PDA

View Full Version : malware problems


trawa
2011-08-21, 20:01
So here's the 411. Running a comp with a dual boot setup. One system is XP the other Win 7. Having problems with XP, system is slow and doesn't seem to wanna shut down unless i manually push the button. Also google redirects me to random sites. Also, Win 7 seems to be infected as well, worse than XP. Whenever I click on/try to run a program I get a message from my task bar that says it can't run (for whatever reason)... Primarily I use XP. Prior to this post I've run Spybot, Malware bytes, CCleaner, HJT, and combo fix... I apologize about running HJT and Combofix (didn't know prior to reading the rules)... Since reading the sticky I've followed instructions... Attached is a DDS and Spybot log... Hope you guys can help... THANKS... ROB....

DDS LOG

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
Run by weaz at 12:09:57 on 2011-08-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1702 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com (http://www.plimus.com,regnow.com,www.regnow.com),
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BA0784AC-0BA7-4113-B0FA-005C09487C63} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\weaz\application data\mozilla\firefox\profiles\hp43wxme.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Personas: http://forums.spybot.info/misc.php?do=email_dev&email=cGVyc29uYXNAY2hyaXN0b3BoZXIuYmVhcmQ= - %profile%\extensions\personas@christopher.beard
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-8-18 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-9-17 468224]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-11 366640]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2009-7-17 3576320]
R3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\drivers\mausbmp.sys [2009-9-12 154248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-11 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-11 41272]
S3 rig3avs;rig3avs;c:\windows\system32\drivers\rig3avs.sys [2010-2-13 35216]
S3 rig3usb;rig3usb;c:\windows\system32\drivers\rig3usb.sys [2010-2-13 210064]
S4 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-9-12 80392]
.
=============== Created Last 30 ================
.
2011-08-21 03:28:04 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-21 01:30:12 -------- d-----w- c:\program files\CCleaner
2011-08-20 23:40:09 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2011-08-20 23:40:09 39936 ----a-w- c:\windows\system32\huffyuv.dll
2011-08-20 23:40:09 3164160 ----a-w- c:\windows\system32\x264vfw.dll
2011-08-20 23:40:09 287744 ----a-w- c:\windows\system32\divxa32.acm
2011-08-20 23:40:09 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-08-20 23:40:09 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-08-20 23:40:09 216064 ----a-w- c:\windows\system32\lagarith.dll
2011-08-20 23:40:09 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-08-20 23:40:08 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-08-20 23:40:08 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-08-20 23:40:08 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-08-20 22:39:09 208896 ----a-w- c:\windows\MBR.exe
2011-08-20 22:17:05 54016 ----a-w- c:\windows\system32\drivers\wxeclw.sys
2011-08-12 00:02:04 54016 ----a-w- c:\windows\system32\drivers\cymxadkq.sys
2011-08-11 23:58:54 -------- d-----w- c:\documents and settings\weaz\application data\Malwarebytes
2011-08-11 23:58:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-11 23:58:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-11 23:58:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 23:58:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-05 23:07:45 -------- dc-h--w- c:\documents and settings\all users\application data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
2011-08-05 23:07:44 -------- d-----w- c:\program files\Savevid
2011-07-30 07:15:53 -------- d-----w- c:\documents and settings\weaz\application data\MOVAVI
.
==================== Find3M ====================
.
2011-08-20 23:12:13 16608 ----a-w- c:\windows\gdrv.sys
2011-08-02 04:26:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2008-03-09 13:25:10 236 ----a-w- c:\program files\common files\dx.reg
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3750330AS rev.SD81 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B3794D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b37f7d0]; MOV EAX, [0x8b37f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Harddisk0\DR0[0x8B3B0AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\00000074[0x8B3EBBE0]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF196] -> [0x8B3B4D98]
\Driver\atapi[0x8B3F5718] -> IRP_MJ_CREATE -> 0x8B3794D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE , 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B37931B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:10:23.06 ===============

Can I post the SB LOG as an Attachment otherwise It'll take up at least 3 posts (too many characters)... FYI, SB did not find any threats...
--------------------------------------------
Edit

If Spybot-S&D has detected items it cannot remove and you have the latest version and detections, please produce [B]the top of the log showing only the items flagged. Please do not attempt to post the entire Spybot-S&D log as it won't fit in to the one post and is not needed unless requested.http://forums.spybot.info/showpost.php?p=1150&postcount=2

There is nothing to show as Spybot did not find any problems.. The Spybot database is up to date.

-----------------------------------------
Note
Last edited by tashi; Today at 12:11 PM. Reason: Merged two posts, helpers look for a zero response. :-) Added info
ken545
2011-08-24, 02:46
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Your infected with a rootkit :red:

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)




Then run DDS again and post a new log
trawa
2011-08-24, 09:36
Ran TDSSKiller before and chose to cure the problem... I apologize...Really needed to use the computer to get school work done and was getting frustrated cause of all the redirects on the net... Again I appologize, hope you can still check whether my system is totally clean.. :) Just ran it again and here's what I got...

2011/08/24 02:33:41.0578 3892 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/24 02:33:41.0812 3892 ================================================================================
2011/08/24 02:33:41.0812 3892 SystemInfo:
2011/08/24 02:33:41.0812 3892
2011/08/24 02:33:41.0812 3892 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/24 02:33:41.0812 3892 Product type: Workstation
2011/08/24 02:33:41.0812 3892 ComputerName: WEEZ-DBCAD9B369
2011/08/24 02:33:41.0812 3892 UserName: weaz
2011/08/24 02:33:41.0812 3892 Windows directory: C:\WINDOWS
2011/08/24 02:33:41.0812 3892 System windows directory: C:\WINDOWS
2011/08/24 02:33:41.0812 3892 Processor architecture: Intel x86
2011/08/24 02:33:41.0812 3892 Number of processors: 2
2011/08/24 02:33:41.0812 3892 Page size: 0x1000
2011/08/24 02:33:41.0812 3892 Boot type: Normal boot
2011/08/24 02:33:41.0812 3892 ================================================================================
2011/08/24 02:33:43.0046 3892 Initialize success
2011/08/24 02:33:44.0125 3196 ================================================================================
2011/08/24 02:33:44.0125 3196 Scan started
2011/08/24 02:33:44.0125 3196 Mode: Manual;
2011/08/24 02:33:44.0125 3196 ================================================================================
2011/08/24 02:33:45.0046 3196 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/08/24 02:33:45.0140 3196 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/24 02:33:45.0171 3196 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/24 02:33:45.0218 3196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/24 02:33:45.0250 3196 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/08/24 02:33:45.0390 3196 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/24 02:33:45.0500 3196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/24 02:33:45.0531 3196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/24 02:33:45.0656 3196 ati2mtag (323b30faae1f544a549ebbbd837ed625) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/24 02:33:45.0718 3196 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/08/24 02:33:45.0765 3196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/24 02:33:45.0812 3196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/24 02:33:45.0828 3196 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/08/24 02:33:45.0859 3196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/24 02:33:45.0906 3196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/24 02:33:45.0921 3196 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/24 02:33:45.0984 3196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/24 02:33:46.0000 3196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/24 02:33:46.0046 3196 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/24 02:33:46.0156 3196 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/08/24 02:33:46.0234 3196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/24 02:33:46.0296 3196 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/24 02:33:46.0312 3196 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/24 02:33:46.0343 3196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/24 02:33:46.0359 3196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/24 02:33:46.0421 3196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/24 02:33:46.0468 3196 eamon (68556a9d5339046a85815c3826caf412) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/08/24 02:33:46.0484 3196 easdrv (fd90ea14a6dad9a3e380dc2b84956c0f) C:\WINDOWS\system32\DRIVERS\easdrv.sys
2011/08/24 02:33:46.0500 3196 epfwtdir (561882616eb2cf58a4ed9e58d0f02ee3) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/08/24 02:33:46.0546 3196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/24 02:33:46.0578 3196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/24 02:33:46.0609 3196 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/08/24 02:33:46.0640 3196 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/24 02:33:46.0671 3196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/24 02:33:46.0703 3196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/24 02:33:46.0734 3196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/24 02:33:46.0765 3196 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/08/24 02:33:46.0781 3196 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/24 02:33:46.0796 3196 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/08/24 02:33:46.0812 3196 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
2011/08/24 02:33:46.0828 3196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/24 02:33:46.0859 3196 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\WINDOWS\system32\drivers\hardlock.sys
2011/08/24 02:33:46.0875 3196 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2011/08/24 02:33:46.0890 3196 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/24 02:33:46.0921 3196 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/24 02:33:46.0953 3196 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/24 02:33:46.0984 3196 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/24 02:33:46.0984 3196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/24 02:33:47.0093 3196 IntcAzAudAddService (557e20484a095d949912883f5ab29e88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/24 02:33:47.0125 3196 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/24 02:33:47.0156 3196 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/24 02:33:47.0171 3196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/24 02:33:47.0171 3196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/24 02:33:47.0187 3196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/24 02:33:47.0203 3196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/24 02:33:47.0234 3196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/24 02:33:47.0234 3196 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/24 02:33:47.0250 3196 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/24 02:33:47.0265 3196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/24 02:33:47.0281 3196 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/24 02:33:47.0312 3196 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/08/24 02:33:47.0359 3196 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/08/24 02:33:47.0375 3196 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/08/24 02:33:47.0437 3196 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/08/24 02:33:47.0484 3196 MAUSBMP (793928d36645c82c118c2c56d986a298) C:\WINDOWS\system32\DRIVERS\mausbmp.sys
2011/08/24 02:33:47.0515 3196 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/24 02:33:47.0531 3196 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/24 02:33:47.0562 3196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/24 02:33:47.0578 3196 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/24 02:33:47.0593 3196 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/24 02:33:47.0609 3196 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/24 02:33:47.0609 3196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/24 02:33:47.0625 3196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/24 02:33:47.0656 3196 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/24 02:33:47.0671 3196 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/08/24 02:33:47.0687 3196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/24 02:33:47.0718 3196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/24 02:33:47.0734 3196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/24 02:33:47.0781 3196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/24 02:33:47.0875 3196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/24 02:33:47.0937 3196 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/24 02:33:47.0984 3196 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/24 02:33:47.0984 3196 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/24 02:33:48.0000 3196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/24 02:33:48.0015 3196 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/24 02:33:48.0031 3196 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/24 02:33:48.0046 3196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/24 02:33:48.0062 3196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/24 02:33:48.0078 3196 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/24 02:33:48.0078 3196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/24 02:33:48.0093 3196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/24 02:33:48.0109 3196 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/24 02:33:48.0125 3196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/24 02:33:48.0156 3196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/24 02:33:48.0171 3196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/24 02:33:48.0187 3196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/24 02:33:48.0187 3196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/24 02:33:48.0203 3196 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/24 02:33:48.0234 3196 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/08/24 02:33:48.0265 3196 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys
2011/08/24 02:33:48.0281 3196 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/24 02:33:48.0281 3196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/24 02:33:48.0296 3196 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/24 02:33:48.0312 3196 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/24 02:33:48.0343 3196 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/24 02:33:48.0359 3196 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/24 02:33:48.0421 3196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/24 02:33:48.0437 3196 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/24 02:33:48.0453 3196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/24 02:33:48.0500 3196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/24 02:33:48.0500 3196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/24 02:33:48.0515 3196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/24 02:33:48.0531 3196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/24 02:33:48.0546 3196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/24 02:33:48.0546 3196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/24 02:33:48.0562 3196 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/24 02:33:48.0593 3196 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/24 02:33:48.0625 3196 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/24 02:33:48.0656 3196 rig3avs (32c544f401313ce484149b117cbcb5c7) C:\WINDOWS\system32\Drivers\rig3avs.sys
2011/08/24 02:33:48.0671 3196 rig3usb (2179cbc859bf70d74140136fd2c33177) C:\WINDOWS\system32\Drivers\rig3usb.sys
2011/08/24 02:33:48.0687 3196 RTLE8023xp (eeb84629064abcb6198864d25bf15b1a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/24 02:33:48.0734 3196 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/24 02:33:48.0750 3196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/24 02:33:48.0765 3196 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/24 02:33:48.0765 3196 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/24 02:33:48.0781 3196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/24 02:33:48.0812 3196 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/24 02:33:48.0843 3196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/24 02:33:48.0859 3196 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/24 02:33:48.0875 3196 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/24 02:33:48.0890 3196 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/24 02:33:48.0906 3196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/24 02:33:48.0906 3196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/24 02:33:48.0953 3196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/24 02:33:48.0984 3196 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/24 02:33:49.0000 3196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/24 02:33:49.0015 3196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/24 02:33:49.0031 3196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/24 02:33:49.0062 3196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/24 02:33:49.0093 3196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/24 02:33:49.0109 3196 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/24 02:33:49.0140 3196 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/24 02:33:49.0156 3196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/24 02:33:49.0171 3196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/24 02:33:49.0187 3196 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/24 02:33:49.0218 3196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/24 02:33:49.0234 3196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/24 02:33:49.0250 3196 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/24 02:33:49.0281 3196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/24 02:33:49.0296 3196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/24 02:33:49.0343 3196 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/24 02:33:49.0359 3196 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/24 02:33:49.0375 3196 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/24 02:33:49.0406 3196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/24 02:33:49.0437 3196 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR6
2011/08/24 02:33:49.0484 3196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR10
2011/08/24 02:33:49.0484 3196 Boot (0x1200) (436ae0b1bbbc61beae8e3ca7f158f621) \Device\Harddisk0\DR0\Partition0
2011/08/24 02:33:49.0500 3196 Boot (0x1200) (e15abf674d32e7d8c9f351ae62d9b189) \Device\Harddisk0\DR0\Partition1
2011/08/24 02:33:49.0515 3196 Boot (0x1200) (9eacdcafe5d097adad057b2201d62de0) \Device\Harddisk0\DR0\Partition2
2011/08/24 02:33:49.0531 3196 Boot (0x1200) (e9e8cd9091312381bb703e8e12cc4757) \Device\Harddisk0\DR0\Partition3
2011/08/24 02:33:49.0546 3196 Boot (0x1200) (30097ff8e175ec38b8b6f8049b479150) \Device\Harddisk0\DR0\Partition4
2011/08/24 02:33:49.0546 3196 Boot (0x1200) (c539190ddf68b01270c533cbcadf565f) \Device\Harddisk1\DR6\Partition0
2011/08/24 02:33:49.0562 3196 Boot (0x1200) (7d2bebcfd5336debb81ba787eeae958d) \Device\Harddisk5\DR10\Partition0
2011/08/24 02:33:49.0562 3196 ================================================================================
2011/08/24 02:33:49.0562 3196 Scan finished
2011/08/24 02:33:49.0562 3196 ================================================================================
2011/08/24 02:33:49.0562 2668 Detected object count: 0
2011/08/24 02:33:49.0562 2668 Actual detected object count: 0
2011/08/24 02:33:53.0921 0240 Deinitialize success
trawa
2011-08-24, 09:36
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
Run by weaz at 2:35:05 on 2011-08-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2696 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BA0784AC-0BA7-4113-B0FA-005C09487C63} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\weaz\application data\mozilla\firefox\profiles\hp43wxme.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-8-18 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-9-17 468224]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2009-7-17 3576320]
R3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\drivers\mausbmp.sys [2009-9-12 154248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-11 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-11 41272]
S3 rig3avs;rig3avs;c:\windows\system32\drivers\rig3avs.sys [2010-2-13 35216]
S3 rig3usb;rig3usb;c:\windows\system32\drivers\rig3usb.sys [2010-2-13 210064]
S4 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-9-12 80392]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-11 366640]
.
=============== Created Last 30 ================
.
2011-08-23 06:27:40 65536 ----a-w- c:\windows\TADSUINS.EXE
2011-08-21 03:28:04 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-21 01:30:12 -------- d-----w- c:\program files\CCleaner
2011-08-20 23:40:09 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2011-08-20 23:40:09 39936 ----a-w- c:\windows\system32\huffyuv.dll
2011-08-20 23:40:09 3164160 ----a-w- c:\windows\system32\x264vfw.dll
2011-08-20 23:40:09 287744 ----a-w- c:\windows\system32\divxa32.acm
2011-08-20 23:40:09 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-08-20 23:40:09 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-08-20 23:40:09 216064 ----a-w- c:\windows\system32\lagarith.dll
2011-08-20 23:40:09 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-08-20 23:40:08 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-08-20 23:40:08 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-08-20 23:40:08 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-08-20 22:39:09 208896 ----a-w- c:\windows\MBR.exe
2011-08-20 22:17:05 54016 ----a-w- c:\windows\system32\drivers\wxeclw.sys
2011-08-12 00:02:04 54016 ----a-w- c:\windows\system32\drivers\cymxadkq.sys
2011-08-11 23:58:54 -------- d-----w- c:\documents and settings\weaz\application data\Malwarebytes
2011-08-11 23:58:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-11 23:58:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-11 23:58:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 23:58:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-05 23:07:45 -------- dc-h--w- c:\documents and settings\all users\application data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
2011-08-05 23:07:44 -------- d-----w- c:\program files\Savevid
2011-07-30 07:15:53 -------- d-----w- c:\documents and settings\weaz\application data\MOVAVI
.
==================== Find3M ====================
.
2011-08-20 23:12:13 16608 ----a-w- c:\windows\gdrv.sys
2011-08-02 04:26:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2008-03-09 13:25:10 236 ----a-w- c:\program files\common files\dx.reg
.
============= FINISH: 2:35:11.01 ===============
ken545
2011-08-24, 10:20
Good Morning,

Yep, this garbage is frustrating but it looks like you removed the rootkit, but lets check further

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png





You have Malwarebytes installed, open it, check for updates and run the Quick scan and post the log
trawa
2011-08-24, 11:23
Good Morning, Thanks for not chewing me out about me getting ahead of myself... Appreciate your help... Here are the logs.

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-24 04:11:49
-----------------------------
04:11:49.156 OS Version: Windows 5.1.2600 Service Pack 3
04:11:49.156 Number of processors: 2 586 0x170A
04:11:49.156 ComputerName: WEEZ-DBCAD9B369 UserName: weaz
04:11:49.687 Initialize success
04:12:13.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
04:12:13.984 Disk 0 Vendor: ST3750330AS SD81 Size: 715403MB BusType: 3
04:12:16.000 Disk 0 MBR read successfully
04:12:16.000 Disk 0 MBR scan
04:12:16.000 Disk 0 Windows 7 default MBR code
04:12:16.015 Disk 0 scanning sectors +1465144065
04:12:16.062 Disk 0 scanning C:\WINDOWS\system32\drivers
04:12:22.562 Service scanning
04:12:23.562 Modules scanning
04:12:27.218 Disk 0 trace - called modules:
04:12:27.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
04:12:27.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3b2ab8]
04:12:27.234 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8b3ecc80]
04:12:27.234 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-16[0x8b3b7d98]
04:12:27.265 Scan finished successfully
04:12:33.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\weaz\Desktop\MBR.dat"
04:12:33.625 The log file has been saved successfully to "C:\Documents and Settings\weaz\Desktop\aswMBR.txt"

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7551

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/24/2011 4:18:26 AM
mbam-log-2011-08-24 (04-18-26).txt

Scan type: Quick scan
Objects scanned: 181698
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ken545
2011-08-24, 12:55
Looking good so far, have the redirects stopped ???

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
trawa
2011-08-25, 05:03
Ran the ESET Scanner and this is what I got...

C:\Documents and Settings\weaz\Application Data\Sun\Java\Deployment\cache\6.0\0\40a94d00-6a849415 a variant of Win32/Kryptik.RXD trojan
C:\Documents and Settings\weaz\Application Data\Sun\Java\Deployment\cache\6.0\62\42232f3e-2800115b a variant of Win32/Kryptik.SBH trojan
C:\System Volume Information\_restore{0351423E-9127-4C73-920D-3BAE5A565A6B}\RP449\A0055580.dll a variant of Win32/Routmo.N trojan
F:\Games\Operation Flashpoint 2 Dragon Rising MULTI PCDVD\Operation Flashpoint Dragon Rising NO-CD Reloaded.rar probably a variant of Win32/Injector.ACP trojan
ken545
2011-08-25, 10:02
Good Morning,

Have the redirects stopped ?

Some of what ESET found where in your Java Cache, lets do this

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 26, if not proceed with the instructions.

Download the latest version Here (http://www.oracle.com/technetwork/java/javase/downloads/jre-6u26-download-400751.html) save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 26 <--The wording is confusing but this is what you need, you need the update for Windows x86 off line


Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version

You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)


Then clear the cache once more to be safe
1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.




You also had some bad stuff in your Windows System Restore, it cant hurt you unless you restore your computer to a earlier date, we will flush that out when were done

Not sure whats going on here, I would uninstall this game and then reinstall it clean
F:\Games\Operation Flashpoint 2 Dragon Rising MULTI PCDVD\Operation Flashpoint Dragon Rising NO-CD Reloaded.rar


Let me know how it went
trawa
2011-08-25, 19:22
Morning, Sorry, yes, the redirects seem to have stopped... Okay... So I follwed the steps you asked me to follow and when I went to verify the installation, it seems theres yet another version... Version 6 update 27... Should I download it? (file name is JXPIINSTALL.EXE). Also, under Java in the control panel I don't see a Cache tab, so I'm not sure about how to clear it.
ken545
2011-08-25, 19:47
Yes, these updates come out faster than I can post them :lip:
trawa
2011-08-26, 01:20
So here's the skinny... Latest Java installed and verified... I don't have a Cache tab, so I selected the General tab, temp Internet files/ settings button... and clicked delete files... Also went through the list of files that were found with the Eset online scanner and checked those directories to see if the files still existed.... Seems they are all gone for now... So what would you like me to do next?
ken545
2011-08-26, 03:26
Lets do this, let me take a final look


OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
trawa
2011-08-26, 18:59
THANKS... Here are the log's...

OTL logfile created on: 8/26/2011 11:53:27 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\weaz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 84.37% Memory free
5.09 Gb Paging File | 4.70 Gb Available in Paging File | 92.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.60 Gb Total Space | 19.66 Gb Free Space | 48.43% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 34.05 Gb Free Space | 69.74% Space Free | Partition Type: NTFS
Drive E: | 195.32 Gb Total Space | 104.84 Gb Free Space | 53.68% Space Free | Partition Type: NTFS
Drive F: | 201.17 Gb Total Space | 16.14 Gb Free Space | 8.02% Space Free | Partition Type: NTFS
Drive G: | 212.72 Gb Total Space | 154.71 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
Drive O: | 485.34 Mb Total Space | 485.34 Mb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: WEEZ-DBCAD9B369 | User Name: weaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\weaz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd7e99ceeb047243863f6ad5c803bf59\System.Runtime.Remoting.ni.dll ()
MOD - C:\weaz\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3632.28362__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3632.28362__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3632.28368__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3632.28362__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3632.28243__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3632.28307__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3632.28345__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3632.28218__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3632.28326__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3632.28245__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3632.28319__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3632.28229__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3632.28346__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3632.28290__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3632.28244__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3632.28277__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3632.28238__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3632.28244__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3632.28229__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3632.28389__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3632.28360__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3632.28298__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3632.28299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3632.28359__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3632.28298__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3632.28280__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3632.28312__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3632.28246__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3632.28321__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3632.28247__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3632.28232__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3632.28273__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3632.28287__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3632.28286__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3632.28252__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3632.28288__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3632.28293__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3632.28278__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3621.42212__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3621.42210__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3621.42227__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3621.42278__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3621.42271__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3621.42225__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3621.42271__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3621.42190__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3621.42192__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3621.42329__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3621.42223__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3621.42228__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3621.42202__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3621.42196__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3621.42274__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3621.42246__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3621.42267__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3621.42241__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3621.42213__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3621.42244__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3621.42217__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3621.42209__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3621.42268__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3621.42241__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3621.42211__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3621.42240__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3621.42221__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3632.28381__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3621.42247__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3621.42243__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3632.28353__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3621.42214__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3621.42224__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3621.42229__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3621.42211__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3621.42225__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3621.42213__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3632.28212__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3632.28331__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3632.28237__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3632.28338__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3632.28336__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3632.28215__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3632.28217__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3621.42219__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3621.42205__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3621.42192__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3621.42221__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3621.42200__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3621.42221__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3632.28224__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3632.28215__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3632.28213__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3621.42217__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3621.42221__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3621.42249__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3632.28338__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\355411a730577e41a36241ccc0c10d99\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\6495df73abc4b54c8677c79c251d16a1\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\de8b438f97f82f4285cf205cf0e35242\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\76749e9a21552747a53aa4dfc3c1da9d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f04b06c158f9d3458e111cd3cac10701\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\84d9727cfb9f494a99e3b7b6f94d75c0\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\58d499e4e715364da83739e2f443a49a\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\29cb1537dfa6574584a4cae061853dc7\mscorlib.ni.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\WINDOWS\system32\P17.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (astcc) -- C:\WINDOWS\system32\astsrv.exe (Nalpeiron Ltd.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (GEST Service) -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MAUSBMP) Service for M-Audio Mobile Pre (WDM) -- C:\WINDOWS\system32\drivers\mausbmp.sys (Avid Technology, Inc.)
DRV - (rig3avs) -- C:\WINDOWS\system32\drivers\rig3avs.sys (Native Instruments GmbH)
DRV - (rig3usb) -- C:\WINDOWS\system32\drivers\rig3usb.sys (Native Instruments GmbH)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys ()
DRV - (easdrv) -- C:\WINDOWS\system32\drivers\easdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1482476501-854245398-839522115-1003\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-1482476501-854245398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-854245398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/20 18:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/26 11:43:58 | 000,000,000 | ---D | M]

[2011/08/21 21:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\weaz\Application Data\Mozilla\Extensions
[2011/08/26 11:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\weaz\Application Data\Mozilla\Firefox\Profiles\hp43wxme.default\extensions
[2010/02/06 04:37:59 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\weaz\Application Data\Mozilla\Firefox\Profiles\hp43wxme.default\extensions\personas@christopher.beard
[2011/08/25 18:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/25 18:06:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/25 18:08:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1482476501-854245398-839522115-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-854245398-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/07 00:22:41 | 000,006,478 | ---- | M] () - C:\AutoEnginuity.log -- [ NTFS ]
O32 - AutoRun File - [2009/09/12 06:04:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/26 11:47:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\weaz\Desktop\OTL.exe
[2011/08/25 18:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/25 18:07:12 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\weaz\Desktop\jxpiinstall.exe
[2011/08/25 18:06:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/25 18:06:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/25 18:06:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/25 18:06:52 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/25 18:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/25 12:05:18 | 016,619,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\weaz\Desktop\jre-6u26-windows-i586.exe
[2011/08/25 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2011/08/25 00:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\Advanced.Archive.Password.Recovery.Professional.v4.53.incl.serial-iOTA
[2011/08/24 17:36:42 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\weaz\Desktop\esetsmartinstaller_enu.exe
[2011/08/24 04:11:10 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\weaz\Desktop\aswMBR.exe
[2011/08/24 02:13:51 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\weaz\Desktop\TDSSKiller.exe
[2011/08/23 18:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\enigne toolz
[2011/08/23 01:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\My Documents\TADS
[2011/08/22 01:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\yugioh cards
[2011/08/21 22:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\dragway
[2011/08/21 22:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\summit parts order
[2011/08/21 12:06:12 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\weaz\Desktop\dds.scr
[2011/08/21 12:05:51 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\weaz\Desktop\erunt-setup.exe
[2011/08/20 22:28:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/20 20:38:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\weaz\Recent
[2011/08/20 20:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/20 18:40:09 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2011/08/20 18:40:09 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2011/08/20 18:40:09 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011/08/20 18:40:09 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2011/08/20 18:40:09 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/08/20 18:40:09 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2011/08/20 18:40:09 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2011/08/20 18:13:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/20 17:38:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\weaz\Start Menu\Programs\Administrative Tools
[2011/08/20 17:37:38 | 004,179,402 | R--- | C] (Swearware) -- C:\Documents and Settings\weaz\Desktop\ComboFix.exe
[2011/08/20 17:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\backups
[2011/08/20 17:32:50 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\weaz\Desktop\HijackThis.exe
[2011/08/20 16:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/08/20 16:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/08/20 16:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/08/20 16:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/20 15:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/08/20 15:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/20 14:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/20 14:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/17 21:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\383 shitz
[2011/08/16 17:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\91 maro
[2011/08/16 11:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\Camera Card
[2011/08/15 19:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\Carz showz PA
[2011/08/11 18:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Application Data\Malwarebytes
[2011/08/11 18:58:47 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/11 18:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/11 18:58:44 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/11 18:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/11 17:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LoveChess Age Of Egypt
[2011/08/11 17:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\LoveChess Age Of Egypt
[2011/08/10 19:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\blue 92 parachute parts n pics
[2011/08/08 15:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\kris crazy movies
[2011/08/05 18:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\popodupa
[2011/08/05 18:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\poopoopoop
[2011/08/05 18:07:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
[2011/08/05 18:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Savevid
[2011/07/30 22:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\car showz palatine
[2011/07/30 02:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Application Data\MOVAVI
[2011/07/30 02:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Movavi Video Editor 6
[2011/07/30 02:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\Movavi Video Editor 6
[2002/04/11 01:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/26 11:47:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\weaz\Desktop\OTL.exe
[2011/08/26 11:44:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/26 11:43:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/08/25 18:07:30 | 000,908,576 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\weaz\Desktop\jxpiinstall.exe
[2011/08/25 12:05:24 | 016,619,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\weaz\Desktop\jre-6u26-windows-i586.exe
[2011/08/25 00:32:13 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\weaz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 00:16:47 | 002,395,439 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\Advanced.Archive.Password.Recovery.Professional.v4.53 FULL.rar
[2011/08/25 00:04:40 | 000,235,090 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\Insidious_2011_720p_RC_BDRip_XviD_AC3_FLAWL3SS.torrent
[2011/08/24 17:36:46 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\weaz\Desktop\esetsmartinstaller_enu.exe
[2011/08/24 04:12:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\MBR.dat
[2011/08/24 04:11:27 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\weaz\Desktop\aswMBR.exe
[2011/08/23 01:26:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\TADSUINS.EXE
[2011/08/22 21:49:35 | 000,142,231 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\[PC GAME - Multi10] Video Strip Poker Classic 2007 [TNTvillage] [h33t].torrent
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\weaz\Desktop\TDSSKiller.exe
[2011/08/21 21:19:14 | 000,000,425 | RHS- | M] () -- C:\boot.ini
[2011/08/21 12:59:05 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\attach.zip
[2011/08/21 12:06:15 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\weaz\Desktop\dds.scr
[2011/08/21 12:06:00 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\weaz\Desktop\erunt-setup.exe
[2011/08/21 11:35:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/20 20:28:39 | 001,389,603 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\tdsskiller.zip
[2011/08/20 18:12:13 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2011/08/20 17:38:06 | 004,179,402 | R--- | M] (Swearware) -- C:\Documents and Settings\weaz\Desktop\ComboFix.exe
[2011/08/20 17:32:51 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\weaz\Desktop\HijackThis.exe
[2011/08/20 17:17:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\wxeclw.sys
[2011/08/20 04:42:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/17 23:03:32 | 000,448,341 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\rad camaro.JPG
[2011/08/16 18:14:17 | 001,102,424 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\91 maro.rar
[2011/08/11 19:02:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cymxadkq.sys
[2011/08/08 03:00:00 | 000,074,752 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/08 03:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2011/08/01 00:28:38 | 005,655,598 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\Queen - Bohemian Rhapsody.mp3
[2011/07/30 02:15:42 | 000,005,117 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hvcatrnw.tht
[2011/07/29 23:18:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/25 00:16:43 | 002,395,439 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\Advanced.Archive.Password.Recovery.Professional.v4.53 FULL.rar
[2011/08/25 00:04:39 | 000,235,090 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\Insidious_2011_720p_RC_BDRip_XviD_AC3_FLAWL3SS.torrent
[2011/08/24 04:12:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\MBR.dat
[2011/08/23 01:27:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2011/08/22 21:49:35 | 000,142,231 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\[PC GAME - Multi10] Video Strip Poker Classic 2007 [TNTvillage] [h33t].torrent
[2011/08/21 12:59:05 | 000,002,527 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\attach.zip
[2011/08/20 20:28:30 | 001,389,603 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\tdsskiller.zip
[2011/08/20 18:40:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/08/20 18:40:09 | 003,164,160 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2011/08/20 18:40:09 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2011/08/20 18:40:08 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/20 18:40:08 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/20 18:40:08 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/20 17:39:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/20 17:17:05 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wxeclw.sys
[2011/08/16 18:14:00 | 001,102,424 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\91 maro.rar
[2011/08/15 20:02:01 | 000,448,341 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\rad camaro.JPG
[2011/08/11 19:02:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cymxadkq.sys
[2011/08/01 00:28:28 | 005,655,598 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\Queen - Bohemian Rhapsody.mp3
[2011/07/30 02:15:42 | 000,005,117 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hvcatrnw.tht
[2010/11/14 20:48:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/25 15:19:48 | 002,349,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/23 20:54:12 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010/06/09 21:34:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\weaz\Local Settings\Application Data\fusioncache.dat
[2010/05/05 13:59:15 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2010/05/05 13:59:15 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/04/17 19:08:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2010/04/17 19:08:03 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/01/18 23:51:50 | 000,347,472 | ---- | C] () -- C:\Documents and Settings\weaz\Local Settings\Application Data\MB.SAV
[2009/12/29 21:22:37 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/12/19 21:19:21 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2009/12/16 18:45:34 | 000,270,848 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/12/12 17:18:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/12/12 17:18:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2009/11/14 14:17:12 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/11/14 14:17:04 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/11/14 14:16:39 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/11/07 01:16:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/11/04 22:38:02 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2009/11/04 22:38:02 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2009/11/04 22:38:02 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2009/10/08 15:36:09 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\weaz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 22:49:52 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/09/26 22:49:52 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\846596EC1C.sys
[2009/09/26 21:25:14 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/19 03:27:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/19 03:27:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/19 03:27:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/19 03:27:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/12 07:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/09/12 07:04:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/12 07:04:07 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2009/09/12 07:04:06 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2009/09/12 07:04:06 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2009/09/12 07:04:06 | 000,005,298 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2009/09/12 07:03:03 | 000,006,010 | ---- | C] () -- C:\WINDOWS\System32\ma004103.bin
[2009/09/12 06:42:26 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/09/12 06:33:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/12 06:22:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/09/12 06:07:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/12 06:01:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/12 00:52:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/12 00:49:35 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/13 20:42:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/08/13 20:42:20 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/14 10:09:12 | 000,197,982 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/08/18 13:27:42 | 000,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2008/07/26 09:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005/05/03 11:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/10/02 10:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,439,154 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,071,114 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/09/12 06:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/02/13 14:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/08/12 19:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/30 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2010/02/13 14:04:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2010/03/28 17:32:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2009/09/14 00:55:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2011/08/05 18:07:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
[2010/02/13 14:03:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
[2009/09/14 00:55:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EFBDC0EC-2698-4A44-8AAD-4113D6D8BB82}
[2009/10/27 23:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\2K Sports
[2010/08/15 00:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Audacity
[2009/11/20 13:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\BoneTown
[2011/08/20 19:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\foobar2000
[2009/12/29 21:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Leadertech
[2011/07/30 02:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\MOVAVI
[2009/09/26 05:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\NetMedia Providers
[2009/12/12 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Progression
[2010/08/11 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Publish Providers
[2009/10/14 21:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Roni Music
[2011/04/01 23:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Rovio
[2010/02/01 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Sony
[2011/08/25 02:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\uTorrent

========== Purity Check ==========



< End of report >
trawa
2011-08-26, 19:00
OTL Extras logfile created on: 8/26/2011 11:53:27 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\weaz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 84.37% Memory free
5.09 Gb Paging File | 4.70 Gb Available in Paging File | 92.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.60 Gb Total Space | 19.66 Gb Free Space | 48.43% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 34.05 Gb Free Space | 69.74% Space Free | Partition Type: NTFS
Drive E: | 195.32 Gb Total Space | 104.84 Gb Free Space | 53.68% Space Free | Partition Type: NTFS
Drive F: | 201.17 Gb Total Space | 16.14 Gb Free Space | 8.02% Space Free | Partition Type: NTFS
Drive G: | 212.72 Gb Total Space | 154.71 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
Drive O: | 485.34 Mb Total Space | 485.34 Mb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: WEEZ-DBCAD9B369 | User Name: weaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- "C:\weaz\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "G:\Corel PSP Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [compress] -- C:\Documents and Settings\weaz\Desktop\KGB Archiver\kgb_arch_compress.exe "%1\"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"G:\OF Dragon Rising\OFDR.exe" = G:\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox.exe -- (Mozilla Corporation)
"G:\gta IV\Rockstar Games Social Club\RGSCLauncher.exe" = G:\gta IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"G:\gta IV\Grand Theft Auto IV\LaunchGTAIV.exe" = G:\gta IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"G:\gta IV\Grand Theft Auto IV\GTAIV.exe" = G:\gta IV\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03030CB1-AEA1-90F8-6442-AC063AA1AE20}" = ccc-core-static
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1508CFA3-1A63-43A0-9C79-E521E8F337FD}" = Cam Analyzer v3.8
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A3D8A23-3215-46B7-AB97-E304ADABFC18}" = ESET NOD32 Antivirus
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1A5F9CD3-7BD3-F68F-1267-7C1157AFE531}" = Catalyst Control Center Graphics Full New
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2623D63C-B2C5-4D5A-9C62-830D2C4682D7}" = Dyno-Scan for Windows 8.0.0
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 27
"{29082A9B-0144-5189-78B3-1E8D47DD644D}" = ccc-core-preinstall
"{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}" = Sony ACID Pro 6.0
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FAAECD0-1929-11DA-6784-006853A418BE}" = LoveChess Age Of Egypt
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3F1420A7-FF17-40F0-B4FE-3481B8D10081}" = MaxiLink
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5201A854-5EC2-4B23-BB01-941ADDCF1DDE}" = CSR Hall
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58BEE9AE-625D-4177-BC5E-E6E0794C092E}" = MaxiLink
"{5E7C721D-B008-4269-A1C4-2CE7E9757983}" = BoneTown
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71CFE572-6C01-96C4-F90E-36C147C98123}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{870FB7F0-59C3-099B-4ABF-A9F977393EE9}" = ccc-utility
"{885DDF98-4E4C-4D80-59C9-B785F2D314E4}" = Catalyst Control Center Graphics Previews Common
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91ADB100-2654-4F20-A319-3088D356DEED}" = MobilePre
"{A6EB4CB7-DA32-2FAA-7078-7C0C2882D9DF}" = CCC Help English
"{A816AE22-1878-CACA-7541-47C56F9A96F7}" = ATI Catalyst Install Manager
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B3D87264-EAC9-4DE8-8D0E-E758CA1413A0}_is1" = Disciples III
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B90AC632-A6FF-4755-80BA-D48CD7809E08}" = ScanTool
"{B918272C-7E6E-194F-53E9-D3B566480686}" = Catalyst Control Center Graphics Light
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8A92B59-E083-7715-F78F-FDD77B121C3C}" = Catalyst Control Center HydraVision Full
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DEE4D866-5145-4AF9-B38A-A25AD3F69FFD}" = ScanTool
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BCD1EA-73CE-B1BF-70DC-A1A6EF3132EE}" = Catalyst Control Center Graphics Full Existing
"{F2E92959-8856-6656-BE20-4E2F6685F170}" = Catalyst Control Center Core Implementation
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE1F501D-27BA-4C44-A552-52B02250EC58}" = Engine Analyzer v3.4
"23C892DBF52DDAF3C9BD2BB6E9805E79FCD09A67" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"7-Zip" = 7-Zip 4.65
"A2E63BDAC649E514867CB43CE0B4F9DB111206C2" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"AB2094562DCCF887D275D26D0C18F6D23EBE5E07" = Windows Driver Package - STMicroelectronics (STTub203) USB
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"ATI Display Driver" = ATI Display Driver
"AutoTap 3.1" = AutoTap 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Cam Pro Plus Demo" = Cam Pro Plus Demo
"CamQuest6 Cam Selection.0408" = CamQuest6 Cam Selection.0408
"CCleaner" = CCleaner
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"Drag2003_is1" = Drag2003 v4.05
"Dyno2003_is1" = Dyno2003 v4.05
"EasyBCD" = EasyBCD 1.7.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"foobar2000" = foobar2000 v0.9.6.1
"FTDICOMM" = FTDI USB Serial Converter Drivers
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Movavi Video Editor 6" = Movavi Video Editor
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"PowerISO" = PowerISO
"ReValver Mk III_is1" = ReValver Mk III
"SaveVid Plug-in" = SaveVid Plug-in
"SysInfo" = Creative System Information
"TuxGuitar_0" = TuxGuitar 1.2
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2010 4:11:06 PM | Computer Name = WEEZ-DBCAD9B369 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application rgsc.exe, version 1.0.0.0, stamp 49432158, faulting
module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address
0x00012aeb.

Error - 10/25/2010 4:11:38 PM | Computer Name = WEEZ-DBCAD9B369 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application rgsc.exe, version 1.0.0.0, stamp 49432158, faulting
module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address
0x00012aeb.

Error - 10/25/2010 4:11:41 PM | Computer Name = WEEZ-DBCAD9B369 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application rgsc.exe, version 1.0.0.0, stamp 49432158, faulting
module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address
0x00012aeb.

Error - 10/25/2010 4:18:45 PM | Computer Name = WEEZ-DBCAD9B369 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application rgsc.exe, version 1.0.0.0, stamp 49432158, faulting
module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address
0x00012aeb.

Error - 10/25/2010 4:18:48 PM | Computer Name = WEEZ-DBCAD9B369 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application rgsc.exe, version 1.0.0.0, stamp 49432158, faulting
module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address
0x00012aeb.

Error - 10/25/2010 4:29:13 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 15.0.0.498, faulting module
setup.exe, version 15.0.0.498, fault address 0x000295fe.

Error - 10/29/2010 1:27:32 AM | Computer Name = WEEZ-DBCAD9B369 | Source = Application Error | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.0.0, faulting module gtaiv.exe,
version 1.0.0.0, fault address 0x00515fa2.

Error - 11/14/2010 9:56:02 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.

Error - 11/26/2010 2:48:09 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Application Error | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.0.0, faulting module gtaiv.exe,
version 1.0.0.0, fault address 0x0052946e.

Error - 12/25/2010 3:13:49 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Application Error | ID = 1000
Description = Faulting application sysdiag.exe, version 0.0.0.0, faulting module
shlwapi.dll, version 6.0.2900.5512, fault address 0x0000417e.

[ System Events ]
Error - 8/26/2011 12:44:51 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Service Control Manager | ID = 7031
Description = The Eset Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 8/26/2011 12:44:51 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Eset Service service, but
this action failed with the following error: %%1058


< End of report >
ken545
2011-08-26, 19:59
:bigthumb:

All running ok ?
trawa
2011-08-26, 20:07
Seems to be running fine... I guess if you don't see any other issues then it should be good. I guess if I do experience any symptoms then I'll come back, but as for right now... It's good. Thanks for the help! I really appreciate it.
ken545
2011-08-26, 21:47
Great,



Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

Malwarebytes is the free version and yours to keep and will not be removed

Keeping your Java updated is very important to the security of your system, info here on how to update
http://forums.spybot.info/showpost.php?p=12880&postcount=2



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken
trawa
2011-08-27, 04:00
Thanks Ken, Keep up the good work. Much obliged.
ken545
2011-08-27, 10:52
C:\Program Files\uTorrent

Just want to point out that your firewall is allowing access to the above program which means anything you download good or bad will be allowed in, this is most likely how you got infected. Knowing what I know and doing what I do I would never allow any programs of this type on any of my systems, you would be doing yourself a huge favor by uninstalling it and staying away from any type of File Sharing.

http://www.esecurityguy.com/p2p_file_sharing
http://www.fbi.gov/scams-safety/peertopeer
http://www.pbcomp.com.au/dangers-with-peer...c-software.html
http://www.usatoday.com/tech/columnist/kim...ring-woes_x.htm
http://www.ttu.edu/safecomputing/lubbock/recommended/p2p.php


Take care,

Ken