Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect randomness.


  • This topic is locked This topic is locked
13 replies to this topic

#1 NegSeven

NegSeven

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 30 September 2010 - 06:51 PM

Im new here so first I'd like to say Hi, and Thank you all. You've solved so many of my problem long before I've ever had to post.

But here we go. 3 Desktops, 2 laptops. All with the same problem.

Main PC is this one, the one I'll be posting everything from. I've tried 5 different web browsers and they all get the same redirects to 77.78.201.155, dont go there btw or other such random IP sites. Its a fake virus scan that tries to get you to DL an INST.EXE, I had it scanned with 8 separate viruses.

None of my computers have been crazy enough to DL it, furthermore all of my PCs have different uses/users. Rarely do we cross the same webpage, we share a network but none use network sharing, the most you can do is see the PCs, zero access. All running up to date antivirus, firewall, registry cleaners. Malwarebytes finds nothing, Avast! finds nothing, ASO finds nothing, ESET online scan finds nothing.

I did find alittle info about it tho. http://blog.lionic.com/index.php?op=ViewAr...29&blogId=1

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:48:58 PM, on 9/30/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Advanced System Optimizer 3\systemprotector.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Flock\flock.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kravex\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFF323F6-16C8-440A-9346-4E43C50BA151}: NameServer = 213.109.65.137,213.109.72.205,1.1.1.1
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DESKTO~1.DLL
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASO3DiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5644 bytes

Again, thank you. If there's anything else you need please feel free to ask.

Sorry for being in the wrong spot, thank you for the move.

Edited by NegSeven, 30 September 2010 - 07:45 PM.
Moved from AII ~BP


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 PM

Posted 05 October 2010 - 06:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 NegSeven

NegSeven
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 05 October 2010 - 12:39 PM

It's been random, but since posting here the problem seems to have gone away, usually it was 2-3 times a day, at random, any web page would redirect to the fake virus scan. I've scanned with every application i have. Never found the cause. Afew days after my post here it's stopped all together.

Of coarse that isnt to say it wont start again. It's been totally random.

OTL logfile created on: 10/5/2010 10:28:38 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kravex\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 728.19 Gb Free Space | 78.17% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 68.11 Gb Free Space | 29.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRAVEX-PC
Current User Name: Kravex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 10:27:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kravex\Downloads\OTL.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/16 13:29:42 | 001,594,880 | ---- | M] (EVEMon Development Team) -- C:\Program Files\EVEMon\EVEMon.exe
PRC - [2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/07/09 12:04:34 | 003,493,776 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe
PRC - [2010/06/28 13:34:17 | 000,116,024 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/04/25 19:54:24 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/09/07 14:54:54 | 000,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2007/08/26 22:10:20 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/02 10:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe
PRC - [2007/05/07 14:35:14 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 14:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 10:27:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kravex\Downloads\OTL.exe
MOD - [2010/07/09 12:04:44 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_43094.dll
MOD - [2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2008/04/30 15:28:16 | 000,087,320 | ---- | M] (Stardock) -- C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
MOD - [2007/04/24 13:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2003/02/20 20:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSVCR71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (npggsvc)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/29 09:43:56 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/09 13:57:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/25 13:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/02 10:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kravex\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 01:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/05/06 02:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/04 20:56:02 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/04 18:30:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/04 18:30:04 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/28 12:50:13 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/12/21 19:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/21 19:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/18 17:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/11/16 02:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/09/23 08:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:42 | 000,465,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/04 09:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008/02/28 12:26:22 | 000,016,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/10/11 18:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/08/28 01:46:38 | 001,951,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/02 16:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/01/02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
IE - HKU\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-306871448-3932488730-429602202-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-306871448-3932488730-429602202-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2010/09/30 15:17:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/09/30 15:17:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/09/30 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Kravex\AppData\Roaming\Mozilla\Extensions
[2010/09/30 15:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kravex\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/09/30 14:53:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/30 11:30:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/30 11:29:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/12/01 09:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKU\S-1-5-21-306871448-3932488730-429602202-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-306871448-3932488730-429602202-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Kravex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\Kravex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-306871448-3932488730-429602202-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.137 213.109.72.205 1.1.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Kravex\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kravex\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk - C:\PROGRA~1\DYNDNS~1\DynTray.exe - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Macro Express Pro.lnk.disabled - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Macro Express Pro.lnk.disabled - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe - ()
MsConfig - StartUpFolder: C:^Users^Kravex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip - C:\Users\Kravex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip - File not found
MsConfig - StartUpFolder: C:^Users^Kravex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AxonAutoStart - hkey= - key= - C:\Program Files\DolbyAxon\Axon.exe (Dolby Laboratories)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: ddoctorv2 - hkey= - key= - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe File not found
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: ISTray - hkey= - key= - C:\Program Files\Spyware Doctor\pctsTray.exe File not found
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MsConfig - StartUpReg: PlayNC Launcher - hkey= - key= - C:\Program Files\NCSoft\Launcher\NCLauncher.exe (NCSoft)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Transcode360 - hkey= - key= - C:\Program Files\Transcode360\Transcode360Tray.exe File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/01 21:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/10/01 21:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2010/10/01 21:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/10/01 20:54:11 | 000,000,000 | ---D | C] -- C:\Users\Kravex\Documents\Vindictus
[2010/10/01 20:53:28 | 000,000,000 | ---D | C] -- Profiles\All Users\Application Data\PMB Files
[2010/09/30 15:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/09/30 15:35:32 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/09/30 15:33:55 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/09/30 15:33:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/09/30 15:33:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/09/30 15:33:54 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/09/30 15:33:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/09/30 15:33:46 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/09/30 15:33:46 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/09/30 15:33:46 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/09/30 15:33:46 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/09/30 15:33:46 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/09/30 15:33:46 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/09/30 15:33:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/09/30 15:33:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/09/30 15:17:33 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\Flock
[2010/09/30 15:17:33 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Local\Flock
[2010/09/30 15:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Flock
[2010/09/30 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\Lunascape
[2010/09/30 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/09/30 11:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/09/30 11:30:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/30 11:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/30 11:30:12 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/09/30 11:30:12 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/30 11:30:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/30 11:30:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/30 09:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Zoom Player
[2010/09/30 08:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/09/30 08:22:01 | 000,000,000 | ---D | C] -- C:\Users\Kravex\Documents\Systweak
[2010/09/30 08:21:09 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2010/09/29 17:55:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/09/29 15:49:40 | 000,016,184 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\ROBoot.exe
[2010/09/29 15:49:14 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/29 15:49:14 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/29 15:49:13 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/29 15:49:12 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/29 15:49:02 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/29 15:47:31 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/29 15:47:31 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/29 15:34:05 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/09/29 15:34:05 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/09/29 15:34:05 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/09/29 15:30:03 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\Systweak
[2010/09/29 15:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/09/29 15:23:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/29 15:23:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/09/29 15:23:05 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/09/29 15:23:05 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/09/29 15:23:02 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/09/29 15:23:01 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/09/29 15:22:48 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/09/29 15:22:48 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/09/29 15:22:40 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/09/29 15:22:39 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/09/29 15:22:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/09/29 15:22:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/09/29 15:22:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/09/29 15:22:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/09/29 15:22:38 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/09/29 15:22:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/09/29 15:22:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/09/29 15:22:35 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/09/29 15:21:45 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/09/29 15:21:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/09/29 15:21:36 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/09/29 15:14:50 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/09/29 15:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/09/29 14:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2010/09/29 14:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010/09/29 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\BitDefender
[2010/09/29 13:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\6e60000-562a-49bb-ad09-1cbf7da9e1be
[2010/09/29 13:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\8b9f0000-ceb2-4929-ae60-995ee1c77085
[2010/09/29 13:15:23 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\QuickScan
[2010/09/29 13:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/09/19 14:48:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/19 14:47:07 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Local\temp
[2010/09/19 14:34:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/19 14:34:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/19 14:34:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/19 14:34:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/19 14:27:51 | 000,069,632 | ---- | C] (Auto Debug System) -- C:\Users\Kravex\Desktop\KillProcess.exe
[2010/09/19 14:23:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/19 14:23:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/19 14:23:22 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/19 12:06:23 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\Malwarebytes
[2010/09/19 10:33:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/19 10:33:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/19 10:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/19 10:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/18 15:34:39 | 000,000,000 | ---D | C] -- C:\Users\Kravex\Documents\Insight Software
[2010/09/18 15:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Macro Express Pro
[2010/09/15 20:53:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Insight Software Solutions
[2010/09/15 20:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Insight Software Solutions
[2010/09/15 20:53:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Insight Software
[2010/09/15 20:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Insight Software
[2010/09/14 09:21:34 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\ImgBurn
[2010/09/14 09:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/09/10 17:26:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/09/10 17:26:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/09/10 17:26:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/09/10 17:26:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/09/10 17:26:27 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/09/10 17:26:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/09/10 17:26:27 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/09/10 17:26:26 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010/09/10 17:26:26 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010/09/10 17:26:26 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/09/10 17:26:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010/09/10 17:26:26 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/09/10 17:26:25 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010/09/10 17:26:25 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010/09/10 17:26:25 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/09/10 17:26:25 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/09/10 17:26:24 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/09/10 17:26:24 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/09/10 17:26:24 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/09/10 17:26:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/09/10 17:26:24 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/09/10 17:26:24 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/09/10 17:26:24 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/09/10 17:26:24 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/09/10 17:26:23 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010/09/10 17:26:23 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010/09/10 17:26:23 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010/09/10 17:26:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010/09/10 17:26:23 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010/09/10 17:26:23 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010/09/10 17:26:22 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010/09/10 17:26:21 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010/09/10 17:26:21 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010/09/10 17:26:21 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010/09/10 17:26:21 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010/09/10 17:26:21 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010/09/10 17:26:20 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010/09/10 17:26:20 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010/09/10 17:26:20 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010/09/10 17:26:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010/09/10 17:26:20 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010/09/10 17:26:19 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/09/10 17:26:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010/09/10 17:26:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010/09/10 17:26:19 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010/09/10 17:26:18 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/09/10 17:26:18 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010/09/10 17:26:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010/09/10 17:26:18 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010/09/10 17:26:18 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010/09/10 17:26:18 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010/09/10 17:26:18 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010/09/10 17:26:17 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/09/10 17:26:17 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010/09/10 17:26:17 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010/09/10 17:26:17 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010/09/10 17:26:17 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010/09/10 17:26:16 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010/09/10 17:26:15 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010/09/10 17:26:15 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010/09/10 17:26:14 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010/09/10 17:26:14 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010/09/10 17:26:14 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010/09/10 17:26:13 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010/09/10 17:26:13 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010/09/10 17:26:13 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010/09/10 17:26:06 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/09/10 17:26:05 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010/09/10 17:26:05 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010/09/10 17:26:04 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010/09/10 17:26:02 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010/09/10 17:26:02 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010/09/10 17:26:01 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010/09/10 17:26:00 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010/09/10 17:26:00 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010/09/06 13:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2010/09/06 11:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/05 10:30:17 | 007,864,320 | ---- | M] () -- C:\Users\Kravex\NTUSER.DAT
[2010/10/05 09:28:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/05 09:28:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/05 09:28:15 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 23:47:09 | 002,782,130 | -H-- | M] () -- C:\Users\Kravex\AppData\Local\IconCache.db
[2010/10/02 06:37:38 | 000,006,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 06:37:38 | 000,006,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 21:45:53 | 000,000,207 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus.url
[2010/10/01 06:55:07 | 002,862,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/01 06:55:07 | 000,863,894 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/01 06:55:07 | 000,005,940 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/30 15:17:31 | 000,001,759 | ---- | M] () -- C:\Users\Kravex\Application Data\Microsoft\Internet Explorer\Quick Launch\Flock.lnk
[2010/09/30 15:17:31 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Flock.lnk
[2010/09/30 11:29:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/30 11:29:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/30 11:29:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/30 11:29:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/09/29 22:04:49 | 000,524,288 | -HS- | M] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/09/29 22:04:49 | 000,524,288 | -HS- | M] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/09/29 22:04:49 | 000,065,536 | -HS- | M] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TM.blf
[2010/09/29 17:08:31 | 000,294,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/29 17:06:17 | 000,001,828 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2010/09/29 17:06:07 | 007,864,320 | -HS- | M] () -- C:\Users\Kravex\NTUSER.DAT.bak
[2010/09/29 15:49:02 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/29 13:57:15 | 000,725,427 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2010/09/29 13:42:17 | 000,000,415 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2010/09/24 23:34:13 | 000,223,818 | ---- | M] () -- C:\Users\Kravex\Documents\123-bak000.~mex
[2010/09/24 23:34:13 | 000,223,818 | ---- | M] () -- C:\Users\Kravex\Documents\123.mex
[2010/09/24 23:01:59 | 000,102,043 | ---- | M] () -- C:\Users\Kravex\Documents\123-bak001.~mex
[2010/09/20 09:56:55 | 000,102,043 | ---- | M] () -- C:\Users\Kravex\Documents\123-bak002.~mex
[2010/09/19 14:48:59 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/18 22:38:58 | 000,061,084 | ---- | M] () -- C:\Users\Kravex\Documents\123-bak003.~mex
[2010/09/18 09:52:00 | 000,175,100 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak000.~mex
[2010/09/18 09:52:00 | 000,175,100 | ---- | M] () -- C:\Users\Kravex\Documents\macex.mex
[2010/09/17 23:36:54 | 000,156,300 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak001.~mex
[2010/09/17 09:47:45 | 000,091,398 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak002.~mex
[2010/09/17 08:10:51 | 000,030,985 | ---- | M] () -- C:\Users\Kravex\Documents\EVEMon_Settings_2418.xml.bak
[2010/09/16 23:06:11 | 000,073,675 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak003.~mex
[2010/09/16 05:51:34 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/09/15 23:15:53 | 000,004,640 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak004.~mex
[2010/09/15 23:10:33 | 000,073,902 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak005.~mex
[2010/09/07 16:28:24 | 000,003,584 | ---- | M] () -- C:\Users\Kravex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 08:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/06 17:47:32 | 000,016,184 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\ROBoot.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/01 21:45:53 | 000,000,207 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus.url
[2010/09/30 15:17:31 | 000,001,759 | ---- | C] () -- C:\Users\Kravex\Application Data\Microsoft\Internet Explorer\Quick Launch\Flock.lnk
[2010/09/30 15:17:31 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\Flock.lnk
[2010/09/29 17:11:17 | 000,524,288 | -HS- | C] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/09/29 17:11:17 | 000,524,288 | -HS- | C] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/09/29 17:11:17 | 000,065,536 | -HS- | C] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TM.blf
[2010/09/29 17:06:10 | 000,000,000 | -HS- | C] () -- C:\Users\Kravex\NTUSER.DAT.sav.LOG2
[2010/09/29 17:06:10 | 000,000,000 | -HS- | C] () -- C:\Users\Kravex\NTUSER.DAT.sav.LOG1
[2010/09/29 15:49:40 | 000,001,828 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2010/09/29 13:42:17 | 000,000,415 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2010/09/29 13:15:01 | 000,725,427 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/09/19 14:34:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/19 14:34:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/19 14:34:36 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/18 22:38:58 | 000,223,818 | ---- | C] () -- C:\Users\Kravex\Documents\123-bak000.~mex
[2010/09/18 22:38:58 | 000,102,043 | ---- | C] () -- C:\Users\Kravex\Documents\123-bak002.~mex
[2010/09/18 22:38:58 | 000,102,043 | ---- | C] () -- C:\Users\Kravex\Documents\123-bak001.~mex
[2010/09/18 22:38:58 | 000,061,084 | ---- | C] () -- C:\Users\Kravex\Documents\123-bak003.~mex
[2010/09/18 15:35:12 | 000,223,818 | ---- | C] () -- C:\Users\Kravex\Documents\123.mex
[2010/09/17 08:12:08 | 000,030,985 | ---- | C] () -- C:\Users\Kravex\Documents\EVEMon_Settings_2418.xml.bak
[2010/09/15 23:13:22 | 000,175,100 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak000.~mex
[2010/09/15 23:13:22 | 000,156,300 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak001.~mex
[2010/09/15 23:13:22 | 000,091,398 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak002.~mex
[2010/09/15 23:13:22 | 000,073,902 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak005.~mex
[2010/09/15 23:13:22 | 000,073,675 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak003.~mex
[2010/09/15 23:13:22 | 000,004,640 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak004.~mex
[2010/09/15 20:54:06 | 000,175,100 | ---- | C] () -- C:\Users\Kravex\Documents\macex.mex
[2010/08/04 01:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/07/09 12:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/07/05 09:35:18 | 000,003,584 | ---- | C] () -- C:\Users\Kravex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 08:23:45 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/03/04 18:30:05 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/03/04 18:30:04 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/02/28 12:30:06 | 000,016,456 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/02/28 12:30:04 | 000,011,088 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/02/07 14:31:59 | 000,000,094 | ---- | C] () -- C:\Users\Kravex\AppData\Local\fusioncache.dat
[2010/01/31 17:38:58 | 000,007,605 | ---- | C] () -- C:\Users\Kravex\AppData\Local\Resmon.ResmonCfg
[2009/08/30 08:20:19 | 000,000,608 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/07/06 09:20:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/09 20:04:17 | 000,076,407 | ---- | C] () -- C:\Users\Kravex\AppData\Roaming\Smiley.ico
[2009/03/05 05:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/01/06 12:51:15 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/01/03 08:16:14 | 000,006,327 | ---- | C] () -- C:\Users\Kravex\AppData\Roaming\Cabos.plist
[2008/11/16 07:45:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/08 23:26:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/13 10:06:02 | 000,000,033 | ---- | C] () -- C:\Windows\BPClient.ini
[2008/10/07 07:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 07:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/07 09:01:54 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/08/07 09:01:54 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/08/07 09:01:54 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/04/24 12:53:33 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/04/24 12:53:33 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/03/21 13:30:08 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/21 13:28:54 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/02/28 00:20:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2007/12/19 14:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Program Files\Phyxion.net\Driver Sweeper\Backup\10-02-20-10-53-59\ATI - Display\Directories\ATi\SUPPORT\8-4_vista32_dd_ccc_wdm_enu_61008\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2006/12/28 16:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\Program Files\Phyxion.net\Driver Sweeper\Backup\10-02-20-10-53-59\ATI - Display\Directories\ATi\SUPPORT\8-2_vista32_dd_ccc_wdm_enu_58133\Driver\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2006/12/28 16:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\Program Files\Phyxion.net\Driver Sweeper\Backup\10-02-20-10-53-59\ATI - Display\Directories\ATi\SUPPORT\8-4_vista32_dd_ccc_wdm_enu_61008\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2007/04/16 15:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\ATI\SUPPORT\8-9_vista32_dd_ccc_wdm_enu_68905\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2007/04/16 15:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\Program Files\Phyxion.net\Driver Sweeper\Backup\10-02-20-10-53-59\ATI - Display\Directories\ATi\SUPPORT\8-9_vista32_dd_ccc_wdm_enu_68905\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2007/04/16 15:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\Program Files\Phyxion.net\Driver Sweeper\Backup\10-02-20-10-59-18\ATI - Display\Directories\ATi\SUPPORT\8-9_vista32_dd_ccc_wdm_enu_68905\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2008/05/27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\ATI\SUPPORT\8-9_vista32_dd_ccc_wdm_enu_68905\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008/05/27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Program Files\Phyxion.net\Driver Sweeper\Backup\10-02-20-10-53-59\ATI - Display\Directories\ATi\SUPPORT\8-9_vista32_dd_ccc_wdm_enu_68905\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008/05/27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Program Files\Phyxion.net\Driver Sweeper\Backup\10-02-20-10-59-18\ATI - Display\Directories\ATi\SUPPORT\8-9_vista32_dd_ccc_wdm_enu_68905\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 18:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 18:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/13 18:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
[2009/07/13 18:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\sppcomapi.dll
[2009/07/13 18:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2010/08/04 01:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys

========== Files - Unicode (All) ==========
[2010/10/01 21:49:37 | 000,000,000 | ---D | M](C:\Users\Kravex\Documents\?? ???) -- C:\Users\Kravex\Documents\넥슨 플러그
[2010/10/01 21:49:37 | 000,000,000 | ---D | C](C:\Users\Kravex\Documents\?? ???) -- C:\Users\Kravex\Documents\넥슨 플러그
[2010/09/29 13:57:15 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2010/09/29 13:54:57 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 10/5/2010 10:28:38 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kravex\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 728.19 Gb Free Space | 78.17% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 68.11 Gb Free Space | 29.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRAVEX-PC
Current User Name: Kravex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Classes\<extension>]
.html [@ = FlockHTML] -- C:\Program Files\Flock\flock.exe (Flock, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.2.2.0
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F0A73B4-6187-3CE7-B07A-807BC8F28B4F}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2212E17D-2931-5F26-9213-00EEC82C7EF0}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}" = Acronis Migrate Easy
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B7.0108.01
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{503231D1-3A81-69DC-A95D-5273AB7A1CCC}" = Catalyst Control Center Graphics Previews Vista
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision®
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EA5CBF8-DFF4-5C69-9434-F87F8C21293C}" = Catalyst Control Center Graphics Previews Common
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{958AF490-810C-4D3E-AA82-EBA2CE41DA20}" = Station Launcher for EverQuest II
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1E480F4-805E-AE2D-5F83-FC7618F47046}" = Catalyst Control Center InstallProxy
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4D77A09-10EA-4574-8C09-9B6E1A21C95F}" = Virus Guard - powered by BitDefender
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2.2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B0B921DC-B86A-41FE-BF4C-BC7D3026918B}" = HuxleyTheDystopia
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7F293A4-8666-6410-36F4-E47EB2029CCB}" = AMD Drag and Drop Transcoding
"{B883FC57-818A-2C84-34CF-917B3C56C85B}" = CCC Help English
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation®Network Downloader
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.76
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FD423BBD-8095-D342-F496-59D7C22FD581}" = ATI Catalyst Install Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = DUNGEONS & DRAGONS ONLINE™: Stormreach™ v01.08.00.8106
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Cisco Connect" = Cisco Connect
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DC-Bass Source" = DC-Bass Source 1.1.1
"DCoder Image Source" = DCoder Image Source (remove only)
"Demigod" = Demigod
"DeskScapes" = DeskScapes
"Diablo II" = Diablo II
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup.divx.com" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"ExpressBurn" = Express Burn
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Flock (2.6.1)" = Flock (2.6.1)
"Fraps" = Fraps (remove only)
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"ImgBurn" = ImgBurn
"Impulse" = Impulse
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur™
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Macro Express Pro" = Macro Express Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"ObjectDock Plus" = ObjectDock Plus
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PingPlotter Standard" = PingPlotter Standard 3.30.0s
"RealMedia" = RealMedia (remove only)
"Runic Games Torchlight" = Torchlight
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SocksCap V2" = SocksCap V2
"Steam App 3483" = Peggle Extreme
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Steam App 9920" = Star Trek Online - Free Trial
"Switch" = Switch Sound File Converter
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ToneGen" = NCH Tone Generator
"Vindictus" = Vindictus
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"WavePad" = WavePad Sound Editor
"WBFS Manager 3.0" = WBFS Manager 3.0
"WebcamMax" = WebcamMax
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.72
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-306871448-3932488730-429602202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"727d1ea1876aa06e" = WowAceUpdater
"NCsoft-Exteel" = Exteel
"NCsoft-GuildWars" = Guild Wars
"SOE-EverQuest II Streaming (US English)" = EverQuest II (US English)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 PM

Posted 06 October 2010 - 02:44 AM

Hi,

your DNS seems to be hijacked, before we address this please run a rootkit scan:
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 NegSeven

NegSeven
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 06 October 2010 - 09:46 AM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x9120D000 C:\Windows\system32\DRIVERS\atikmdag.sys 6422528 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82C1F000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C1F000 PnpManager 4259840 bytes
0x82C1F000 RAW 4259840 bytes
0x82C1F000 WMIxWDM 4259840 bytes
0x97A20000 Win32k 2400256 bytes
0x97A20000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x92005000 C:\Windows\system32\drivers\RTKVHDA.sys 1945600 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8BE20000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x83A1C000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9182D000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BC2A000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x83296000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9FC7F000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x998A7000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83341000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x90B78000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x83B89000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90A04000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9FD9D000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9FD4E000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x97CD0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9197E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x838E8000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83839000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9983E000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x91E0E000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x9FC37000 C:\Windows\system32\DRIVERS\atksgt.sys 274432 bytes
0x83254000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90B17000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8BFA3000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BCE1000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9997A000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x91062000 C:\Windows\system32\DRIVERS\atikmpag.sys 233472 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x918E4000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x9193C000 C:\Windows\system32\DRIVERS\Rtlh86.sys 229376 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x8302F000 ACPI_HAL 225280 bytes
0x91F70000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8302F000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8399A000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x91195000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8BD79000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x90A63000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8BF69000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x99800000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x91E8B000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8BD44000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x9109B000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x83B4B000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x91FD1000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x83895000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x91000000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0x8BDBC000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BD1F000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x9FC00000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8396E000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x99957000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x91109000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9FD20000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91027000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x83800000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x839DF000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9191D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90AAD000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x91E6D000 C:\Windows\system32\drivers\AtiHdmi.sys 122880 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
0x97CB0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x91F55000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x999B5000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8BE00000 C:\Windows\system32\DRIVERS\snapman.sys 110592 bytes (Acronis, Acronis Snapshot API)
0x90ADA000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x91FA7000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9992C000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x91EBA000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x90BDC000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x910C7000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x910F1000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9112B000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x91143000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9115A000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x833E1000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x921E0000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8394F000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x91EDE000 C:\Windows\system32\drivers\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x83B76000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x99894000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90AF4000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x910DF000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x99945000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x91048000 C:\Windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)
0x8BDAB000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91F2F000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x839CE000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91E5C000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x838C7000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8323B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x90A9C000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x91FC1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8BFEA000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x99884000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90B07000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x838D8000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x919C9000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x83215000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x90ACC000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x833D3000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8393A000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x83BE6000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x911C9000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x833B2000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x919ED000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x91F0E000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9117B000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x91188000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9FD41000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9FDEE000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x83821000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x90B6C000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x91EF1000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x83A07000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x91F1B000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x919D8000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x91ED3000 C:\Windows\system32\drivers\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x83230000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x91F4A000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x91F03000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x833C8000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91200000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x83200000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8388A000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8320B000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x91F40000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x91E52000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x90B62000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90B58000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x91171000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9FD16000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x919E3000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9FC25000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
0x91974000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x83991000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x83965000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x91F26000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x83BF4000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x99831000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x97C80000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8BF9A000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x91059000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x83881000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8BDE1000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (Advanced Micro Devices Inc., AMD PCIE Filter Driver for ATI PCIE chipset)
0x8324C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8BD71000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB3000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x838BF000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x83A13000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8382E000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x833C0000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8BFE2000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x83933000 C:\Windows\system32\DRIVERS\amdide.sys 28672 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)
0x83A00000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x921F9000 C:\Windows\system32\drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8BDF6000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x999D0000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x83948000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x90A95000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x91EFD000 C:\Windows\system32\drivers\dadder.sys 24576 bytes (Razer (Asia-Pacific) Pte Ltd, Razer Habu USB Optical Mouse Driver)
0x90A5E000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x9FC7A000 C:\Windows\system32\DRIVERS\lirsgt.sys 20480 bytes
0x92000000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x9120B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x921F7000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x073D0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 102400 bytes
0x07450000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 102400 bytes
0x00650000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 110592 bytes
0x05690000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 110592 bytes
0x01310000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x85C52AF0 ] PID: 3436, 118784 bytes
0x008D0000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 118784 bytes
0x07BC0000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 1232896 bytes
0x08100000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 1306624 bytes
0x042E0000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 159744 bytes
0x08A30000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 1716224 bytes
0x08320000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 192512 bytes
0x07F70000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 208896 bytes
0x07A50000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 217088 bytes
0x07FB0000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 282624 bytes
0x040A0000 Hidden Image-->NetLib.dll [ EPROCESS 0x85ED4030 ] PID: 744, 28672 bytes
0x01350000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x85C52AF0 ] PID: 3436, 28672 bytes
0x01530000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x85C52AF0 ] PID: 3436, 28672 bytes
0x00410000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x00670000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x00940000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x00EA0000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x03EC0000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x03EE0000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x03ED0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x03F80000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x042A0000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x04310000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x04470000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x04340000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x045B0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x04480000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x04BD0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x056E0000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x05710000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x059C0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x05AE0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x05AD0000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x05B20000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x05C50000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x05C70000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x066F0000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x06740000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x06D20000 Hidden Image-->atixclib.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x06FB0000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x06FF0000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x07010000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x07150000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x07130000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x07170000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x07180000 Hidden Image-->CLI.Component.Wizard.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x073C0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x073F0000 Hidden Image-->Branding.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x076D0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x07F20000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x07DF0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x08000000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 28672 bytes
0x075E0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 364544 bytes
0x03ED0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x85C52AF0 ] PID: 3436, 36864 bytes
0x00860000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 36864 bytes
0x00E90000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 36864 bytes
0x04BE0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 36864 bytes
0x05600000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 36864 bytes
0x05660000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 36864 bytes
0x056F0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 36864 bytes
0x05700000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 36864 bytes
0x06FA0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 36864 bytes
0x07190000 Hidden Image-->CLI.Component.Wizard.Shared.Private.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 36864 bytes
0x076F0000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 36864 bytes
0x05480000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 389120 bytes
0x074E0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 389120 bytes
0x07470000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 405504 bytes
0x07350000 Hidden Image-->CLI.Component.Wizard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 413696 bytes
0x07550000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 421888 bytes
0x005B0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x85C52AF0 ] PID: 3436, 45056 bytes
0x01340000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x85C52AF0 ] PID: 3436, 45056 bytes
0x03D80000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x85C52AF0 ] PID: 3436, 45056 bytes
0x003E0000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 45056 bytes
0x00400000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 45056 bytes
0x006B0000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 45056 bytes
0x00950000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 45056 bytes
0x04D00000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 45056 bytes
0x05610000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 45056 bytes
0x046E0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 487424 bytes
0x00930000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x00E20000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x03EA0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x03EF0000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x04780000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x048A0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x04BF0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x05AF0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x05C90000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x07160000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x071B0000 Hidden Image-->CLI.Caste.Graphics.Wizard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 53248 bytes
0x072C0000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 585728 bytes
0x07640000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 585728 bytes
0x00880000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 61440 bytes
0x05620000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 61440 bytes
0x05B00000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 61440 bytes
0x05B10000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 61440 bytes
0x05C80000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 61440 bytes
0x08D90000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 667648 bytes
0x008F0000 Hidden Image-->CLI.Component.SkinFactory.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 69632 bytes
0x00910000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 69632 bytes
0x05830000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 69632 bytes
0x05B30000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 69632 bytes
0x06FC0000 Hidden Image-->APM.Server.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 69632 bytes
0x08360000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 749568 bytes
0x014B0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x85C52AF0 ] PID: 3436, 77824 bytes
0x00680000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 77824 bytes
0x055E0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 77824 bytes
0x056B0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 77824 bytes
0x05850000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 77824 bytes
0x05870000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 77824 bytes
0x066D0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 77824 bytes
0x07F50000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 77824 bytes
0x00E70000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 86016 bytes
0x05630000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 86016 bytes
0x05990000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 86016 bytes
0x07E00000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 86016 bytes
0x08940000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x85C24AF0 ] PID: 3952, 864256 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#6 NegSeven

NegSeven
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 06 October 2010 - 10:33 AM

I have some questions if you dont mind.

I've used Avast for afew years and never had any problems. Is avast free not enough anymore? I cant really afford to buy 5 licenses tho... To fully protect my computers, what all would you recommend?

1 of the 5 computers does still redirect.

I've installed the following on the computer that is still redirecting. (not this one)

- Avast
+Avira
- ASO
+SuperAntiSpyware
+ZoneAlarm

Seems to have stopped.

Guess not, the IP address redirect doesnt seem to be there anymore, but Google.analytics.com popups occur redirecting to yellowpages, lycos search, ect. Malwarebytes is scanning atm.

Adware found, removed, still getting pop ups for goog-analytics.com

Edited by NegSeven, 06 October 2010 - 03:56 PM.


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 PM

Posted 07 October 2010 - 03:19 AM

Hi,

no anti virus program is 100% safe, it will trip up every now and then. Avast usually is a good anti virus program.

Do you use a router to go online? Could it be the one redirecting?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 NegSeven

NegSeven
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 07 October 2010 - 11:02 AM

Yes, we do use a router, it's possible. At first, we thought it may be our ISP, since it happened on every pc from any random page, and did not happen when we connect to the local wifi.

All computers but 1 have clearned up completely on their own. And the original random IP redirects have gone, the last PC juts has Google-Analytics.com pop ups.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 PM

Posted 08 October 2010 - 03:05 AM

Hi,

could you please rest the router and let me know if that helps:

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    QUOTE
    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.[list]
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.

Please also run this fix:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.137 213.109.72.205 1.1.1.1
    :files
    C:\Windows\tasks\at*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 NegSeven

NegSeven
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 09 October 2010 - 12:20 AM

IPv4 was changed on one of the PCs.


========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.14.1 log created on 10082010_221507

OTL logfile created on: 10/8/2010 10:17:38 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kravex\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 724.75 Gb Free Space | 77.80% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 68.07 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRAVEX-PC
Current User Name: Kravex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Kravex\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
PRC - C:\Program Files\Flock\flock.exe (Flock, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Razer\DeathAdder\razerhid.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
PRC - C:\Program Files\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - C:\Program Files\Razer\DeathAdder\razertra.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Kravex\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Inc.)
MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
MOD - C:\Program Files\Stardock\ObjectDock\DockShellHook.dll ()
MOD - C:\Windows\System32\MSVCR71.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (npggsvc) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (npkcmsvc) -- C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (mcdbus) -- C:\Windows\System32\DRIVERS\mcdbus.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\Users\Kravex\AppData\Local\Temp\catchme.sys File not found
DRV - (ADASPROT) -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (DAdderFltr) -- C:\Windows\System32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/31 12:59:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2010/09/30 15:17:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/09/30 15:17:29 | 000,000,000 | ---D | M]

[2010/09/30 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Kravex\AppData\Roaming\Mozilla\Extensions
[2010/09/30 15:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kravex\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/09/30 14:53:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/31 12:43:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2010/01/31 12:43:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2010/01/31 12:43:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2010/09/30 11:30:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/03/19 17:23:20 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010/09/30 11:29:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/03/21 13:28:46 | 001,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/03/21 13:29:06 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/03/22 17:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2008/10/14 20:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/01/03 07:59:16 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/01/03 07:59:16 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/01/03 07:59:16 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/01/03 07:59:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/01/03 07:59:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/01/03 07:59:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/01/03 07:59:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/12/01 09:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Kravex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\Kravex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Kravex\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kravex\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/08 01:08:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/06 09:06:27 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/06 09:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/06 09:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/06 08:30:14 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/10/06 08:30:14 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/10/06 08:30:12 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/10/06 08:30:08 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/10/06 08:30:05 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/10/06 08:29:51 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/06 08:29:50 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/10/05 10:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2010/10/01 21:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/10/01 21:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2010/10/01 21:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/10/01 20:54:11 | 000,000,000 | ---D | C] -- C:\Users\Kravex\Documents\Vindictus
[2010/10/01 20:53:28 | 000,000,000 | ---D | C] -- Profiles\All Users\Application Data\PMB Files
[2010/09/30 15:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/09/30 15:35:32 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/09/30 15:33:55 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/09/30 15:33:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/09/30 15:33:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/09/30 15:33:54 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/09/30 15:33:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/09/30 15:33:46 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/09/30 15:33:46 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/09/30 15:33:46 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/09/30 15:33:46 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/09/30 15:33:46 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/09/30 15:33:46 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/09/30 15:33:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/09/30 15:33:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/09/30 15:17:33 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\Flock
[2010/09/30 15:17:33 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Local\Flock
[2010/09/30 15:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Flock
[2010/09/30 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\Lunascape
[2010/09/30 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010/09/30 11:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/09/30 11:30:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/30 11:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/30 11:30:12 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/09/30 11:30:12 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/30 11:30:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/30 11:30:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/30 09:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Zoom Player
[2010/09/30 08:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/09/30 08:22:01 | 000,000,000 | ---D | C] -- C:\Users\Kravex\Documents\Systweak
[2010/09/30 08:21:09 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2010/09/29 17:55:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/09/29 15:49:40 | 000,016,184 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\ROBoot.exe
[2010/09/29 15:34:05 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/09/29 15:34:05 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/09/29 15:34:05 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/09/29 15:30:03 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\Systweak
[2010/09/29 15:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/09/29 15:23:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/29 15:23:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/09/29 15:23:05 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/09/29 15:23:05 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/09/29 15:23:02 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/09/29 15:23:01 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/09/29 15:22:48 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/09/29 15:22:48 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/09/29 15:22:40 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/09/29 15:22:39 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/09/29 15:22:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/09/29 15:22:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/09/29 15:22:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/09/29 15:22:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/09/29 15:22:38 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/09/29 15:22:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/09/29 15:22:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/09/29 15:22:35 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/09/29 15:21:45 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/09/29 15:21:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/09/29 15:21:36 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/09/29 15:14:50 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/09/29 15:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/09/29 14:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2010/09/29 14:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010/09/29 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\BitDefender
[2010/09/29 13:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\6e60000-562a-49bb-ad09-1cbf7da9e1be
[2010/09/29 13:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\8b9f0000-ceb2-4929-ae60-995ee1c77085
[2010/09/29 13:15:23 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\QuickScan
[2010/09/29 13:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/09/19 14:48:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/19 14:47:07 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Local\temp
[2010/09/19 14:34:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/19 14:34:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/19 14:34:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/19 14:34:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/19 14:27:51 | 000,069,632 | ---- | C] (Auto Debug System) -- C:\Users\Kravex\Desktop\KillProcess.exe
[2010/09/19 14:23:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/19 14:23:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/19 14:23:22 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/19 12:06:23 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\Malwarebytes
[2010/09/19 10:33:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/19 10:33:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/19 10:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/19 10:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/18 15:34:39 | 000,000,000 | ---D | C] -- C:\Users\Kravex\Documents\Insight Software
[2010/09/18 15:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Macro Express Pro
[2010/09/15 20:53:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Insight Software Solutions
[2010/09/15 20:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Insight Software Solutions
[2010/09/15 20:53:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Insight Software
[2010/09/15 20:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Insight Software
[2010/09/14 09:21:34 | 000,000,000 | ---D | C] -- C:\Users\Kravex\AppData\Roaming\ImgBurn
[2010/09/14 09:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/09/10 17:26:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/09/10 17:26:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/09/10 17:26:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/09/10 17:26:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/09/10 17:26:27 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/09/10 17:26:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/09/10 17:26:27 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/09/10 17:26:26 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010/09/10 17:26:26 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010/09/10 17:26:26 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/09/10 17:26:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010/09/10 17:26:26 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/09/10 17:26:25 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010/09/10 17:26:25 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010/09/10 17:26:25 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/09/10 17:26:25 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/09/10 17:26:24 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/09/10 17:26:24 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/09/10 17:26:24 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/09/10 17:26:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/09/10 17:26:24 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/09/10 17:26:24 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/09/10 17:26:24 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/09/10 17:26:24 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/09/10 17:26:23 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010/09/10 17:26:23 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010/09/10 17:26:23 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010/09/10 17:26:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010/09/10 17:26:23 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010/09/10 17:26:23 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010/09/10 17:26:22 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010/09/10 17:26:21 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010/09/10 17:26:21 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010/09/10 17:26:21 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010/09/10 17:26:21 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010/09/10 17:26:21 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010/09/10 17:26:20 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010/09/10 17:26:20 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010/09/10 17:26:20 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010/09/10 17:26:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010/09/10 17:26:20 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010/09/10 17:26:19 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/09/10 17:26:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010/09/10 17:26:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010/09/10 17:26:19 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010/09/10 17:26:18 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/09/10 17:26:18 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010/09/10 17:26:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010/09/10 17:26:18 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010/09/10 17:26:18 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010/09/10 17:26:18 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010/09/10 17:26:18 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010/09/10 17:26:17 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/09/10 17:26:17 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010/09/10 17:26:17 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010/09/10 17:26:17 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010/09/10 17:26:17 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010/09/10 17:26:16 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010/09/10 17:26:15 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010/09/10 17:26:15 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010/09/10 17:26:14 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010/09/10 17:26:14 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010/09/10 17:26:14 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010/09/10 17:26:13 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010/09/10 17:26:13 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010/09/10 17:26:13 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010/09/10 17:26:06 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/09/10 17:26:05 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010/09/10 17:26:05 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010/09/10 17:26:04 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010/09/10 17:26:02 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010/09/10 17:26:02 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010/09/10 17:26:01 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010/09/10 17:26:00 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010/09/10 17:26:00 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/08 22:09:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/08 22:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/08 22:08:44 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/08 22:07:36 | 007,864,320 | ---- | M] () -- C:\Users\Kravex\NTUSER.DAT
[2010/10/08 22:07:29 | 002,800,437 | -H-- | M] () -- C:\Users\Kravex\AppData\Local\IconCache.db
[2010/10/07 16:18:39 | 002,887,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/07 16:18:39 | 000,872,266 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/07 16:18:39 | 000,005,940 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/06 09:06:23 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/06 08:30:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/02 06:37:38 | 000,006,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 06:37:38 | 000,006,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 21:45:53 | 000,000,207 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus.url
[2010/09/30 15:17:31 | 000,001,759 | ---- | M] () -- C:\Users\Kravex\Application Data\Microsoft\Internet Explorer\Quick Launch\Flock.lnk
[2010/09/30 15:17:31 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Flock.lnk
[2010/09/30 11:29:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/30 11:29:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/30 11:29:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/30 11:29:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/09/29 22:04:49 | 000,524,288 | -HS- | M] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/09/29 22:04:49 | 000,524,288 | -HS- | M] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/09/29 22:04:49 | 000,065,536 | -HS- | M] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TM.blf
[2010/09/29 17:08:31 | 000,294,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/29 17:06:17 | 000,001,828 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2010/09/29 17:06:07 | 007,864,320 | -HS- | M] () -- C:\Users\Kravex\NTUSER.DAT.bak
[2010/09/29 13:57:15 | 000,725,427 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2010/09/29 13:42:17 | 000,000,415 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2010/09/24 23:34:13 | 000,223,818 | ---- | M] () -- C:\Users\Kravex\Documents\123-bak000.~mex
[2010/09/24 23:34:13 | 000,223,818 | ---- | M] () -- C:\Users\Kravex\Documents\123.mex
[2010/09/24 23:01:59 | 000,102,043 | ---- | M] () -- C:\Users\Kravex\Documents\123-bak001.~mex
[2010/09/20 09:56:55 | 000,102,043 | ---- | M] () -- C:\Users\Kravex\Documents\123-bak002.~mex
[2010/09/19 14:48:59 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/18 22:38:58 | 000,061,084 | ---- | M] () -- C:\Users\Kravex\Documents\123-bak003.~mex
[2010/09/18 09:52:00 | 000,175,100 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak000.~mex
[2010/09/18 09:52:00 | 000,175,100 | ---- | M] () -- C:\Users\Kravex\Documents\macex.mex
[2010/09/17 23:36:54 | 000,156,300 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak001.~mex
[2010/09/17 09:47:45 | 000,091,398 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak002.~mex
[2010/09/17 08:10:51 | 000,030,985 | ---- | M] () -- C:\Users\Kravex\Documents\EVEMon_Settings_2418.xml.bak
[2010/09/16 23:06:11 | 000,073,675 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak003.~mex
[2010/09/16 05:51:34 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/09/15 23:15:53 | 000,004,640 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak004.~mex
[2010/09/15 23:10:33 | 000,073,902 | ---- | M] () -- C:\Users\Kravex\Documents\macex_bak005.~mex
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/06 09:06:23 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/01 21:45:53 | 000,000,207 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus.url
[2010/09/30 15:17:31 | 000,001,759 | ---- | C] () -- C:\Users\Kravex\Application Data\Microsoft\Internet Explorer\Quick Launch\Flock.lnk
[2010/09/30 15:17:31 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\Flock.lnk
[2010/09/29 17:11:17 | 000,524,288 | -HS- | C] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/09/29 17:11:17 | 000,524,288 | -HS- | C] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/09/29 17:11:17 | 000,065,536 | -HS- | C] () -- C:\Users\Kravex\NTUSER.DAT{43ff79b8-cc26-11df-b5f7-806e6f6e6963}.TM.blf
[2010/09/29 17:06:10 | 000,000,000 | -HS- | C] () -- C:\Users\Kravex\NTUSER.DAT.sav.LOG2
[2010/09/29 17:06:10 | 000,000,000 | -HS- | C] () -- C:\Users\Kravex\NTUSER.DAT.sav.LOG1
[2010/09/29 15:49:40 | 000,001,828 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2010/09/29 13:42:17 | 000,000,415 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2010/09/29 13:15:01 | 000,725,427 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/09/19 14:34:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/19 14:34:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/19 14:34:36 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/18 22:38:58 | 000,223,818 | ---- | C] () -- C:\Users\Kravex\Documents\123-bak000.~mex
[2010/09/18 22:38:58 | 000,102,043 | ---- | C] () -- C:\Users\Kravex\Documents\123-bak002.~mex
[2010/09/18 22:38:58 | 000,102,043 | ---- | C] () -- C:\Users\Kravex\Documents\123-bak001.~mex
[2010/09/18 22:38:58 | 000,061,084 | ---- | C] () -- C:\Users\Kravex\Documents\123-bak003.~mex
[2010/09/18 15:35:12 | 000,223,818 | ---- | C] () -- C:\Users\Kravex\Documents\123.mex
[2010/09/17 08:12:08 | 000,030,985 | ---- | C] () -- C:\Users\Kravex\Documents\EVEMon_Settings_2418.xml.bak
[2010/09/15 23:13:22 | 000,175,100 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak000.~mex
[2010/09/15 23:13:22 | 000,156,300 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak001.~mex
[2010/09/15 23:13:22 | 000,091,398 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak002.~mex
[2010/09/15 23:13:22 | 000,073,902 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak005.~mex
[2010/09/15 23:13:22 | 000,073,675 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak003.~mex
[2010/09/15 23:13:22 | 000,004,640 | ---- | C] () -- C:\Users\Kravex\Documents\macex_bak004.~mex
[2010/09/15 20:54:06 | 000,175,100 | ---- | C] () -- C:\Users\Kravex\Documents\macex.mex
[2010/08/04 01:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/07/09 12:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/07/05 09:35:18 | 000,003,584 | ---- | C] () -- C:\Users\Kravex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 08:23:45 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/03/04 18:30:05 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/03/04 18:30:04 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/02/28 12:30:06 | 000,016,456 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/02/28 12:30:04 | 000,011,088 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/02/07 14:31:59 | 000,000,094 | ---- | C] () -- C:\Users\Kravex\AppData\Local\fusioncache.dat
[2010/01/31 17:38:58 | 000,007,605 | ---- | C] () -- C:\Users\Kravex\AppData\Local\Resmon.ResmonCfg
[2009/08/30 08:20:19 | 000,000,608 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/07/06 09:20:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/09 20:04:17 | 000,076,407 | ---- | C] () -- C:\Users\Kravex\AppData\Roaming\Smiley.ico
[2009/03/05 05:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/01/06 12:51:15 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/01/03 08:16:14 | 000,006,327 | ---- | C] () -- C:\Users\Kravex\AppData\Roaming\Cabos.plist
[2008/11/16 07:45:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/08 23:26:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/13 10:06:02 | 000,000,033 | ---- | C] () -- C:\Windows\BPClient.ini
[2008/10/07 07:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 07:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/07 09:01:54 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/08/07 09:01:54 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/08/07 09:01:54 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/04/24 12:53:33 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/04/24 12:53:33 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/03/21 13:30:08 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/21 13:28:54 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/02/28 00:20:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

========== Files - Unicode (All) ==========
[2010/10/01 21:49:37 | 000,000,000 | ---D | M](C:\Users\Kravex\Documents\?? ???) -- C:\Users\Kravex\Documents\넥슨 플러그
[2010/10/01 21:49:37 | 000,000,000 | ---D | C](C:\Users\Kravex\Documents\?? ???) -- C:\Users\Kravex\Documents\넥슨 플러그
[2010/09/29 13:57:15 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2010/09/29 13:54:57 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 PM

Posted 11 October 2010 - 04:52 AM

Hi,

how are the redirects?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 NegSeven

NegSeven
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 11 October 2010 - 01:22 PM

Havent had any. Thank you again.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 PM

Posted 14 October 2010 - 06:28 AM

Hi,
that is great! smile.gif

I would like to make sure there is no malware left with an online scan:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 PM

Posted 04 November 2010 - 04:29 AM

As it has gone stale, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users