC54A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF5EA7E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF5EA7F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF5EA7E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF5EA7FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF5EA59EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF5EC61BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF5EC6471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF5EA829E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF5EC6026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF5EC5E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF5EFAB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF5EA57B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF5EA5A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF5EA8412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF5EA64AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF5EA7EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF5EA7F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF5EA8044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF5EC5805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF5EA7E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF5EA80D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF5EA7F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF5EA7E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF5EA81BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF5EA7FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF5EFABB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF5EC5D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF5EA6370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF5EC5B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF5F02E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF5EC4B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF5EA5A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF5EA5A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF5EA5812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF5EA594E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF5EC62C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF5EA592A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF5EA5972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF5EA5A7E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF5F0F8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + DB 804E2DAC 8 Bytes JMP EA7F04F5
.text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 8 Bytes JMP EA7E56F5
.text ntoskrnl.exe!_abnormal_termination + 20B 804E2EDC 8 Bytes JMP EA64AAF5
.text ntoskrnl.exe!_abnormal_termination + 217 804E2EE8 8 Bytes JMP EA7F2CF5
.text ntoskrnl.exe!_abnormal_termination + 243 804E2F14 8 Bytes JMP EA7E84F5
.text ...
PAGE ntoskrnl.exe!ObInsertObject 805648A3 5 Bytes JMP F5F0CD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056A5DC 4 Bytes CALL F5EA6E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805885D3 7 Bytes JMP F5F0F8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A2BF9 5 Bytes JMP F5F0B29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7818360, 0x37388D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\windows\SOUNDMAN.EXE[428] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00140030
.text C:\windows\SOUNDMAN.EXE[428] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0014006C
.text C:\windows\SOUNDMAN.EXE[428] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
.text C:\windows\SOUNDMAN.EXE[428] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
.text C:\windows\SOUNDMAN.EXE[428] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
.text C:\windows\SOUNDMAN.EXE[428] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
.text C:\windows\SOUNDMAN.EXE[428] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003801D4
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003800E4
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380120
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0038015C
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380198
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00380030
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0038006C
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00380030
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0038006C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003800E4
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380120
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003A00A8
.text C:\windows\system32\RUNDLL32.EXE[572] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\RUNDLL32.EXE[572] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\RUNDLL32.EXE[572] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002A0030
.text C:\windows\system32\RUNDLL32.EXE[572] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002A006C
.text C:\windows\system32\RUNDLL32.EXE[572] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002A00E4
.text C:\windows\system32\RUNDLL32.EXE[572] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002A0120
.text C:\windows\system32\RUNDLL32.EXE[572] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002A00A8
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B01D4
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B00E4
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0120
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B015C
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0198
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B0030
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B006C
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B00A8
.text C:\windows\system32\ctfmon.exe[608] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A0030
.text C:\windows\system32\ctfmon.exe[608] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A006C
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B01D4
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B00E4
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0120
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B015C
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0198
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B0030
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B006C
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B00A8
.text C:\windows\system32\ctfmon.exe[608] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002C0030
.text C:\windows\system32\ctfmon.exe[608] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002C006C
.text C:\windows\system32\ctfmon.exe[608] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002C00E4
.text C:\windows\system32\ctfmon.exe[608] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002C0120
.text C:\windows\system32\ctfmon.exe[608] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002C00A8
.text C:\Program Files\uTorrent\uTorrent.exe[624] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00330030
.text C:\Program Files\uTorrent\uTorrent.exe[624] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0033006C
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 006701D4
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 006700E4
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00670120
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0067015C
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00670198
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00670030
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0067006C
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 006700A8
.text C:\Program Files\uTorrent\uTorrent.exe[624] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00680030
.text C:\Program Files\uTorrent\uTorrent.exe[624] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0068006C
.text C:\Program Files\uTorrent\uTorrent.exe[624] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 006800E4
.text C:\Program Files\uTorrent\uTorrent.exe[624] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00680120
.text C:\Program Files\uTorrent\uTorrent.exe[624] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 006800A8
.text C:\windows\system32\winlogon.exe[652] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00070030
.text C:\windows\system32\winlogon.exe[652] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0007006C
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\winlogon.exe[652] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\winlogon.exe[652] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\winlogon.exe[652] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\winlogon.exe[652] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\winlogon.exe[652] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\services.exe[696] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\services.exe[696] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\services.exe[696] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\services.exe[696] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\services.exe[696] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\services.exe[696] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\services.exe[696] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\lsass.exe[708] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\lsass.exe[708] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\lsass.exe[708] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\lsass.exe[708] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\lsass.exe[708] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\lsass.exe[708] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\lsass.exe[708] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[860] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[860] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\svchost.exe[860] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[860] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[860] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[860] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[860] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[904] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\svchost.exe[904] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[904] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[904] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[904] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[904] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\System32\svchost.exe[984] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\System32\svchost.exe[984] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\System32\svchost.exe[984] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\System32\svchost.exe[984] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\System32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\svchost.exe[1128] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[1128] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003801D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003800E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380120
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0038015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380198
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00380030
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0038006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003800A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00390030
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0039006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003900E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390120
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003900A8
.text C:\windows\Explorer.EXE[1348] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\Explorer.EXE[1348] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B01D4
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B00E4
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0120
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B015C
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0198
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B0030
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B006C
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B00A8
.text C:\windows\Explorer.EXE[1348] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002C0030
.text C:\windows\Explorer.EXE[1348] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002C006C
.text C:\windows\Explorer.EXE[1348] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002C00E4
.text C:\windows\Explorer.EXE[1348] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002C0120
.text C:\windows\Explorer.EXE[1348] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002C00A8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00170030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0017006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003F0030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003F006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003F00E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003F0120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003F00A8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 005001D4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 005000E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00500120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0050015C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00500198
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00500030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0050006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 005000A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1396] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00380030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0038006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003800E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003800A8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003901D4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003900E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0039015C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390198
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00390030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0039006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003900A8
.text C:\windows\system32\nvsvc32.exe[1716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00140030
.text C:\windows\system32\nvsvc32.exe[1716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0014006C
.text C:\windows\system32\nvsvc32.exe[1716] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
.text C:\windows\system32\nvsvc32.exe[1716] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
.text C:\windows\system32\nvsvc32.exe[1716] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
.text C:\windows\system32\nvsvc32.exe[1716] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
.text C:\windows\system32\nvsvc32.exe[1716] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003801D4
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003800E4
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380120
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0038015C
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380198
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00380030
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0038006C
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003800A8
.text C:\windows\system32\spoolsv.exe[1840] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\spoolsv.exe[1840] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\spoolsv.exe[1840] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\spoolsv.exe[1840] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\spoolsv.exe[1840] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\spoolsv.exe[1840] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\spoolsv.exe[1840] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003801D4
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003800E4
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380120
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0038015C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380198
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00380030
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0038006C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003800A8
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003E0030
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003E006C
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003E00E4
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003E0120
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003E00A8
.text C:\windows\system32\wscntfy.exe[3168] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\wscntfy.exe[3168] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\wscntfy.exe[3168] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002C0030
.text C:\windows\system32\wscntfy.exe[3168] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002C006C
.text C:\windows\system32\wscntfy.exe[3168] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002C00E4
.text C:\windows\system32\wscntfy.exe[3168] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002C0120
.text C:\windows\system32\wscntfy.exe[3168] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002C00A8
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002D01D4
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002D00E4
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002D0120
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002D015C
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002D0198
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002D0030
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002D006C
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002D00A8
.text D:\Games\ePSXe\ePSXe.exe[3248] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00140030
.text D:\Games\ePSXe\ePSXe.exe[3248] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0014006C
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003901D4
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003900E4
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390120
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0039015C
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390198
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00390030
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0039006C
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003900A8
.text D:\Games\ePSXe\ePSXe.exe[3248] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003A0030
.text D:\Games\ePSXe\ePSXe.exe[3248] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003A006C
.text D:\Games\ePSXe\ePSXe.exe[3248] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003A00E4
.text D:\Games\ePSXe\ePSXe.exe[3248] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003A0120
.text D:\Games\ePSXe\ePSXe.exe[3248] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003A00A8
.text C:\windows\System32\alg.exe[3480] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\System32\alg.exe[3480] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\System32\alg.exe[3480] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002A0030
.text C:\windows\System32\alg.exe[3480] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002A006C
.text C:\windows\System32\alg.exe[3480] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002A00E4
.text C:\windows\System32\alg.exe[3480] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002A0120
.text C:\windows\System32\alg.exe[3480] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002A00A8
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B01D4
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B00E4
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0120
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B015C
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0198
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B0030
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B006C
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B00A8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----