Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32:Confi[Wrm] & Win32:Rootkit-gen[Rtk]

Started by ironvin , Apr 12 2011 05:45 AM

  • This topic is locked This topic is locked

#1
ironvin
Posted 12 April 2011 - 05:45 AM

ironvin

    Member

  • Member
  • PipPip
  • 15 posts
Hi, I'm new to this forum and first of all please excuse me for my English. :D

My Avast AV keeps detecting these virus...
Win32:Confi[Wrm] & Win32:Rootkit-gen[Rtk]
and it keeps detecting it everytime i connect my pc to the internet and popping up for like every 5mins or so.
i think my AV successfully blocking it from total infection to my computer, but i can't delete it.
i already ran a full system scan using my AV and MBAM. it detected like 100+ virus (with same virus names) and successfully moved it to chest, but the virus is still there.

its location and file name is under C:\windows\system32\x
for both virus. its process is svchost.exe.

** HERE'S MY OTL LOG**

OTL logfile created on: 4/12/2011 7:17:37 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nelvin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 4.90 Gb Free Space | 26.29% Space Free | Partition Type: NTFS
Drive D: | 18.65 Gb Total Space | 1.11 Gb Free Space | 5.98% Space Free | Partition Type: NTFS

Computer Name: NELVINPC | User Name: Nelvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/08 15:10:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nelvin\My Documents\Downloads\OTL.exe
PRC - [2011/04/05 23:53:47 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/24 01:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/02/23 23:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/08/04 06:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/08 15:10:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nelvin\My Documents\Downloads\OTL.exe
MOD - [2011/02/23 23:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2004/08/04 06:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 22:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 22:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 22:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 22:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 22:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 22:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 22:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/09 11:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 07:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 21:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NtApm.sys -- (NtApm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://slirsredirect...&query=facebook
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\TheChatPhone Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.thechatphone.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.4896
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {16AEBD03-85CA-4E9D-9626-6A9CEAE9AB06}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.thecha...tphone.com/?q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/24 22:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/08 20:11:41 | 000,000,000 | ---D | M]

[2010/08/11 21:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Extensions
[2011/04/11 09:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions
[2011/01/13 20:14:55 | 000,000,000 | ---D | M] (TheChatPhone Toolbar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{16AEBD03-85CA-4E9D-9626-6A9CEAE9AB06}
[2010/09/17 00:10:12 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/09/11 00:25:29 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/11 22:36:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/11 22:36:18 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\[email protected]
[2010/09/17 00:15:00 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\searchplugins\aol-search.xml
[2011/01/14 07:18:16 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\searchplugins\thechatphone-powered-by-google.xml
[2011/04/11 09:54:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 22:50:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/24 10:45:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/24 10:43:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/24 10:43:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2001/01/01 01:21:44 | 000,000,801 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O2 - BHO: (TBSB02381 Class) - {77245F75-3D8C-40CD-8F64-F9AA1388406F} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Nelvin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nelvin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/01/01 00:41:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07c42fd1-bb31-11df-a046-00e04c391e60}\Shell\AutoRun\command - "" = wscript.exe tumauini.vbs
O33 - MountPoints2\{07c42fd1-bb31-11df-a046-00e04c391e60}\Shell\Open\Command - "" = wscript.exe tumauini.vbs
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\AutoRun\command - "" = F:\siljo/kramponja.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\Explore\command - "" = F:\siljo/kramponja.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\Open\command - "" = F:\siljo/kramponja.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 14:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Application Data\Unity
[2011/04/11 13:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\Unity
[2011/04/08 15:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Application Data\Malwarebytes
[2011/04/08 15:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 15:11:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/08 15:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/08 15:11:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/08 15:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/07 22:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\My Documents\Snagit
[2011/04/07 21:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Snagit 9
[2011/04/07 21:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/04/07 21:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2011/04/07 21:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\TechSmith
[2011/04/05 22:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/04/05 22:50:40 | 000,151,552 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm
[2011/04/05 22:50:38 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2011/04/05 22:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/04/02 10:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Globe Broadband
[2011/04/02 10:57:02 | 000,113,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2011/04/02 10:57:02 | 000,102,528 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2011/04/02 10:57:02 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbdev.sys
[2011/04/02 10:57:02 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2011/04/02 10:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Globe Broadband
[2011/03/29 17:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\My Documents\NBA LIVE 2005
[2011/03/29 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA SPORTS
[2011/03/19 07:59:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nelvin\Recent
[2011/03/15 01:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/12 19:25:05 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/12 18:25:04 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/12 11:19:28 | 000,186,097 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2011/04/12 11:18:49 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/12 11:18:47 | 536,469,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/11 01:31:06 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 19:31:32 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/08 16:05:34 | 000,436,831 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\2012.gif
[2011/04/08 15:11:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 22:07:45 | 015,741,952 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\tifa vs loz.avi
[2011/04/07 21:55:32 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9 Editor.lnk
[2011/04/07 21:55:32 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2011/04/07 21:55:32 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9.lnk
[2011/04/07 20:55:36 | 000,824,661 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4997.JPG
[2011/04/07 20:55:26 | 000,809,515 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4996.JPG
[2011/04/07 20:55:02 | 000,800,615 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4995.JPG
[2011/04/07 20:54:54 | 000,785,204 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4994.JPG
[2011/04/07 14:34:23 | 027,430,069 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\Marine Scout Snipers School - Surviving The Cut - S01E06 par.flv
[2011/04/06 08:26:03 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2011/04/02 10:57:48 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2011/03/29 17:27:56 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NBA LIVE 2005.lnk
[2011/03/29 16:00:00 | 000,080,896 | ---- | M] () -- C:\windows\System32\ff_vfw.dll
[2011/03/29 16:00:00 | 000,000,038 | ---- | M] () -- C:\windows\avisplitter.ini
[2011/03/29 12:49:58 | 000,000,025 | ---- | M] () -- C:\windows\popcinfot.dat
[2011/03/25 03:35:18 | 000,243,200 | ---- | M] () -- C:\windows\System32\xvidvfw.dll
[2011/03/25 03:28:12 | 000,631,808 | ---- | M] () -- C:\windows\System32\xvidcore.dll
[2011/03/20 03:00:38 | 000,151,552 | ---- | M] (fccHandler) -- C:\windows\System32\ac3acm.acm
[2011/03/17 18:51:00 | 000,000,080 | ---- | M] () -- C:\windows\System32\asr_qxpsi
[2011/03/15 01:43:14 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Goo.lnk
[2011/03/14 19:52:17 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\Nelvin\Desktop\Shortcut to ePSXe.exe.lnk
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/08 16:05:44 | 000,436,831 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\2012.gif
[2011/04/08 15:11:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 22:07:05 | 015,741,952 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\tifa vs loz.avi
[2011/04/07 21:55:32 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9 Editor.lnk
[2011/04/07 21:55:32 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Nelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2011/04/07 21:55:32 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9.lnk
[2011/04/07 20:55:36 | 000,824,661 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4997.JPG
[2011/04/07 20:55:24 | 000,809,515 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4996.JPG
[2011/04/07 20:55:02 | 000,800,615 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4995.JPG
[2011/04/07 20:54:54 | 000,785,204 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4994.JPG
[2011/04/07 14:28:17 | 027,430,069 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\Marine Scout Snipers School - Surviving The Cut - S01E06 par.flv
[2011/04/05 22:51:16 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/04/05 22:50:36 | 000,631,808 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/04/05 22:50:35 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/04/05 22:50:27 | 000,080,896 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/04/02 10:57:48 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2011/03/29 17:27:56 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NBA LIVE 2005.lnk
[2011/03/17 18:51:00 | 000,000,080 | ---- | C] () -- C:\windows\System32\asr_qxpsi
[2011/03/15 01:43:14 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Goo.lnk
[2011/03/14 19:52:17 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\Nelvin\Desktop\Shortcut to ePSXe.exe.lnk
[2011/02/19 15:53:19 | 000,210,456 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2011/02/19 15:53:19 | 000,206,360 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2011/02/19 15:53:19 | 000,198,168 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2011/02/19 15:53:19 | 000,198,168 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2011/02/19 15:53:19 | 000,194,072 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2011/02/19 15:53:19 | 000,026,136 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2011/02/06 08:56:40 | 000,000,532 | ---- | C] () -- C:\windows\eReg.dat
[2011/01/17 18:55:30 | 000,000,004 | ---- | C] () -- C:\windows\msoffice.ini
[2010/10/04 22:53:34 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/09/09 22:54:15 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/08/21 19:25:21 | 000,000,025 | ---- | C] () -- C:\windows\popcinfot.dat
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,630,208 | ---- | C] () -- C:\windows\System32\nwiz.exe
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\windows\System32\nview.dll
[2008/05/16 14:01:00 | 001,339,392 | ---- | C] () -- C:\windows\System32\nvdspsch.exe
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,442,368 | ---- | C] () -- C:\windows\System32\nvappbar.exe
[2008/05/16 14:01:00 | 000,425,984 | ---- | C] () -- C:\windows\System32\keystone.exe
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2004/08/04 07:07:22 | 000,001,788 | ---- | C] () -- C:\windows\System32\Dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2001/08/23 20:00:00 | 000,311,604 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2001/08/23 20:00:00 | 000,039,992 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2001/01/01 08:25:18 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2001/01/01 08:22:17 | 000,322,728 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2001/01/01 08:06:06 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2001/01/01 07:52:38 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2001/01/01 00:50:58 | 000,049,152 | ---- | C] () -- C:\windows\System32\ChCfg.exe
[2001/01/01 00:50:16 | 000,147,456 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2001/01/01 00:45:34 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2001/01/01 00:37:09 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat

========== LOP Check ==========

[2011/03/15 01:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2001/01/01 01:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/02/19 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/01/10 21:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/08/14 09:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/04/07 21:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/04/07 22:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/19 15:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/09/17 00:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/17 18:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YSFLIGHT.COM
[2010/08/17 09:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Gearbox Software
[2011/02/19 22:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Kalydo
[2010/10/12 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\LimeWire
[2010/09/26 03:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\PhotoScape
[2011/02/18 18:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Rovio
[2011/01/13 20:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Toolbar4
[2011/02/19 16:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Ulead Systems
[2011/04/11 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Unity
[2011/04/12 19:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >
  • 0

Advertisements

#2
Salagubang
Posted 17 April 2011 - 01:32 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi ironvin,

Sorry for the delay.

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

Do you still assistance?
  • 0

#3
ironvin
Posted 17 April 2011 - 04:20 AM

ironvin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Finally, yes, I still need help. waiting for your instructions.
btw, I believe we're both filipino here. :D
  • 0

#4
Salagubang
Posted 17 April 2011 - 04:37 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
We need some fresh logs. Also, can you tell me what is the make and model of this machine we're working in?

Step One

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Standard Output at the top
  • Under the Extra Registry sectionm ensure that Safelist is selected
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Step Two

GMER Rootkit Scanner
  • Posted Image GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

    NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


  • 0

#5
ironvin
Posted 17 April 2011 - 07:42 AM

ironvin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for the reply Salagubang,

I'm using an old computer, its Intel Pentium IV 1.5ghz, 512mbram, Windows XP, SP2.
Here's my OTL Log.

OTL logfile created on: 4/17/2011 8:49:18 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nelvin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 2.47 Gb Free Space | 13.26% Space Free | Partition Type: NTFS
Drive D: | 18.65 Gb Total Space | 3.87 Gb Free Space | 20.76% Space Free | Partition Type: NTFS
Drive F: | 573.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NELVINPC | User Name: Nelvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/17 20:46:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nelvin\My Documents\Downloads\OTL (1).exe
PRC - [2011/04/13 08:51:02 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/05 23:53:47 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/08 19:29:55 | 003,250,664 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2011/02/23 23:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/05/24 15:24:10 | 000,275,456 | ---- | M] () -- D:\Games\ePSXe\ePSXe.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/08/04 06:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/17 20:46:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nelvin\My Documents\Downloads\OTL (1).exe
MOD - [2011/02/23 23:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011/02/23 23:04:11 | 000,122,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\ashShell.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2004/08/04 06:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 22:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 22:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 22:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 22:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 22:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 22:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 22:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/09 11:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 07:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 21:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NtApm.sys -- (NtApm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-746137067-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://slirsredirect...&query=facebook
IE - HKU\S-1-5-21-220523388-746137067-854245398-1003\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\TheChatPhone Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-220523388-746137067-854245398-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-220523388-746137067-854245398-1003\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
IE - HKU\S-1-5-21-220523388-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.thechatphone.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.4896
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {16AEBD03-85CA-4E9D-9626-6A9CEAE9AB06}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.thecha...tphone.com/?q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/24 22:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/08 20:11:41 | 000,000,000 | ---D | M]

[2010/08/11 21:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Extensions
[2011/04/11 09:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions
[2011/01/13 20:14:55 | 000,000,000 | ---D | M] (TheChatPhone Toolbar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{16AEBD03-85CA-4E9D-9626-6A9CEAE9AB06}
[2010/09/17 00:10:12 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/09/11 00:25:29 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/11 22:36:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/11 22:36:18 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\[email protected]
[2010/09/17 00:15:00 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\searchplugins\aol-search.xml
[2011/01/14 07:18:16 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\searchplugins\thechatphone-powered-by-google.xml
[2011/04/11 09:54:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 22:50:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/24 10:45:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/24 10:43:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/24 10:43:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2001/01/01 01:21:44 | 000,000,801 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O2 - BHO: (TBSB02381 Class) - {77245F75-3D8C-40CD-8F64-F9AA1388406F} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O3 - HKU\S-1-5-21-220523388-746137067-854245398-1003\..\Toolbar\WebBrowser: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-220523388-746137067-854245398-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKU\S-1-5-21-220523388-746137067-854245398-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-220523388-746137067-854245398-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Nelvin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nelvin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/01/01 00:41:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07c42fd1-bb31-11df-a046-00e04c391e60}\Shell\AutoRun\command - "" = wscript.exe tumauini.vbs
O33 - MountPoints2\{07c42fd1-bb31-11df-a046-00e04c391e60}\Shell\Open\Command - "" = wscript.exe tumauini.vbs
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\AutoRun\command - "" = F:\siljo/kramponja.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\Explore\command - "" = F:\siljo/kramponja.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\Open\command - "" = F:\siljo/kramponja.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (InterVideo Digital Technology Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSACM.l3codec - C:\windows\System32\L3CODECP.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)

MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "gupdate"
MsConfig - Services: "QueryExplorer Service"
MsConfig - StartUpFolder: C:^Documents and Settings^Nelvin^Start Menu^Programs^Startup^LimeWire On Startup.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Nelvin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HBLiteSA - hkey= - key= - File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\system32\rundll32.exe" "C:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/04/17 07:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI
[2011/04/11 14:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Application Data\Unity
[2011/04/11 13:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\Unity
[2011/04/08 15:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Application Data\Malwarebytes
[2011/04/08 15:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 15:11:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/08 15:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/08 15:11:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/08 15:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/07 22:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\My Documents\Snagit
[2011/04/07 21:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Snagit 9
[2011/04/07 21:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/04/07 21:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2011/04/07 21:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\TechSmith
[2011/04/05 22:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/04/05 22:50:40 | 000,151,552 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm
[2011/04/05 22:50:38 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2011/04/05 22:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/04/02 10:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Globe Broadband
[2011/04/02 10:57:02 | 000,113,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2011/04/02 10:57:02 | 000,102,528 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2011/04/02 10:57:02 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbdev.sys
[2011/04/02 10:57:02 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2011/04/02 10:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Globe Broadband
[2011/03/29 17:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\My Documents\NBA LIVE 2005
[2011/03/19 07:59:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nelvin\Recent
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/17 20:25:36 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/17 18:55:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Nelvin\Desktop\Shortcut to ePSXe.lnk
[2011/04/17 18:25:03 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/17 16:45:04 | 000,186,097 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2011/04/17 16:44:26 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/17 16:44:23 | 536,469,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/17 07:33:48 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\METAL GEAR SOLID2 SUBSTANCE.lnk
[2011/04/17 02:05:52 | 000,054,272 | -H-- | M] () -- C:\Documents and Settings\Nelvin\My Documents\photothumb.db
[2011/04/15 23:31:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/15 03:35:59 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 18:26:54 | 000,000,081 | ---- | M] () -- C:\windows\System32\asr_lkxlkt
[2011/04/13 08:26:07 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2011/04/08 16:05:34 | 000,436,831 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\2012.gif
[2011/04/08 15:11:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 22:07:45 | 015,741,952 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\tifa vs loz.avi
[2011/04/07 21:55:32 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9 Editor.lnk
[2011/04/07 21:55:32 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2011/04/07 21:55:32 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9.lnk
[2011/04/07 20:55:36 | 000,824,661 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4997.JPG
[2011/04/07 20:55:26 | 000,809,515 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4996.JPG
[2011/04/07 20:55:02 | 000,800,615 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4995.JPG
[2011/04/07 20:54:54 | 000,785,204 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4994.JPG
[2011/04/07 14:34:23 | 027,430,069 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\Marine Scout Snipers School - Surviving The Cut - S01E06 par.flv
[2011/04/02 10:57:48 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2011/03/29 16:00:00 | 000,080,896 | ---- | M] () -- C:\windows\System32\ff_vfw.dll
[2011/03/29 16:00:00 | 000,000,038 | ---- | M] () -- C:\windows\avisplitter.ini
[2011/03/29 12:49:58 | 000,000,025 | ---- | M] () -- C:\windows\popcinfot.dat
[2011/03/25 03:35:18 | 000,243,200 | ---- | M] () -- C:\windows\System32\xvidvfw.dll
[2011/03/25 03:28:12 | 000,631,808 | ---- | M] () -- C:\windows\System32\xvidcore.dll
[2011/03/20 03:00:38 | 000,151,552 | ---- | M] (fccHandler) -- C:\windows\System32\ac3acm.acm
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/17 18:55:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Nelvin\Desktop\Shortcut to ePSXe.lnk
[2011/04/17 07:33:48 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\METAL GEAR SOLID2 SUBSTANCE.lnk
[2011/04/13 18:26:54 | 000,000,081 | ---- | C] () -- C:\windows\System32\asr_lkxlkt
[2011/04/08 16:05:44 | 000,436,831 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\2012.gif
[2011/04/08 15:11:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 22:07:05 | 015,741,952 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\tifa vs loz.avi
[2011/04/07 21:55:32 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9 Editor.lnk
[2011/04/07 21:55:32 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Nelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2011/04/07 21:55:32 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9.lnk
[2011/04/07 20:55:36 | 000,824,661 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4997.JPG
[2011/04/07 20:55:24 | 000,809,515 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4996.JPG
[2011/04/07 20:55:02 | 000,800,615 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4995.JPG
[2011/04/07 20:54:54 | 000,785,204 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4994.JPG
[2011/04/07 14:28:17 | 027,430,069 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\Marine Scout Snipers School - Surviving The Cut - S01E06 par.flv
[2011/04/05 22:51:16 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/04/05 22:50:36 | 000,631,808 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/04/05 22:50:35 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/04/05 22:50:27 | 000,080,896 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/04/02 10:57:48 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2011/02/19 15:53:19 | 000,210,456 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2011/02/19 15:53:19 | 000,206,360 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2011/02/19 15:53:19 | 000,198,168 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2011/02/19 15:53:19 | 000,198,168 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2011/02/19 15:53:19 | 000,194,072 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2011/02/19 15:53:19 | 000,026,136 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2011/02/06 08:56:40 | 000,000,532 | ---- | C] () -- C:\windows\eReg.dat
[2011/01/17 18:55:30 | 000,000,004 | ---- | C] () -- C:\windows\msoffice.ini
[2010/10/04 22:53:34 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/09/09 22:54:15 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/08/21 19:25:21 | 000,000,025 | ---- | C] () -- C:\windows\popcinfot.dat
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,630,208 | ---- | C] () -- C:\windows\System32\nwiz.exe
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\windows\System32\nview.dll
[2008/05/16 14:01:00 | 001,339,392 | ---- | C] () -- C:\windows\System32\nvdspsch.exe
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,442,368 | ---- | C] () -- C:\windows\System32\nvappbar.exe
[2008/05/16 14:01:00 | 000,425,984 | ---- | C] () -- C:\windows\System32\keystone.exe
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2004/08/04 07:07:22 | 000,001,788 | ---- | C] () -- C:\windows\System32\Dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2001/08/23 20:00:00 | 000,311,604 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2001/08/23 20:00:00 | 000,039,992 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2001/01/01 08:25:18 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2001/01/01 08:22:17 | 000,322,728 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2001/01/01 08:06:06 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2001/01/01 07:52:38 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2001/01/01 00:50:58 | 000,049,152 | ---- | C] () -- C:\windows\System32\ChCfg.exe
[2001/01/01 00:50:16 | 000,147,456 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2001/01/01 00:45:34 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2001/01/01 00:37:09 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat

========== LOP Check ==========

[2011/03/15 01:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2001/01/01 01:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/02/19 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/01/10 21:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/08/14 09:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/04/07 21:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/04/07 22:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/19 15:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/09/17 00:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/17 18:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YSFLIGHT.COM
[2010/08/17 09:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Gearbox Software
[2011/02/19 22:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Kalydo
[2010/10/12 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\LimeWire
[2010/09/26 03:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\PhotoScape
[2011/02/18 18:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Rovio
[2011/01/13 20:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Toolbar4
[2011/02/19 16:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Ulead Systems
[2011/04/11 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\Unity
[2011/04/17 20:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nelvin\Application Data\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

Here's Extras.txt

OTL Extras logfile created on: 4/12/2011 7:17:37 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nelvin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 4.90 Gb Free Space | 26.29% Space Free | Partition Type: NTFS
Drive D: | 18.65 Gb Total Space | 1.11 Gb Free Space | 5.98% Space Free | Partition Type: NTFS

Computer Name: NELVINPC | User Name: Nelvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"D:\Games\Earned\System\EiB.exe" = D:\Games\Earned\System\EiB.exe:*:Enabled:Brothers In Arms Earned In Blood
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service
"C:\Program Files\Common Files\aol\1284653305\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1284653305\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"D:\Games\Doom3\Doom 3\DOOM3DED.exe" = D:\Games\Doom3\Doom 3\DOOM3DED.exe:*:Enabled:DOOM 3


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{28CC29B1-2F66-4671-0081-651745DB4A2E}" = NBA LIVE 2005
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"CES 4.1" = CES 4.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Globe Broadband" = Globe Broadband
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"PowerISO" = PowerISO
"RaidenII" = RaidenII (Remove only, requires CD)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TheChatPhone Toolbar" = TheChatPhone Toolbar
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"KalydoPlayer" = Kalydo Player 3.09.00
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2011 4:37:32 AM | Computer Name = NELVINPC | Source = Application Hang | ID = 1002
Description = Hanging application ePSXe.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/5/2011 12:08:38 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module netapi32.dll, version 5.1.2600.2180, fault address 0x000187ad.

Error - 4/5/2011 9:14:17 AM | Computer Name = NELVINPC | Source = Application Hang | ID = 1002
Description = Hanging application ePSXe.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2011 10:28:37 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001f1cb0.

Error - 4/7/2011 10:22:45 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application vstudio.exe, version 11.0.0.0, faulting module
mfc80.dll, version 8.0.50727.4053, fault address 0x00030264.

Error - 4/8/2011 1:18:33 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application epsxe.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0xf6330875.

Error - 4/8/2011 1:52:06 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application vstudio.exe, version 11.0.0.0, faulting module
mfc80.dll, version 8.0.50727.4053, fault address 0x000270d7.

Error - 4/9/2011 8:07:12 AM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001f1cb0.

Error - 4/9/2011 12:33:57 PM | Computer Name = NELVINPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001f1cb0.

Error - 4/9/2011 12:39:17 PM | Computer Name = NELVINPC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ OSession Events ]
Error - 9/20/2010 5:54:01 AM | Computer Name = NELVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 483
seconds with 420 seconds of active time. This session ended with a crash.

Error - 9/20/2010 5:54:38 AM | Computer Name = NELVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/20/2010 5:55:37 AM | Computer Name = NELVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/3/2010 4:50:37 AM | Computer Name = NELVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 9297 seconds with 1860 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 4/4/2011 10:15:05 AM | Computer Name = NELVINPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/4/2011 10:15:05 AM | Computer Name = NELVINPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/4/2011 10:15:05 AM | Computer Name = NELVINPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/4/2011 10:23:27 AM | Computer Name = NELVINPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/4/2011 10:23:27 AM | Computer Name = NELVINPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/5/2011 12:09:58 AM | Computer Name = NELVINPC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 4/6/2011 10:30:06 AM | Computer Name = NELVINPC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 4/9/2011 12:39:02 PM | Computer Name = NELVINPC | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).

Error - 4/9/2011 12:39:05 PM | Computer Name = NELVINPC | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 4/12/2011 5:02:20 AM | Computer Name = NELVINPC | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.


< End of report >

Here's my GMER log.

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-17 21:39:57
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_SV4012H rev.RM100-05
Running: gmer.exe; Driver: C:\DOCUME~1\Nelvin\LOCALS~1\Temp\pxdcqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF5EA59CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF5EFAA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF5EC5AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF5EA7EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF5EA7F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF5EA801A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF5EC54A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF5EA7E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF5EA7F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF5EA7E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF5EA7FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF5EA59EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF5EC61BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF5EC6471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF5EA829E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF5EC6026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF5EC5E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF5EFAB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF5EA57B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF5EA5A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF5EA8412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF5EA64AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF5EA7EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF5EA7F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF5EA8044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF5EC5805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF5EA7E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF5EA80D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF5EA7F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF5EA7E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF5EA81BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF5EA7FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF5EFABB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF5EC5D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF5EA6370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF5EC5B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF5F02E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF5EC4B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF5EA5A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF5EA5A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF5EA5812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF5EA594E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF5EC62C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF5EA592A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF5EA5972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF5EA5A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF5F0F8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + DB 804E2DAC 8 Bytes JMP EA7F04F5
.text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 8 Bytes JMP EA7E56F5
.text ntoskrnl.exe!_abnormal_termination + 20B 804E2EDC 8 Bytes JMP EA64AAF5
.text ntoskrnl.exe!_abnormal_termination + 217 804E2EE8 8 Bytes JMP EA7F2CF5
.text ntoskrnl.exe!_abnormal_termination + 243 804E2F14 8 Bytes JMP EA7E84F5
.text ...
PAGE ntoskrnl.exe!ObInsertObject 805648A3 5 Bytes JMP F5F0CD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056A5DC 4 Bytes CALL F5EA6E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805885D3 7 Bytes JMP F5F0F8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A2BF9 5 Bytes JMP F5F0B29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7818360, 0x37388D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\windows\SOUNDMAN.EXE[428] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00140030
.text C:\windows\SOUNDMAN.EXE[428] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0014006C
.text C:\windows\SOUNDMAN.EXE[428] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
.text C:\windows\SOUNDMAN.EXE[428] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
.text C:\windows\SOUNDMAN.EXE[428] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
.text C:\windows\SOUNDMAN.EXE[428] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
.text C:\windows\SOUNDMAN.EXE[428] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003801D4
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003800E4
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380120
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0038015C
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380198
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00380030
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0038006C
.text C:\windows\SOUNDMAN.EXE[428] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00380030
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0038006C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003800E4
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380120
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[440] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[516] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003A00A8
.text C:\windows\system32\RUNDLL32.EXE[572] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\RUNDLL32.EXE[572] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\RUNDLL32.EXE[572] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002A0030
.text C:\windows\system32\RUNDLL32.EXE[572] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002A006C
.text C:\windows\system32\RUNDLL32.EXE[572] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002A00E4
.text C:\windows\system32\RUNDLL32.EXE[572] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002A0120
.text C:\windows\system32\RUNDLL32.EXE[572] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002A00A8
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B01D4
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B00E4
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0120
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B015C
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0198
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B0030
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B006C
.text C:\windows\system32\RUNDLL32.EXE[572] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B00A8
.text C:\windows\system32\ctfmon.exe[608] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A0030
.text C:\windows\system32\ctfmon.exe[608] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A006C
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B01D4
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B00E4
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0120
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B015C
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0198
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B0030
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B006C
.text C:\windows\system32\ctfmon.exe[608] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B00A8
.text C:\windows\system32\ctfmon.exe[608] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002C0030
.text C:\windows\system32\ctfmon.exe[608] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002C006C
.text C:\windows\system32\ctfmon.exe[608] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002C00E4
.text C:\windows\system32\ctfmon.exe[608] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002C0120
.text C:\windows\system32\ctfmon.exe[608] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002C00A8
.text C:\Program Files\uTorrent\uTorrent.exe[624] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00330030
.text C:\Program Files\uTorrent\uTorrent.exe[624] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0033006C
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 006701D4
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 006700E4
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00670120
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0067015C
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00670198
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00670030
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0067006C
.text C:\Program Files\uTorrent\uTorrent.exe[624] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 006700A8
.text C:\Program Files\uTorrent\uTorrent.exe[624] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00680030
.text C:\Program Files\uTorrent\uTorrent.exe[624] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0068006C
.text C:\Program Files\uTorrent\uTorrent.exe[624] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 006800E4
.text C:\Program Files\uTorrent\uTorrent.exe[624] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00680120
.text C:\Program Files\uTorrent\uTorrent.exe[624] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 006800A8
.text C:\windows\system32\winlogon.exe[652] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00070030
.text C:\windows\system32\winlogon.exe[652] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0007006C
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\winlogon.exe[652] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\winlogon.exe[652] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\winlogon.exe[652] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\winlogon.exe[652] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\winlogon.exe[652] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\winlogon.exe[652] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\services.exe[696] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\services.exe[696] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\services.exe[696] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\services.exe[696] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\services.exe[696] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\services.exe[696] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\services.exe[696] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\services.exe[696] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\lsass.exe[708] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\lsass.exe[708] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\lsass.exe[708] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\lsass.exe[708] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\lsass.exe[708] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\lsass.exe[708] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\lsass.exe[708] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\lsass.exe[708] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[860] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[860] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\svchost.exe[860] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\svchost.exe[860] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[860] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[860] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[860] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[860] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[904] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\svchost.exe[904] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\svchost.exe[904] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[904] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[904] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[904] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[904] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\System32\svchost.exe[984] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\System32\svchost.exe[984] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\System32\svchost.exe[984] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\System32\svchost.exe[984] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\System32\svchost.exe[984] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\System32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\svchost.exe[1048] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\svchost.exe[1128] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\svchost.exe[1128] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[1128] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003801D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003800E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380120
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0038015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380198
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00380030
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0038006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003800A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00390030
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0039006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003900E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390120
.text C:\Program Files\Java\jre6\bin\jqs.exe[1276] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003900A8
.text C:\windows\Explorer.EXE[1348] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\Explorer.EXE[1348] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B01D4
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B00E4
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0120
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B015C
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0198
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B0030
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B006C
.text C:\windows\Explorer.EXE[1348] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B00A8
.text C:\windows\Explorer.EXE[1348] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002C0030
.text C:\windows\Explorer.EXE[1348] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002C006C
.text C:\windows\Explorer.EXE[1348] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002C00E4
.text C:\windows\Explorer.EXE[1348] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002C0120
.text C:\windows\Explorer.EXE[1348] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002C00A8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00170030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0017006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003F0030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003F006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003F00E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003F0120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003F00A8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 005001D4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 005000E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00500120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0050015C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00500198
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00500030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0050006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1364] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 005000A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1396] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00380030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0038006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003800E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003800A8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003901D4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003900E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0039015C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390198
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00390030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0039006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1536] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003900A8
.text C:\windows\system32\nvsvc32.exe[1716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00140030
.text C:\windows\system32\nvsvc32.exe[1716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0014006C
.text C:\windows\system32\nvsvc32.exe[1716] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
.text C:\windows\system32\nvsvc32.exe[1716] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
.text C:\windows\system32\nvsvc32.exe[1716] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
.text C:\windows\system32\nvsvc32.exe[1716] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
.text C:\windows\system32\nvsvc32.exe[1716] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003801D4
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003800E4
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380120
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0038015C
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380198
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00380030
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0038006C
.text C:\windows\system32\nvsvc32.exe[1716] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003800A8
.text C:\windows\system32\spoolsv.exe[1840] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\spoolsv.exe[1840] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A01D4
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A00E4
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0120
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A015C
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0198
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A0030
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A006C
.text C:\windows\system32\spoolsv.exe[1840] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A00A8
.text C:\windows\system32\spoolsv.exe[1840] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
.text C:\windows\system32\spoolsv.exe[1840] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
.text C:\windows\system32\spoolsv.exe[1840] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
.text C:\windows\system32\spoolsv.exe[1840] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
.text C:\windows\system32\spoolsv.exe[1840] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003801D4
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003800E4
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380120
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0038015C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380198
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00380030
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0038006C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2444] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003800A8
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003E0030
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003E006C
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003E00E4
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003E0120
.text C:\Documents and Settings\Nelvin\Desktop\gmer.exe[2660] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003E00A8
.text C:\windows\system32\wscntfy.exe[3168] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\system32\wscntfy.exe[3168] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\system32\wscntfy.exe[3168] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002C0030
.text C:\windows\system32\wscntfy.exe[3168] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002C006C
.text C:\windows\system32\wscntfy.exe[3168] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002C00E4
.text C:\windows\system32\wscntfy.exe[3168] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002C0120
.text C:\windows\system32\wscntfy.exe[3168] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002C00A8
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002D01D4
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002D00E4
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002D0120
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002D015C
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002D0198
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002D0030
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002D006C
.text C:\windows\system32\wscntfy.exe[3168] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002D00A8
.text D:\Games\ePSXe\ePSXe.exe[3248] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00140030
.text D:\Games\ePSXe\ePSXe.exe[3248] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0014006C
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003901D4
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003900E4
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390120
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 0039015C
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390198
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00390030
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 0039006C
.text D:\Games\ePSXe\ePSXe.exe[3248] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003900A8
.text D:\Games\ePSXe\ePSXe.exe[3248] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003A0030
.text D:\Games\ePSXe\ePSXe.exe[3248] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003A006C
.text D:\Games\ePSXe\ePSXe.exe[3248] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003A00E4
.text D:\Games\ePSXe\ePSXe.exe[3248] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003A0120
.text D:\Games\ePSXe\ePSXe.exe[3248] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003A00A8
.text C:\windows\System32\alg.exe[3480] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\windows\System32\alg.exe[3480] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\windows\System32\alg.exe[3480] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002A0030
.text C:\windows\System32\alg.exe[3480] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002A006C
.text C:\windows\System32\alg.exe[3480] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002A00E4
.text C:\windows\System32\alg.exe[3480] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002A0120
.text C:\windows\System32\alg.exe[3480] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002A00A8
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B01D4
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B00E4
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0120
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B015C
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0198
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B0030
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B006C
.text C:\windows\System32\alg.exe[3480] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B00A8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
  • 0

#6
Salagubang
Posted 17 April 2011 - 07:24 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi kabayan,

Looks like worm infestation.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O33 - MountPoints2\{07c42fd1-bb31-11df-a046-00e04c391e60}\Shell\AutoRun\command - "" = wscript.exe tumauini.vbs
O33 - MountPoints2\{07c42fd1-bb31-11df-a046-00e04c391e60}\Shell\Open\Command - "" = wscript.exe tumauini.vbs
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell - "" = AutoRun
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\AutoRun\command - "" = F:\siljo/kramponja.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\Explore\command - "" = F:\siljo/kramponja.exe
O33 - MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\Shell\Open\command - "" = F:\siljo/kramponja.exe

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#7
ironvin
Posted 18 April 2011 - 06:59 AM

ironvin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Kabayan,
Here's my log after the OTL fix.

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07c42fd1-bb31-11df-a046-00e04c391e60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07c42fd1-bb31-11df-a046-00e04c391e60}\ not found.
File wscript.exe tumauini.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07c42fd1-bb31-11df-a046-00e04c391e60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07c42fd1-bb31-11df-a046-00e04c391e60}\ not found.
File wscript.exe tumauini.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa38f720-5cd4-11e0-a22c-00e04c391e60}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa38f725-5cd4-11e0-a22c-00e04c391e60}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa38f727-5cd4-11e0-a22c-00e04c391e60}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce149703-4578-11e0-a1c3-00e04c391e60}\ not found.
File F:\siljo/kramponja.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce149703-4578-11e0-a1c3-00e04c391e60}\ not found.
File F:\siljo/kramponja.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce149703-4578-11e0-a1c3-00e04c391e60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce149703-4578-11e0-a1c3-00e04c391e60}\ not found.
File F:\siljo/kramponja.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 70 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nelvin
->Temp folder emptied: 173049614 bytes
->Temporary Internet Files folder emptied: 2444107 bytes
->Java cache emptied: 652670 bytes
->FireFox cache emptied: 56228476 bytes
->Google Chrome cache emptied: 268862854 bytes
->Flash cache emptied: 4105825 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 48924192 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 429943 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1903 bytes

Total Files Cleaned = 531.00 mb


[EMPTYFLASH]

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Nelvin
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Unable to start service SrService!

OTL by OldTimer - Version 3.2.22.3 log created on 04182011_165540

Files\Folders moved on Reboot...
File\Folder C:\windows\temp\_avast_\unp141872503.tmp not found!
File\Folder C:\windows\temp\_avast_\unp78537500.tmp not found!
File\Folder C:\windows\temp\_avast_\unp85151625.tmp not found!
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Attached file is the zip file after the lengthy scan.
PS: I have a virtual drive active and an image/iso mounted in it when I did the scan. I forgot to disable it before running the scan, the virtual drive is drive F:, just sayin.
  • 0

#8
Salagubang
Posted 18 April 2011 - 08:32 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Please post the AVP and attach the manual disinfection analysis zip file.

:D
  • 0

#9
ironvin
Posted 18 April 2011 - 09:59 AM

ironvin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Oh crap! Took me 3 hours, I missed the report and I thought I attached the zipfile. dang. I have to do it again. Sorry.
  • 0

#10
ironvin
Posted 19 April 2011 - 05:05 AM

ironvin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello,
Sorry for missing the steps, don't mind my PS in my previous post.
I'm having problems with the AVP report. After clicking report, a new windows appears, what should I click next?
there's no notepad that comes out, I tried clicking on save button and then prompts me to save a txt file,
here it is; is this what you looking for?

Autoscan: completed 11 minutes ago (events: 2, objects: 167582, time: 02:34:20)
4/19/2011 4:25:02 AM Task started
4/19/2011 6:59:25 AM Task completed

that's all in the notepad.

Attached Files


  • 0

Advertisements

#11
Salagubang
Posted 19 April 2011 - 07:06 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Open OTL and choose Run Scan. Post the log on your next reply.

+++++++++++++++++++++
How is the computer running
  • 0

#12
ironvin
Posted 19 April 2011 - 05:00 PM

ironvin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
My computer is ok, although my AV still detects the virus randomly from time to time whenever i connect to the internet.

Here's my MBAM Log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6400

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/20/2011 6:33:41 AM
mbam-log-2011-04-20 (06-33-41).txt

Scan type: Quick scan
Objects scanned: 138828
Time elapsed: 13 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\0cdq277o\booznjt[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\4am2c0s4\ixzjupbh[1].bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\9d2vxope\vafvavs[1].bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\rpvck9qm\ecfxvtz[1].bmp (Extension.Mismatch) -> Quarantined and deleted successfully.

OTL Log here:


OTL logfile created on: 4/20/2011 6:45:41 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nelvin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 2.51 Gb Free Space | 13.44% Space Free | Partition Type: NTFS
Drive D: | 18.65 Gb Total Space | 3.86 Gb Free Space | 20.72% Space Free | Partition Type: NTFS

Computer Name: NELVINPC | User Name: Nelvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/13 08:51:02 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/08 15:10:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nelvin\My Documents\Downloads\OTL.exe
PRC - [2011/04/05 23:53:47 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/02/23 23:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/08/04 06:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/08 15:10:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nelvin\My Documents\Downloads\OTL.exe
MOD - [2011/02/23 23:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2004/08/04 06:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 22:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 22:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 22:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 22:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 22:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 22:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 22:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/09 11:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\54602662.sys -- (54602662)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\5460266.sys -- (setup_9.0.0.722_18.04.2011_10-51drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\54602661.sys -- (54602661)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 07:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 21:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NtApm.sys -- (NtApm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://slirsredirect...&query=facebook
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\TheChatPhone Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.thechatphone.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.4896
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {16AEBD03-85CA-4E9D-9626-6A9CEAE9AB06}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.thecha...tphone.com/?q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/24 22:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/08 20:11:41 | 000,000,000 | ---D | M]

[2010/08/11 21:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Extensions
[2011/04/11 09:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions
[2011/01/13 20:14:55 | 000,000,000 | ---D | M] (TheChatPhone Toolbar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{16AEBD03-85CA-4E9D-9626-6A9CEAE9AB06}
[2010/09/17 00:10:12 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/09/11 00:25:29 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/11 22:36:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/11 22:36:18 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\extensions\[email protected]
[2010/09/17 00:15:00 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\searchplugins\aol-search.xml
[2011/01/14 07:18:16 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Mozilla\Firefox\Profiles\63ezjnun.default\searchplugins\thechatphone-powered-by-google.xml
[2011/04/11 09:54:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 22:50:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/24 10:45:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/24 10:43:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/24 10:43:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/18 16:55:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O2 - BHO: (TBSB02381 Class) - {77245F75-3D8C-40CD-8F64-F9AA1388406F} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (TheChatPhone Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files\TheChatPhone Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Nelvin\Start Menu\Programs\Startup\setup_9.0.0.722_18.04.2011_10-51.lnk = C:\Documents and Settings\Nelvin\Desktop\Virus Removal Tool\setup_9.0.0.722_18.04.2011_10-51\startup.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Nelvin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nelvin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/01/01 00:41:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\MGS2SSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 04:20:12 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\5460266.sys
[2011/04/19 04:20:12 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\54602661.sys
[2011/04/19 04:20:12 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\54602662.sys
[2011/04/19 04:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Desktop\Virus Removal Tool
[2011/04/18 16:55:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/18 04:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Frhed
[2011/04/18 04:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Start Menu\Programs\Frhed
[2011/04/17 07:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI
[2011/04/11 14:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Application Data\Unity
[2011/04/11 13:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\Unity
[2011/04/08 15:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Application Data\Malwarebytes
[2011/04/08 15:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 15:11:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/08 15:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/08 15:11:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/08 15:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/07 22:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\My Documents\Snagit
[2011/04/07 21:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Snagit 9
[2011/04/07 21:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/04/07 21:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2011/04/07 21:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\TechSmith
[2011/04/05 22:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/04/05 22:50:41 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\mp3fhg.acm
[2011/04/05 22:50:40 | 000,151,552 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm
[2011/04/05 22:50:38 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2011/04/05 22:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/04/02 10:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Globe Broadband
[2011/04/02 10:57:02 | 000,113,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2011/04/02 10:57:02 | 000,102,528 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2011/04/02 10:57:02 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbdev.sys
[2011/04/02 10:57:02 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2011/04/02 10:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Globe Broadband
[2011/03/29 17:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nelvin\My Documents\NBA LIVE 2005

========== Files - Modified Within 30 Days ==========

[2011/04/20 06:38:00 | 000,186,097 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2011/04/20 06:37:54 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 06:37:23 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/20 06:37:20 | 536,469,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/20 06:25:08 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/19 07:14:32 | 000,017,661 | ---- | M] () -- C:\Documents and Settings\Nelvin\Desktop\avptool_sysinfo.zip
[2011/04/19 04:23:24 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\Nelvin\Start Menu\Programs\Startup\setup_9.0.0.722_18.04.2011_10-51.lnk
[2011/04/18 16:55:50 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/04/17 18:55:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Nelvin\Desktop\Shortcut to ePSXe.lnk
[2011/04/17 07:33:48 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\METAL GEAR SOLID2 SUBSTANCE.lnk
[2011/04/17 02:05:52 | 000,054,272 | -H-- | M] () -- C:\Documents and Settings\Nelvin\My Documents\photothumb.db
[2011/04/15 23:31:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/15 03:35:59 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 18:26:54 | 000,000,081 | ---- | M] () -- C:\windows\System32\asr_lkxlkt
[2011/04/13 08:26:07 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2011/04/08 16:05:34 | 000,436,831 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\2012.gif
[2011/04/08 15:11:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 22:07:45 | 015,741,952 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\tifa vs loz.avi
[2011/04/07 21:55:32 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9 Editor.lnk
[2011/04/07 21:55:32 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\Nelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2011/04/07 21:55:32 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9.lnk
[2011/04/07 20:55:36 | 000,824,661 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4997.JPG
[2011/04/07 20:55:26 | 000,809,515 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4996.JPG
[2011/04/07 20:55:02 | 000,800,615 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4995.JPG
[2011/04/07 20:54:54 | 000,785,204 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4994.JPG
[2011/04/07 14:34:23 | 027,430,069 | ---- | M] () -- C:\Documents and Settings\Nelvin\My Documents\Marine Scout Snipers School - Surviving The Cut - S01E06 par.flv
[2011/04/02 10:57:48 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2011/03/29 16:00:00 | 000,080,896 | ---- | M] () -- C:\windows\System32\ff_vfw.dll
[2011/03/29 16:00:00 | 000,000,038 | ---- | M] () -- C:\windows\avisplitter.ini
[2011/03/29 12:49:58 | 000,000,025 | ---- | M] () -- C:\windows\popcinfot.dat
[2011/03/25 03:35:18 | 000,243,200 | ---- | M] () -- C:\windows\System32\xvidvfw.dll
[2011/03/25 03:28:12 | 000,631,808 | ---- | M] () -- C:\windows\System32\xvidcore.dll

========== Files Created - No Company Name ==========

[2011/04/19 07:17:30 | 000,017,661 | ---- | C] () -- C:\Documents and Settings\Nelvin\Desktop\avptool_sysinfo.zip
[2011/04/19 04:23:24 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\Nelvin\Start Menu\Programs\Startup\setup_9.0.0.722_18.04.2011_10-51.lnk
[2011/04/17 21:08:19 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Nelvin\Desktop\gmer.exe
[2011/04/17 18:55:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Nelvin\Desktop\Shortcut to ePSXe.lnk
[2011/04/17 07:33:48 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\METAL GEAR SOLID2 SUBSTANCE.lnk
[2011/04/13 18:26:54 | 000,000,081 | ---- | C] () -- C:\windows\System32\asr_lkxlkt
[2011/04/08 16:05:44 | 000,436,831 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\2012.gif
[2011/04/08 15:11:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 22:07:05 | 015,741,952 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\tifa vs loz.avi
[2011/04/07 21:55:32 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9 Editor.lnk
[2011/04/07 21:55:32 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Nelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9.lnk
[2011/04/07 21:55:32 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snagit 9.lnk
[2011/04/07 20:55:36 | 000,824,661 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4997.JPG
[2011/04/07 20:55:24 | 000,809,515 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4996.JPG
[2011/04/07 20:55:02 | 000,800,615 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4995.JPG
[2011/04/07 20:54:54 | 000,785,204 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\SAM_4994.JPG
[2011/04/07 14:28:17 | 027,430,069 | ---- | C] () -- C:\Documents and Settings\Nelvin\My Documents\Marine Scout Snipers School - Surviving The Cut - S01E06 par.flv
[2011/04/05 22:51:16 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/04/05 22:50:36 | 000,631,808 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/04/05 22:50:35 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/04/05 22:50:27 | 000,080,896 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/04/02 10:57:48 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Globe Broadband.lnk
[2011/02/19 15:53:19 | 000,210,456 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2011/02/19 15:53:19 | 000,206,360 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2011/02/19 15:53:19 | 000,198,168 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2011/02/19 15:53:19 | 000,198,168 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2011/02/19 15:53:19 | 000,194,072 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2011/02/19 15:53:19 | 000,026,136 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2011/02/06 08:56:40 | 000,000,532 | ---- | C] () -- C:\windows\eReg.dat
[2011/01/17 18:55:30 | 000,000,004 | ---- | C] () -- C:\windows\msoffice.ini
[2010/10/04 22:53:34 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/09/09 22:54:15 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/08/21 19:25:21 | 000,000,025 | ---- | C] () -- C:\windows\popcinfot.dat
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,630,208 | ---- | C] () -- C:\windows\System32\nwiz.exe
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\windows\System32\nview.dll
[2008/05/16 14:01:00 | 001,339,392 | ---- | C] () -- C:\windows\System32\nvdspsch.exe
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,442,368 | ---- | C] () -- C:\windows\System32\nvappbar.exe
[2008/05/16 14:01:00 | 000,425,984 | ---- | C] () -- C:\windows\System32\keystone.exe
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2004/08/04 07:07:22 | 000,001,788 | ---- | C] () -- C:\windows\System32\Dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2001/08/23 20:00:00 | 000,311,604 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2001/08/23 20:00:00 | 000,039,992 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2001/01/01 08:25:18 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2001/01/01 08:22:17 | 000,322,728 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2001/01/01 08:06:06 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Nelvin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2001/01/01 07:52:38 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2001/01/01 00:50:58 | 000,049,152 | ---- | C] () -- C:\windows\System32\ChCfg.exe
[2001/01/01 00:50:16 | 000,147,456 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2001/01/01 00:45:34 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2001/01/01 00:37:09 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >
  • 0

#13
Salagubang
Posted 19 April 2011 - 05:04 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

My computer is ok, although my AV still detects the virus randomly from time to time whenever i connect to the internet.


Did you catch name and location of the virus your AV is detecting?


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#14
ironvin
Posted 19 April 2011 - 06:56 PM

ironvin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello! Good morning!
Like i mentioned in my first post:

My Avast AV keeps detecting these virus...
Win32:Confi[Wrm] & Win32:Rootkit-gen[Rtk]

its location and file name is under C:\windows\system32\x
for both virus. its process is svchost.exe


I'm now trying to do an online scan.
can i download this instead? looks like this will take me forever.
  • 0

#15
Salagubang
Posted 19 April 2011 - 07:23 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

I'm now trying to do an online scan.
can i download this instead? looks like this will take me forever.


:D

Ok skip ESET scan and do the instruction below:

We will use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP