Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

127.0.0.1,icq.rambler.ru


  • This topic is locked This topic is locked
46 replies to this topic

#1 Gravespit

Gravespit

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 02 May 2010 - 09:15 PM

Spyware Doctor detects 127.0.0.1,icq.rambler.ru but I can't find it in the hijackthis log. It will not remove the infection...there were 7 others...named something something myspace I don't remember :\ Hijack removed them though, but this one I can't seem to find. Here's my log.

Oh yeah for the record, I don't even use icq so I have no idea why this would be here...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:11 PM, on 5/2/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\Pixart\PAP7501\GUCI_AVS.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Users\Gravespit\AppData\Local\gwewpgvdl\fftisaqtssd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Fraps\fraps.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSWOW64\userinit.exe,
O1 - Hosts: 68.178.151.28 view.atdmt.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AAWTray] C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Pinnacle Game Profiler] "C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe" -atboottime
O4 - HKCU\..\Run: [iLike] C:\Program Files (x86)\iLike\1.2.16\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files (x86)\MotioninJoy\ds3\DS3_Tool.exe -mini
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [cqtyglfi] C:\Users\Gravespit\AppData\Local\gwewpgvdl\fftisaqtssd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11029 bytes

Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

Edited by Animal, 02 May 2010 - 10:09 PM.


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:07:57 AM

Posted 05 May 2010 - 10:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 Gravespit

Gravespit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 05 May 2010 - 11:15 PM

It's fine, thanks.

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 06 May 2010 - 07:36 AM

Since this topic appears to be resolved, I will now close it.
If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 06 May 2010 - 06:36 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Since you have 64bit OS please do this...

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* A clear description of the current problems you are experiencing
* What gives you the impression that you have an MBR infection?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 Gravespit

Gravespit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 09 May 2010 - 08:39 PM

Sorry for my delay, and thank you for re-opening. Better safe than sorry.

Since I removed the fake anti-malware program that I had at one point, I haven't had any actual noticeable "problems", but PC Tools Spyware Doctor detects "127.0.0.1,icq.rambler.ru" and it won't remove it. Just curious to know what it is and if it could be potentially hazardous..and how to remove it if necessary. Oh, one problem that has just popped up though...my desktop does not auto refresh. If I delete something it remains until I force a refresh. Or parts of a download still show after completion. ie the "part" files and so forth.

MBR Problem = Nod32 Antivirus 4 shows this in my Log File > Name: MBR sector of the 1. physical disk Threat: Win32/Mebroot.mbr trojan Action: unable to clean
Also - Scanner: Startup scanner Object: boot sector > ...if that's relevant.


OTL logfile created on: 5/9/2010 8:36:59 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Gravespit\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 116.22 Gb Free Space | 49.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 374.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRAVESPIT-PC
Current User Name: Gravespit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/09 20:35:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Gravespit\Desktop\OTL.exe
PRC - [2010/05/09 20:10:57 | 000,368,640 | ---- | M] (Image-Line ) -- C:\Users\Gravespit\AppData\Local\Temp\mrt1042.tmp\stdrt.exe
PRC - [2010/04/28 21:50:02 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2010/04/02 00:00:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 02:38:14 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/03/28 09:24:02 | 002,340,784 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
PRC - [2010/03/24 02:11:48 | 002,781,184 | ---- | M] (PowerUp Software, LLC) -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe
PRC - [2010/01/22 03:56:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/16 03:35:41 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/01/14 10:49:26 | 000,782,117 | ---- | M] (Image-Line ) -- C:\Program Files (x86)\Image-Line\FL Studio 9\FL.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/20 06:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/06/03 16:19:38 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/06/03 16:14:24 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/02/23 15:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 19:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 19:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\PAP7501\GUCI_AVS.exe
PRC - [2007/08/27 16:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/08/08 17:53:16 | 000,088,024 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\AAWTray.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 20:35:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Gravespit\Desktop\OTL.exe
MOD - [2010/03/28 09:24:12 | 000,206,768 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps32.dll
MOD - [2009/07/20 06:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll
MOD - [2009/07/20 06:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 17:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/25 01:11:22 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/11/16 09:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/20 14:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 03:56:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/01/16 03:35:41 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/01/14 06:20:12 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/01/14 05:48:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/01/04 23:18:16 | 000,413,696 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/23 15:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 19:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/27 16:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/01/19 08:28:13 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2010/01/14 19:11:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/18 15:02:26 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/11/16 09:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/11/16 08:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/17 12:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 18:29:44 | 001,561,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009/06/03 18:29:32 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/06/03 18:29:24 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/06/03 18:29:14 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/06/03 18:29:06 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/06/03 18:28:56 | 000,685,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009/06/03 18:28:46 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/06/03 18:28:36 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/06/03 18:28:36 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009/06/03 18:28:20 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2009/06/03 18:28:20 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009/06/03 18:28:12 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2009/06/03 18:28:12 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/04/08 18:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/27 05:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2008/03/31 16:42:48 | 000,614,272 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV:64bit: - [2008/02/18 18:20:12 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)
DRV - [2010/01/13 18:14:47 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008/01/31 16:01:18 | 000,141,312 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\GUCI_AVS.ax -- (GUCI_AVS)
DRV - [2007/08/07 15:58:08 | 000,008,320 | ---- | M] (Lavasoft AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\AWRTRD.sys -- (Ad-Watch Registry Filter)
DRV - [2007/08/07 15:56:58 | 000,009,344 | ---- | M] (Lavasoft AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2007/07/11 16:37:26 | 000,006,272 | ---- | M] (Lavasoft AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 58 8B BD 9E 94 CA 01 [binary data]
IE - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/01 13:27:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/01 13:27:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/05/03 13:32:03 | 000,000,000 | ---D | M]

[2010/01/14 05:42:44 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Mozilla\Extensions
[2010/05/09 19:36:44 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Mozilla\Firefox\Profiles\wm1r0ab2.default\extensions
[2010/04/26 10:18:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gravespit\AppData\Roaming\Mozilla\Firefox\Profiles\wm1r0ab2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/09 00:37:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Gravespit\AppData\Roaming\Mozilla\Firefox\Profiles\wm1r0ab2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/14 19:12:22 | 000,002,055 | ---- | M] () -- C:\Users\Gravespit\AppData\Roaming\Mozilla\Firefox\Profiles\wm1r0ab2.default\searchplugins\daemon-search.xml
[2010/05/09 19:36:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/30 02:38:13 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/05/02 22:03:25 | 000,374,759 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 68.178.151.28 view.atdmt.com
O1 - Hosts: 127.0.0.1 www.intuneads.com
O1 - Hosts: 127.0.0.1 www.freemusic123.com
O1 - Hosts: 127.0.0.1 www.cifras.com.br
O1 - Hosts: 127.0.0.1 www.gshome.com
O1 - Hosts: 127.0.0.1 www.all-midi.com
O1 - Hosts: 127.0.0.1 www.directtabs.com
O1 - Hosts: 127.0.0.1 hg1.hitbox.com
O1 - Hosts: 127.0.0.1 ad.harmony-central.com
O1 - Hosts: 127.0.0.1 cdn1.tribalfusion.com
O1 - Hosts: 127.0.0.1 isg01.casalemedia.com
O1 - Hosts: 127.0.0.1 isg02.casalemedia.com
O1 - Hosts: 127.0.0.1 isg03.casalemedia.com
O1 - Hosts: 127.0.0.1 isg04.casalemedia.com
O1 - Hosts: 127.0.0.1 isg05.casalemedia.com
O1 - Hosts: 127.0.0.1 isg06.casalemedia.com
O1 - Hosts: 127.0.0.1 isg07.casalemedia.com
O1 - Hosts: 127.0.0.1 isg08.casalemedia.com
O1 - Hosts: 127.0.0.1 isg09.casalemedia.com
O1 - Hosts: 127.0.0.1 isg10.casalemedia.com
O1 - Hosts: 127.0.0.1 isg11.casalemedia.com
O1 - Hosts: 127.0.0.1 isg12.casalemedia.com
O1 - Hosts: 127.0.0.1 isg14.casalemedia.com
O1 - Hosts: 12905 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PAP7501_Monitor] C:\Windows\Pixart\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4 - HKLM..\Run: [AAWTray] C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\AAWTray.exe ()
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\Run: [cqtyglfi] C:\Users\Gravespit\AppData\Local\gwewpgvdl\fftisaqtssd.exe File not found
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\Run: [DS3 Tool] C:\Program Files (x86)\MotioninJoy\ds3\DS3_Tool.exe File not found
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\Run: [iLike] C:\Program Files (x86)\iLike\1.2.16\ilikesidebar.exe (iLike)
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\Run: [Pinnacle Game Profiler] C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe (PowerUp Software, LLC)
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/21 22:01:40 | 001,081,344 | R--- | M] () - F:\AutoPlay.exe -- [ CDFS ]
O32 - AutoRun File - [2006/02/21 22:03:50 | 000,002,182 | R--- | M] () - F:\autoplay.ini -- [ CDFS ]
O32 - AutoRun File - [2006/03/01 15:19:08 | 000,000,954 | R--- | M] () - F:\AutoPlay.ucs -- [ CDFS ]
O32 - AutoRun File - [2006/02/16 13:22:34 | 000,576,056 | R--- | M] () - F:\AutoRun.bmp -- [ CDFS ]
O32 - AutoRun File - [2005/12/14 15:51:16 | 000,000,049 | R--- | M] () - F:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{4b87b6a7-26e3-11df-b11f-001aa0c17f06}\Shell - "" = AutoRun
O33 - MountPoints2\{4b87b6a7-26e3-11df-b11f-001aa0c17f06}\Shell\AutoRun\command - "" = D:\Support\AutoRun\AutoRun.exe -- File not found
O33 - MountPoints2\{fa429b6b-0090-11df-8a6b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fa429b6b-0090-11df-8a6b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoPlay.exe -- [2006/02/21 22:01:40 | 001,081,344 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\SysWow64\lsdelete.exe ()
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: aawservice - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: Dhcp - C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: ndiscap - C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: aawservice - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {37801538-E5B3-3F0F-F00E-52851CE0AC2C} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4971919C-73E1-0680-5DA5-BDA0CFEC0603} - Internet Explorer
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux5 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux6 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux7 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux8 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux9 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi5 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi6 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi7 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi8 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi9 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer5 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer6 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer7 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer8 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer9 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - C:\Windows\SysNative\vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - C:\Windows\SysNative\frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave5 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave6 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave7 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave8 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave9 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.ZMBV - C:\Windows\SysWow64\zmbv.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/09 20:35:04 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Gravespit\Desktop\OTL.exe
[2010/05/09 20:10:46 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\Desktop\MARS NEEDS WOMEN mp3_95bpm
[2010/05/03 16:05:44 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Local\ESET
[2010/05/03 11:50:07 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\ESET
[2010/05/03 11:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/02 22:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/05/02 19:45:10 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/05/02 19:17:05 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/05/02 19:17:05 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/05/02 19:17:03 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/05/02 19:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/05/02 19:16:58 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\PC Tools
[2010/05/02 19:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/05/02 19:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/05/02 19:01:21 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Local\Threat Expert
[2010/05/02 11:05:16 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\iolo
[2010/05/02 11:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2010/05/02 10:51:19 | 000,039,424 | ---- | C] (NirSoft) -- C:\Windows\zipinst.exe
[2010/05/02 10:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IconsExtract
[2010/05/02 10:24:37 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\D-Fend Reloaded
[2010/05/02 10:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\D-Fend Reloaded
[2010/05/02 10:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.73
[2010/05/01 18:49:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/01 18:41:45 | 003,119,440 | ---- | C] (ESET) -- C:\Users\Gravespit\Desktop\SysInspector 64-bit.exe
[2010/05/01 17:17:23 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\2D6287441925A2F00056D280B060C4AA
[2010/05/01 15:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne
[2010/05/01 15:31:06 | 000,000,000 | ---D | C] -- C:\Windows\83F12F73D52E40C093B1463C311C4E17.TMP
[2010/05/01 12:20:33 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/05/01 09:59:39 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/05/01 09:59:39 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/05/01 09:59:39 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/05/01 09:59:39 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/05/01 09:59:39 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/05/01 09:56:42 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/04/29 16:12:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010/04/29 16:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/04/29 16:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010/04/29 16:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010/04/28 21:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Local\DNA
[2010/04/28 21:50:02 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\DNA
[2010/04/28 21:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DNA
[2010/04/28 21:19:29 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\Silverlode Interactive
[2010/04/28 20:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Saga
[2010/04/28 17:12:45 | 000,614,272 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\SysNative\drivers\GUCI_AVS.sys
[2010/04/28 17:12:45 | 000,009,216 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\COINST.dll
[2010/04/28 17:12:44 | 000,141,312 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\SysWow64\GUCI_AVS.ax
[2010/04/28 17:12:44 | 000,000,000 | ---D | C] -- C:\Windows\Pixart
[2010/04/28 17:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyLife Notebook Webcam
[2010/04/28 03:49:35 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010/04/28 03:49:34 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/04/28 03:49:34 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/04/27 21:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Edash
[2010/04/27 21:46:18 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/04/27 21:36:11 | 000,059,392 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeploy.exe
[2010/04/27 21:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abandoned Castle Studios
[2010/04/26 15:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samu Games
[2010/04/26 10:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst
[2010/04/26 10:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/04/22 22:03:08 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2010/04/22 09:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2010/04/22 09:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/04/20 08:46:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Log
[2010/04/20 08:38:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GodsWar Online
[2010/04/20 07:18:21 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/20 07:18:21 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\app
[2010/04/20 07:18:17 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/20 07:18:17 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\Dofus 2
[2010/04/20 04:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wonderland Online
[2010/04/17 04:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2010/04/17 04:54:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/04/16 14:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razor
[2010/04/15 03:55:48 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\Documents\ConnectUO
[2010/04/15 03:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConnectUO 2.0
[2010/04/13 22:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Games
[2010/04/13 21:30:09 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/13 21:30:09 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/13 21:29:50 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/13 21:29:50 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/04/13 21:29:49 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/04/13 21:29:07 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/13 21:29:07 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/13 21:29:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/13 21:29:02 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/13 06:12:07 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[2010/04/13 06:08:52 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Local\TempDIR
[2010/04/13 06:01:53 | 000,000,000 | ---D | C] -- C:\ijji
[2010/04/13 05:44:23 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\ijjigame
[2010/04/13 04:42:14 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Local\Outspark
[2010/04/13 03:43:46 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\MotioninJoy
[2010/04/13 03:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2029
[2010/04/13 03:31:34 | 000,430,080 | ---- | C] (Nathan Lewis <nlewis@programmer.net>) -- C:\Windows\SysWow64\cmcs21.ocx
[2010/04/13 03:31:34 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tabctl32.ocx
[2010/04/13 03:31:34 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.ocx
[2010/04/13 03:31:34 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomm32.ocx
[2010/04/13 03:12:07 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\Documents\Secret of the Solstice
[2010/04/13 03:12:07 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\Secret of the Solstice
[2010/04/13 02:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lizard Interactive
[2010/04/13 01:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MotioninJoy
[2010/04/12 23:18:06 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\Documents\EA Games
[2010/04/11 21:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dofus 2
[2010/04/11 20:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/04/11 01:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ijji
[2010/04/10 23:35:33 | 000,000,000 | ---D | C] -- C:\Games
[2010/04/10 07:20:59 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\Documents\Dragonica
[2010/04/10 07:17:24 | 000,000,000 | ---D | C] -- C:\Users\Gravespit\AppData\Roaming\DragonicaSCB
[2010/04/10 06:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IAHGames
[2010/04/10 05:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outspark
[2010/04/10 05:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elf Online
[2010/04/10 04:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illutia
[2009/06/03 16:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/09 20:44:03 | 007,077,888 | -HS- | M] () -- C:\Users\Gravespit\ntuser.dat
[2010/05/09 20:35:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Gravespit\Desktop\OTL.exe
[2010/05/09 00:51:27 | 000,000,747 | ---- | M] () -- C:\Windows\win.ini
[2010/05/08 18:04:20 | 000,026,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/08 18:04:20 | 000,026,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/08 17:58:02 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2010/05/08 17:58:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/08 17:57:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/08 17:57:45 | 1608,527,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 16:31:58 | 000,003,630 | ---- | M] () -- C:\Users\Gravespit\Desktop\Attach.rar
[2010/05/06 16:28:13 | 000,525,824 | ---- | M] () -- C:\Users\Gravespit\Desktop\dds.scr
[2010/05/06 16:15:50 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/05/06 16:15:50 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/05/06 16:15:50 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/05/06 16:15:03 | 001,891,836 | -H-- | M] () -- C:\Users\Gravespit\AppData\Local\IconCache.db
[2010/05/06 00:20:30 | 000,057,952 | ---- | M] () -- C:\Users\Gravespit\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/04 15:04:10 | 000,024,552 | ---- | M] () -- C:\Users\Gravespit\Desktop\images.jpg
[2010/05/03 03:31:18 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2010/05/02 22:03:25 | 000,374,759 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/05/02 22:00:01 | 000,002,097 | ---- | M] () -- C:\Users\Gravespit\Desktop\HijackThis.lnk
[2010/05/02 19:45:18 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/05/02 12:22:37 | 000,002,037 | ---- | M] () -- C:\Users\Gravespit\Desktop\Warcraft II.lnk
[2010/05/02 12:22:33 | 000,002,065 | ---- | M] () -- C:\Users\Gravespit\Desktop\Warcraft.lnk
[2010/05/02 11:15:54 | 000,002,496 | ---- | M] () -- C:\Windows\SysWow64\settings.aaw
[2010/05/02 11:15:54 | 000,000,976 | ---- | M] () -- C:\Windows\SysWow64\history.aaw
[2010/05/02 11:15:38 | 000,524,288 | -HS- | M] () -- C:\Users\Gravespit\ntuser.dat{a4709822-5593-11df-91e6-001aa0c17f06}.TMContainer00000000000000000002.regtrans-ms
[2010/05/02 11:15:38 | 000,524,288 | -HS- | M] () -- C:\Users\Gravespit\ntuser.dat{a4709822-5593-11df-91e6-001aa0c17f06}.TMContainer00000000000000000001.regtrans-ms
[2010/05/02 11:15:38 | 000,065,536 | -HS- | M] () -- C:\Users\Gravespit\ntuser.dat{a4709822-5593-11df-91e6-001aa0c17f06}.TM.blf
[2010/05/02 11:05:36 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll
[2010/05/02 10:51:34 | 000,001,083 | ---- | M] () -- C:\Users\Gravespit\Desktop\IconsExtract.lnk
[2010/05/02 10:51:19 | 000,039,424 | ---- | M] (NirSoft) -- C:\Windows\zipinst.exe
[2010/05/02 10:24:58 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2010/05/01 18:43:04 | 003,119,440 | ---- | M] (ESET) -- C:\Users\Gravespit\Desktop\SysInspector 64-bit.exe
[2010/05/01 17:20:35 | 000,275,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/01 09:59:39 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/04/30 22:27:32 | 000,000,021 | ---- | M] () -- C:\Windows\COMPASS.INI
[2010/04/29 16:12:33 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 6.lnk
[2010/04/27 03:56:52 | 000,214,488 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/04/27 03:56:52 | 000,214,488 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/04/26 15:46:44 | 000,001,156 | ---- | M] () -- C:\Users\Gravespit\Desktop\Artifact.lnk
[2010/04/26 10:40:34 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010/04/26 10:31:47 | 606,124,944 | ---- | M] () -- C:\Users\Gravespit\War_Rock_20100331.exe
[2010/04/26 10:18:30 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/04/20 07:25:54 | 000,001,604 | ---- | M] () -- C:\Users\Gravespit\Desktop\Atlantica Online.lnk
[2010/04/20 07:23:38 | 000,000,008 | ---- | M] () -- C:\Users\Gravespit\AppData\Roaming\DofusAppId0_2
[2010/04/20 07:18:17 | 000,000,177 | ---- | M] () -- C:\Users\Gravespit\AppData\Roaming\D2Info0
[2010/04/17 04:54:47 | 001,273,140 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/17 04:54:47 | 000,623,890 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/17 04:54:47 | 000,441,722 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2010/04/17 04:54:47 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/17 04:54:47 | 000,083,626 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2010/04/12 03:04:39 | 000,001,683 | ---- | M] () -- C:\Users\Gravespit\Desktop\La Tale.lnk
[2010/04/10 00:45:50 | 000,014,379 | ---- | M] () -- C:\Users\Gravespit\Desktop\WK Priest.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/06 16:31:58 | 000,003,630 | ---- | C] () -- C:\Users\Gravespit\Desktop\Attach.rar
[2010/05/06 16:22:52 | 000,525,824 | ---- | C] () -- C:\Users\Gravespit\Desktop\dds.scr
[2010/05/04 14:56:46 | 000,024,552 | ---- | C] () -- C:\Users\Gravespit\Desktop\images.jpg
[2010/05/03 03:31:18 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2010/05/02 22:00:01 | 000,002,097 | ---- | C] () -- C:\Users\Gravespit\Desktop\HijackThis.lnk
[2010/05/02 19:45:12 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/05/02 19:45:10 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/05/02 19:17:05 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/05/02 19:17:03 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/05/02 12:21:00 | 000,002,037 | ---- | C] () -- C:\Users\Gravespit\Desktop\Warcraft II.lnk
[2010/05/02 12:10:59 | 000,002,065 | ---- | C] () -- C:\Users\Gravespit\Desktop\Warcraft.lnk
[2010/05/02 11:05:36 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2010/05/02 10:51:34 | 000,001,083 | ---- | C] () -- C:\Users\Gravespit\Desktop\IconsExtract.lnk
[2010/05/02 10:24:58 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2010/05/01 22:49:38 | 000,524,288 | -HS- | C] () -- C:\Users\Gravespit\ntuser.dat{a4709822-5593-11df-91e6-001aa0c17f06}.TMContainer00000000000000000002.regtrans-ms
[2010/05/01 22:49:38 | 000,524,288 | -HS- | C] () -- C:\Users\Gravespit\ntuser.dat{a4709822-5593-11df-91e6-001aa0c17f06}.TMContainer00000000000000000001.regtrans-ms
[2010/05/01 22:49:38 | 000,065,536 | -HS- | C] () -- C:\Users\Gravespit\ntuser.dat{a4709822-5593-11df-91e6-001aa0c17f06}.TM.blf
[2010/05/01 09:59:39 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/04/29 16:12:33 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 6.lnk
[2010/04/28 17:12:45 | 000,002,007 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
[2010/04/26 16:58:42 | 000,000,021 | ---- | C] () -- C:\Windows\COMPASS.INI
[2010/04/26 15:46:44 | 000,001,156 | ---- | C] () -- C:\Users\Gravespit\Desktop\Artifact.lnk
[2010/04/26 10:40:34 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010/04/26 10:26:04 | 606,124,944 | ---- | C] () -- C:\Users\Gravespit\War_Rock_20100331.exe
[2010/04/26 10:18:30 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/04/20 07:25:54 | 000,001,604 | ---- | C] () -- C:\Users\Gravespit\Desktop\Atlantica Online.lnk
[2010/04/20 07:18:17 | 000,000,177 | ---- | C] () -- C:\Users\Gravespit\AppData\Roaming\D2Info0
[2010/04/20 07:18:17 | 000,000,008 | ---- | C] () -- C:\Users\Gravespit\AppData\Roaming\DofusAppId0_2
[2010/04/17 04:54:45 | 001,273,140 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/10 23:35:54 | 000,001,683 | ---- | C] () -- C:\Users\Gravespit\Desktop\La Tale.lnk
[2010/04/10 05:54:05 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/04/10 05:54:05 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/04/09 02:00:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/03/30 21:06:51 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2010/03/30 21:06:51 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2010/03/30 21:06:51 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2010/03/08 02:13:21 | 000,000,291 | ---- | C] () -- C:\Windows\vtmb.ini
[2010/01/14 05:47:45 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/01/14 05:47:45 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/03 17:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/06/03 17:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/06/03 16:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/05/27 05:48:08 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2009/05/26 14:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[1997/09/20 09:25:00 | 000,001,945 | ---- | C] () -- C:\Windows\winnmd.sys

========== LOP Check ==========

[2010/05/03 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\2D6287441925A2F00056D280B060C4AA
[2010/04/20 07:18:21 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\app
[2010/03/14 21:43:03 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Bioshock2
[2010/01/14 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\DAEMON Tools Lite
[2010/05/09 20:40:42 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\DNA
[2010/04/20 07:19:17 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Dofus 2
[2010/04/20 07:18:18 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/10 07:17:24 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\DragonicaSCB
[2010/05/03 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\ESET
[2010/04/13 05:58:59 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\ijjigame
[2010/04/07 05:49:15 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\iLike
[2010/01/14 18:52:38 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\ImgBurn
[2010/05/02 11:05:32 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\iolo
[2010/01/19 08:40:01 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Leadertech
[2010/05/01 12:20:33 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/04/13 03:43:46 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\MotioninJoy
[2010/03/30 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\PowerUp Software
[2010/04/20 07:18:21 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/13 03:12:07 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Secret of the Solstice
[2010/04/28 21:24:22 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Silverlode Interactive
[2010/04/02 00:54:04 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\TuneUp Software
[2010/05/07 19:05:16 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\uTorrent
[2009/07/14 01:08:49 | 000,031,350 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/05/03 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\2D6287441925A2F00056D280B060C4AA
[2010/02/06 05:53:37 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\AccurateRip
[2010/04/11 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Adobe
[2010/04/20 07:18:21 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\app
[2010/03/14 21:43:03 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Bioshock2
[2010/02/22 18:20:02 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Creative
[2010/01/14 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\DAEMON Tools Lite
[2010/05/09 20:40:42 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\DNA
[2010/04/20 07:19:17 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Dofus 2
[2010/04/20 07:18:18 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/10 07:17:24 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\DragonicaSCB
[2010/02/11 18:35:14 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\DVD Flick
[2010/05/03 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\ESET
[2010/01/13 18:20:26 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Identities
[2010/04/13 05:58:59 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\ijjigame
[2010/04/07 05:49:15 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\iLike
[2010/01/14 18:52:38 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\ImgBurn
[2010/03/25 23:31:52 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\InstallShield
[2010/05/02 11:05:32 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\iolo
[2010/01/19 08:40:01 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Leadertech
[2010/01/19 08:40:05 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Logitech
[2010/05/01 12:20:33 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/01/14 05:42:22 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Macromedia
[2009/07/14 03:45:14 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Media Center Programs
[2010/04/15 03:23:35 | 000,000,000 | --SD | M] -- C:\Users\Gravespit\AppData\Roaming\Microsoft
[2010/04/13 03:43:46 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\MotioninJoy
[2010/01/14 05:42:44 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Mozilla
[2010/05/02 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\PC Tools
[2010/03/30 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\PowerUp Software
[2010/04/20 07:18:21 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/13 03:12:07 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Secret of the Solstice
[2010/04/28 21:24:22 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Silverlode Interactive
[2010/04/02 00:54:04 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\TuneUp Software
[2010/05/07 19:05:16 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\uTorrent
[2010/01/14 07:25:48 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\WinRAR
[2010/01/14 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\Gravespit\AppData\Roaming\Yahoo!

< %APPDATA%\*.exe /s >
[2009/10/15 16:53:46 | 034,101,504 | ---- | M] (PC Tools ) -- C:\Users\Gravespit\AppData\Roaming\sdsetup.exe
[2010/04/13 06:17:42 | 1292,433,312 | ---- | M] () -- C:\Users\Gravespit\AppData\Roaming\ijjigame\U_LUNIA_setup.exe
[2010/04/26 17:06:36 | 019,552,856 | ---- | M] (iolo technologies, LLC ) -- C:\Users\Gravespit\AppData\Roaming\iolo\Installers\SystemMechanic.exe
[2010/04/11 20:59:56 | 000,038,784 | ---- | M] () -- C:\Users\Gravespit\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/02/25 08:50:57 | 000,010,134 | R--- | M] () -- C:\Users\Gravespit\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 264 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\system32\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\system32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >



OTL Extras logfile created on: 5/9/2010 8:36:59 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Gravespit\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 116.22 Gb Free Space | 49.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 374.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRAVESPIT-PC
Current User Name: Gravespit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3705480834-3563326570-2824741144-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{57B012C9-5EAD-441B-9925-6B560B543D87}" = ESET NOD32 Antivirus
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{016B44E3-9B6D-49B8-9CA3-B34B7545CEC1}" = O+
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB03}" = La Tale
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" = Vampire - The Masquerade Bloodlines
"{0C00B30B-7AC7-47D5-A72D-98B9E7B96349}" = S4 League_EU
"{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3E5F43C6-4DF2-49F4-AE2C-0E29CA6B9887}" = iLike Sidebar
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83729FE3-6785-476A-91F1-312D427B4522}" = League of Legends
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD7ED64-30C5-4FDC-8DCF-6FAFA518BD1F}" = MyLife Notebook Webcam
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDB32FFB-FC1C-414B-BF8E-4645217E9AF2}" = League of Legends
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Active@ KillDisk FREE Suite" = Active@ KillDisk FREE Suite
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"Artifact_is1" = Artifact 2
"ASIO4ALL" = ASIO4ALL
"Atlantica Online" = Atlantica Online
"AudioCS" = Creative Audio Control Panel
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"D-Fend Reloaded" = D-Fend Reloaded 0.9.3 (deinstall)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"EarMaster School 5_is1" = EarMaster School 5
"FL Studio 9" = FL Studio 9
"Fraps" = Fraps (remove only)
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GamersFirst War Rock" = War Rock
"GuitarFX 3" = GuitarFX 3
"HijackThis" = HijackThis 2.0.2
"IconsExtract" = IconsExtract
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.1
"Sakura" = Sakura
"Sawer" = Sawer
"SFBM" = SoundFont Bank Manager
"Spyware Doctor" = Spyware Doctor 7.0
"Toxic Biohazard" = Toxic Biohazard
"UT2004" = Unreal Tournament 2004
"uTorrent" = µTorrent
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3705480834-3563326570-2824741144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/3/2010 12:38:10 PM | Computer Name = Gravespit-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pctsSvc.exe, version: 7.0.0.105, time stamp:
0x4b9d9059 Faulting module name: rtl100.bpl, version: 11.0.2902.10471, time stamp:
0x475fc385 Exception code: 0xc0000005 Fault offset: 0x0000ebe5 Faulting process id:
0x944 Faulting application start time: 0x01caead7a3a44340 Faulting application path:
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe Faulting module path: C:\Program
Files (x86)\Spyware Doctor\rtl100.bpl Report Id: 420113e0-56d2-11df-9f1c-001aa0c17f06

Error - 5/3/2010 12:41:26 PM | Computer Name = Gravespit-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: smum32.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4b85aea8 Exception code: 0xc0000005 Fault offset: 0x6e999aa0 Faulting process
id: 0x5bc Faulting application start time: 0x01caead7a1b11e00 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: smum32.dll Report Id:
b69262e0-56d2-11df-9f1c-001aa0c17f06

Error - 5/3/2010 7:21:14 PM | Computer Name = Gravespit-PC | Source = Application Error | ID = 1000
Description = Faulting application name: YahooMessenger.exe, version: 10.0.0.1258,
time stamp: 0x4ba415d4 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927,
time stamp: 0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00008aa0 Faulting
process id: 0x7b8 Faulting application start time: 0x01caeae22ea39f40 Faulting application
path: C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe Faulting module
path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: 90a852a0-570a-11df-904a-001aa0c17f06

Error - 5/4/2010 4:02:54 AM | Computer Name = Gravespit-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/4/2010 4:06:46 AM | Computer Name = Gravespit-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/7/2010 1:20:25 AM | Computer Name = Gravespit-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/7/2010 1:24:28 AM | Computer Name = Gravespit-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/7/2010 6:58:24 PM | Computer Name = Gravespit-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3743 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1134 Start
Time: 01caee2ccfa5c600 Termination Time: 18 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 07aaa911-5a2c-11df-9424-001aa0c17f06

Error - 5/9/2010 1:21:32 AM | Computer Name = Gravespit-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/9/2010 1:25:15 AM | Computer Name = Gravespit-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 5/3/2010 2:05:49 PM | Computer Name = Gravespit-PC | Source = Service Control Manager | ID = 7000
Description = The Ad-Watch Registry Kernel Filter service failed to start due to
the following error: %%1275

Error - 5/3/2010 2:05:50 PM | Computer Name = Gravespit-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\NSDriver.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 5/3/2010 2:05:50 PM | Computer Name = Gravespit-PC | Source = Service Control Manager | ID = 7000
Description = The Ad-Watch Connect Kernel Filter service failed to start due to
the following error: %%1275

Error - 5/3/2010 2:05:50 PM | Computer Name = Gravespit-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\NSDriver.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 5/3/2010 2:05:50 PM | Computer Name = Gravespit-PC | Source = Service Control Manager | ID = 7000
Description = The Ad-Watch Connect Kernel Filter service failed to start due to
the following error: %%1275

Error - 5/5/2010 6:28:52 AM | Computer Name = Gravespit-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 5/6/2010 4:16:12 PM | Computer Name = Gravespit-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:15:27 PM on ?5/?6/?2010 was unexpected.

Error - 5/6/2010 4:17:08 PM | Computer Name = Gravespit-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/8/2010 5:57:48 PM | Computer Name = Gravespit-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:30:03 PM on ?5/?8/?2010 was unexpected.

Error - 5/8/2010 5:58:42 PM | Computer Name = Gravespit-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >










#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 09 May 2010 - 09:44 PM

Hello,

Mbr rootkit infection in a 64 bit OS are very unlikely but certainly possible. It may be a false alarm.....

==========

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

QUOTE
To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


==========

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy

==========

excl.gif P2P Warning excl.gif

Your log indicates that you have uTorrent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

Download Sophos Anti-rootkit & save it to your desktop.
Be sure to read the Sophos Anti-Rookit User Manual. A copy of this manual sarman.pdf can also be found inside the program folder after installation.
  • Double-click sarsfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click "Start scan".
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will be done when you restart your computer. Click "Restart Now".
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Note: If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted, including temporary files being deleted automatically.

==========

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    IE - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKU\S-1-5-21-3705480834-3563326570-2824741144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    O1 - Hosts: 68.178.151.28 view.atdmt.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O32 - AutoRun File - [2006/02/21 22:01:40 | 001,081,344 | R--- | M] () - F:\AutoPlay.exe -- [ CDFS ]
    O32 - AutoRun File - [2006/02/21 22:03:50 | 000,002,182 | R--- | M] () - F:\autoplay.ini -- [ CDFS ]
    O32 - AutoRun File - [2006/03/01 15:19:08 | 000,000,954 | R--- | M] () - F:\AutoPlay.ucs -- [ CDFS ]
    O32 - AutoRun File - [2006/02/16 13:22:34 | 000,576,056 | R--- | M] () - F:\AutoRun.bmp -- [ CDFS ]
    O32 - AutoRun File - [2005/12/14 15:51:16 | 000,000,049 | R--- | M] () - F:\AutoRun.inf -- [ CDFS ]
    O33 - MountPoints2\{4b87b6a7-26e3-11df-b11f-001aa0c17f06}\Shell - "" = AutoRun
    O33 - MountPoints2\{4b87b6a7-26e3-11df-b11f-001aa0c17f06}\Shell\AutoRun\command - "" = D:\Support\AutoRun\AutoRun.exe -- File not found
    O33 - MountPoints2\{fa429b6b-0090-11df-8a6b-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{fa429b6b-0090-11df-8a6b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoPlay.exe -- [2006/02/21 22:01:40 | 001,081,344 | R--- | M] ()
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    @Alternate Data Stream - 264 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
    @Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
    @Alternate Data Stream - 128 bytes -> C:\Windows\system32\zlib.dll:SummaryInformation
    @Alternate Data Stream - 128 bytes -> C:\Windows\system32\zlib.dll:DocumentSummaryInformation
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

With your next post please provide:

* MBAM log
* Sarscan log
* OTL fix log
* What problems remain? Still get the PCTools warning? How about the ESET Mebroot warning?

Kind regards,
~t


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 Gravespit

Gravespit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 11 May 2010 - 05:24 PM

Very impressive, first of all. Thank you.

I'm sorry I've lost my OTL log...it seemed to have got the job done though. The only problem was that on reboot my computer tried to run the Soundmax (I don't remember exactly what it was called) program and couldn't find it because you had it removed I think. I then ran Spyware Doctor to see if the problem was still there, like you asked....and it found 4 problems with the registry including the soundmax thing and repaired them. Just blank registry entries from what you had removed I suppose. Sorry if I wasn't supposed to do that.

So now icq,rambler is gone, everything is running very well, BUT Nod32 does still detects the MBR infection, which as you said I think may be false but I would have no idea of knowing.

Here are the other 2 logs you requested.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4090

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/11/2010 4:51:56 PM
mbam-log-2010-05-11 (16-51-56).txt

Scan type: Quick scan
Objects scanned: 117227
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cqtyglfi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Gravespit\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.



Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 5/11/2010 at 16:38:24 PM
User "Gravespit" on computer "GRAVESPIT-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 WOW64
Info: Starting registry scan.
Stopped logging on 5/11/2010 at 16:40:03 PM


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 5/11/2010 at 16:58:03 PM
User "Gravespit" on computer "GRAVESPIT-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Gravespit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PB5H8WA4\uTgAC6nJ%2FB%3Da5JeSGKImoM-%2FJ%3D1273542968777909%2FK%3DwVTBohrWcQZf_1yjYQwNqw%2FA%3D5758436%2FR%3D0%2F%2A%24,http%3A%2F%2Fe.yimg.com%2Fii%2Fslap_proxy_1[1].htm
Hidden: file C:\Users\Gravespit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQUI7K4C\TqEACeAf%2FB%3DEEMcR2KImnM-%2FJ%3D1273515681662950%2FK%3DjGF8BwKoxgl1KJrxA1DSOA%2FA%3D5758436%2FR%3D0%2F%2A%24,http%3A%2F%2Fe.yimg.com%2Fii%2Fslap_proxy_1[1].htm
Hidden: file C:\Users\Gravespit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PB5H8WA4\A%3D5756474%2FR%3D0%2F%2A%24,http%3A%2F%2Fchat.yahoo.com%2Fc%2Fadmsg[1].html%3Fspaceid%3D1635848695%26adpos%3Dn%26intl%3Dus%26ts%3D1273543047665,;ord=1273543041
Hidden: file C:\Users\Gravespit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PB5H8WA4\eBgACRJz%2FB%3Dt25MQGKIml0-%2FJ%3D1273264152640139%2FK%3D6R0rssekn7dI.QbXjYDhZA%2FA%3D5758436%2FR%3D0%2F%2A%24,http%3A%2F%2Fe.yimg.com%2Fii%2Fslap_proxy_1[1].htm
Stopped logging on 5/11/2010 at 17:58:44 PM



#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 11 May 2010 - 08:23 PM

Yikes!!

A first time for everything! TDSS rootkit in a 64 bit OS. Not a typical situation.

Windows7

First, you must verify that you can access the Windows7 Recovery Environment.
To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.
If the option 'Repair your computer' is available, select it.

If not available, you will need to insert your Windows7 installation dvd and restart, then press any key when prompted to boot from the cd.
At the Install Windows screen, select Repair your computer. (image below)



Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Environment.
Once you get to the System Recovery Options screen, first take note of the drive letter assigned to the operating system, then select Command Prompt.



Type the following bolded command at the x:\sources> prompt (or x:\windows\system32>) then hit Enter.

cd /d x:\windows <--- the red x represents your operating system drive letter, as shown in the image below




At the D:\Windows> prompt type the following command then hit Enter

look.bat

You will see many files copied then return to the x:\windows> prompt.
Type Exit then restart your computer and logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.

==========

Open MBAM, update it, then re-run it and post another log.

==========

With your next post please provide:

* Looklog.txt
* MBAM log
* What problems persist?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 Gravespit

Gravespit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 11 May 2010 - 09:02 PM

Nod32 still shows the mbr infection.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4090

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/11/2010 10:07:25 PM
mbam-log-2010-05-11 (22-07-25).txt

Scan type: Quick scan
Objects scanned: 116914
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Run from C:\Users\Gravespit\Desktop\maxlook.exe on Tue 05/11/2010 at 22:01:49.35

No infected file found

AWRTPD.sys has gone missing!
AWRTRD.sys has gone missing!
mbamswissarmy.sys has gone missing!
NSDriver.sys has gone missing!

Edited by Gravespit, 11 May 2010 - 09:13 PM.


#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 11 May 2010 - 09:16 PM

It went very right! cool.gif


  • Press
  • Copy and paste the green bolded in the search box and press enter.
    maxlook -sig
  • Post the resultant log.
Please note you must have an active internet connection for this to work

==========

Kind regards,
~t


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 Gravespit

Gravespit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 11 May 2010 - 09:41 PM

CODE
Run from C:\Users\Gravespit\Desktop\maxlook.exe on Tue 05/11/2010 at 22:40:50.25

--------- maxlook unsigned files ---------

No matching files were found.


--------- system32\drivers unsigned files ---------

No matching files were found.



AWRTPD.sys has gone missing!


AWRTRD.sys has gone missing!


mbamswissarmy.sys has gone missing!


NSDriver.sys has gone missing!




Sorry, you didn't tell me to do this but Nod32 shows 3 infections, 0 cleansed.

Scan Log
Version of virus signature database: 5106 (20100511)
Date: 5/11/2010 Time: 10:46:21 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
MBR sector of the 1. physical disk - Win32/Mebroot.mbr trojan - action selection postponed until scan completion
Number of threats found: 3
Number of cleaned objects: 0

Edited by Gravespit, 12 May 2010 - 03:28 AM.


#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 12 May 2010 - 08:50 PM

Hi,

The Maxlook scan is clean.

This might be a false alarm.
QUOTE
MBR sector of the 1. physical disk - Win32/Mebroot.mbr trojan


This might be in the inactive Sector. The bootable sector is typically 0. See here for more info.
http://74.86.201.210/showpost.php?p=1435750&postcount=6

One of the problems we face is thet applications that will readily detect a Mbr rootkit (Mbr.exe and Gmer.exe) are incompatibly with a 64 bit OS. So it is very difficult to determine if the actual boot sector is infected.

I have given it quite a bit of thought and I think the safest alternative is to fix the Mbr as if it truly is infected!

==========
  • Re-boot into the Windows 7 Recovery Environment by way of the "F8/Repair your computer" method
  • Select your Windows 7 OS and press "Next"
  • Select "Command Prompt"
  • Type bootrec.exe /fixmbr and press Enter

==========

Boot into normal Windows and run Nod32 and post the log detections.

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 Gravespit

Gravespit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 13 May 2010 - 12:57 AM

It detects nothing now. You're a wizard man, masterful work. thumbup2.gif

*EDIT* Whoops! I didn't full scan...It generally detects this particular virus on it's start-up scan, but as of 1:04pm today it's just detected it again. That's fine thought I'm sure it leads you to your next conclusion...this is fun :D Interesting note, don't know if it means anything, but sometimes it detects it in under my PC-User name, sometimes that area is blank. Don't know if that has any relevance.

Edited by Gravespit, 13 May 2010 - 12:09 PM.


#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 13 May 2010 - 12:59 PM

Well done. thumbup2.gif

Yes. I am thinking false alarm now. I really would like you to export the most recent detection to text and post it.

==========

Also please clarify this.
QUOTE
Interesting note, don't know if it means anything, but sometimes it detects it in under my PC-User name, sometimes that area is blank.

I am not sure what you mean.

==========

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

==========

With your next post please provide:

* Nod log
* Clarification
* ESET log
* What problems remain?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users