Jump to content

Malware rootkit not removed by MBMA

Alexxx.D

By Alexxx.D
in Resolved Malware Removal Logs

 Share

Recommended Posts

Alexxx.D

Alexxx.D

Posted
Posted

Hello

I am a noob in this forum and sadly I think my system is hijacked.Yesterday while I was browsing my AVG(free) resident shield gave me a sudden notice of a bunch of malware found in my system.I later found it's Antimalware doctor virus and removed it with MBMA.But the problems persisted,I get random processes all the time,firefox opens random tabs to strange sites,and after the last reboot my avg tray icon disasapeared and avg interface won't open.Malwarebytes scans find a rootkit located in system32 but after several reboots the malware is still there.I use hijack this logs for the fist time so hope that helps.Thanks in advance:)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:47:41 ??, on 22/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\Program Files\AskBarDis\bar\bin\AskService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\AVG\AVG9\avgui.exe

C:\Documents and Settings\Meletis\?? ??????? ???\???????? ??????\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ?????????

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {6DBBD536-66E5-4ED5-811D-2A13F863F378} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: ?????? ??????? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A22E55EC-BDF3-4A09-9CB3-0524BD8F49D5} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)

O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: ID_???????_????????_???????????_HP_ell.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html

O8 - Extra context menu item: ?&?????? ??? Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: ?????? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O20 - Winlogon Notify: iifcDSKB - Invalid registry found

O22 - SharedTaskScheduler: ??????????? Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: ???????? cache ?????????? ????????? - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: ???????? Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 12635 bytes

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Hello Alexxx.D

Welcome to Malwarebytes.

Please also post the mbam log.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

Here is the latest Mbma log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

?????? ????? ?????????: 4908

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

22/10/2010 2:37:02 ??

mbam-log-2010-10-22 (14-37-02).txt

????? ???????: ??????? ??????

??????????? ??? ?????????: 166428

?????? ??? ???? ????????: 55 ?????(?), 45 ????????????(?)

?????????? ?????????? ??? ?????: 0

????????? ???????? ??? ?????: 0

????????? ??????? ??? ??????: 0

?????????? ????? ??? ??????: 0

????????? ??????????? ????????? ??? ??????: 0

?????????? ???????: 0

????????? ??????: 1

?????????? ?????????? ??? ?????:

(??? ???????????? ???????? ???????????)

????????? ???????? ??? ?????:

(??? ???????????? ???????? ???????????)

????????? ??????? ??? ??????:

(??? ???????????? ???????? ???????????)

?????????? ????? ??? ??????:

(??? ???????????? ???????? ???????????)

????????? ??????????? ????????? ??? ??????:

(??? ???????????? ???????? ???????????)

?????????? ???????:

(??? ???????????? ???????? ???????????)

????????? ??????:

C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> Delete on reboot.

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

OTL report

OTL logfile created on: 22/10/2010 4:57:32 ?? - Run 1

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Meletis\????????? ????????

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000408 | Country: ?????? | Language: ELL | Date Format: d/M/yyyy

1.022,00 Mb Total Physical Memory | 415,00 Mb Available Physical Memory | 41,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 293,97 Gb Total Space | 15,55 Gb Free Space | 5,29% Space Free | Partition Type: NTFS

Drive D: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MEL | User Name: Meletis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Meletis\????????? ????????\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Meletis\????????? ????????\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()

SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found

DRV - (kwuwwmn) -- C:\WINDOWS\System32\drivers\ajhym.sys File not found

DRV - (asbp2poa) -- C:\DOCUME~1\Meletis\LOCALS~1\Temp\asbp2poa.sys File not found

DRV - (sxfhokzk) -- C:\WINDOWS\system32\drivers\uuchnu.sys ()

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)

DRV - (usbaudio) ????????? ???????? ???? USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI)

DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI)

DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (sojubus) -- C:\WINDOWS\system32\DRIVERS\sojubus.sys ( )

DRV - (sojuscsi) -- C:\WINDOWS\system32\DRIVERS\sojuscsi.sys ( )

DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?mkt=el-gr&ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 1B 3B BC B3 60 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.gr/"

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20100830W

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 13:32:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 13:32:22 | 000,000,000 | ---D | M]

[2010/08/21 15:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Extensions

[2010/08/21 15:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/02/09 21:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2008/10/18 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\extensions

[2008/10/18 12:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/10/22 16:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions

[2010/08/22 19:20:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/18 13:39:04 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}

[2010/09/03 03:09:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/09/08 03:34:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/10/22 16:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\en-US@dictionaries.addons.mozilla.org

[2010/09/18 14:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\personas@christopher.beard

[2010/09/21 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\staged-xpis

[2010/08/21 15:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/20 13:32:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/10/20 13:32:02 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/20 13:32:03 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/10/20 13:32:09 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/07/23 03:14:25 | 000,001,525 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/07/23 03:14:25 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/06 02:03:46 | 000,002,404 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

[2010/07/23 03:14:25 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/07/23 03:14:25 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/07/23 03:14:25 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/07/23 03:14:25 | 000,001,219 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-el.xml

[2010/07/23 03:14:25 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/09/07 15:00:00 | 000,000,944 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {6DBBD536-66E5-4ED5-811D-2A13F863F378} - File not found

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (?????? ??????? ??? Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (no name) - {A22E55EC-BDF3-4A09-9CB3-0524BD8F49D5} - File not found

O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.

O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (????&?????) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&?????????) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (????&?????) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&?????????) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)

O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [nodenable] C:\Program Files\eset\nodenable.exe File not found

O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\???????????\????????\ID_???????_????????_???????????_HP_ell.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\Meletis\Start Menu\???????????\????????\PowerReg Scheduler V3.exe (Leader Technologies)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html ()

O8 - Extra context menu item: ?&?????? ??? Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: ?????? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\iifcDSKB: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - ??????????? Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - ???????? cache ?????????? ????????? - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (???????? ?????? ??????) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Meletis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Meletis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\urqnoNhf) - File not found

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/10/12 13:01:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2005/11/21 20:26:21 | 000,000,057 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{6b742827-98f2-11db-8b28-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{6b742827-98f2-11db-8b28-806d6172696f}\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe -- [2006/02/27 17:33:32 | 001,662,976 | R--- | M] (Bethesda Softworks)

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe -- [2006/02/27 17:33:32 | 001,662,976 | R--- | M] (Bethesda Softworks)

O33 - MountPoints2\Z\Shell - "" = AutoRun

O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2010/07/27 09:29:49 | 008,525,824 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\PROGRA~1\AVG\AVG10\avgrsx.exe File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: SSHNAS - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/22 16:53:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Meletis\????????? ????????\OTL.exe

[2010/10/22 15:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/22 15:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/10/21 23:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\Application Data\download2

[2010/10/21 22:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\Application Data\Malwarebytes

[2010/10/21 22:33:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/21 22:33:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/21 22:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/21 22:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/21 20:30:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/19 13:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OptiTex

[2010/10/19 13:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

unhooker report

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xF6412000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 5337088 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)

0xBF19E000 C:\WINDOWS\System32\ati3duag.dll 4009984 bytes (ATI Technologies Inc. , ati3duag.dll)

0xBF571000 C:\WINDOWS\System32\ativvaxx.dll 2400256 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2158592 bytes (Microsoft Corporation, ??????? ??? ??????? NT)

0x804D7000 PnpManager 2158592 bytes

0x804D7000 RAW 2158592 bytes

0x804D7000 WMIxWDM 2158592 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, ????????? ???????? Multi-User Win32)

0xF62EB000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)

0xF72CF000 PCI_PNP2510 1048576 bytes

0xF72CF000 sphz.sys 1048576 bytes

0xF72CF000 sptd 1048576 bytes

0xF7118000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xBF062000 C:\WINDOWS\System32\ati2cqag.dll 573440 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)

0xA73FE000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xBF0EE000 C:\WINDOWS\System32\atikvmag.dll 446464 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)

0xF6217000 C:\WINDOWS\System32\Drivers\aehn546d.SYS 413696 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xEF87B000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA7509000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xA4DCF000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 327680 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xBF15B000 C:\WINDOWS\System32\atiok3x2.dll 274432 bytes (ATI Technologies Inc., Ring 0 x2 component)

0xA4F08000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes

0xA4E77000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF7288000 ACPI.sys 192512 bytes (Microsoft Corporation, ????????? ???????? ACPI ??? NT)

0xA5130000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF70EB000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xA43DD000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xA746E000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF627C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xA74E1000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xA74BB000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xA75B9000 C:\WINDOWS\system32\drivers\viahduaa.sys 155648 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver v1.60)

0xA7595000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF62A4000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF62C8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xA7499000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E6000 ACPI_HAL 134400 bytes

0x806E6000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF71BC000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7239000 ftdisk.sys 126976 bytes (Microsoft Corporation, ????????? ???????? FT ??? ??????)

0xF7258000 sojubus.sys 126976 bytes ( , Plug and Play BIOS Extension)

0xF70D1000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF7221000 98304 bytes

0xA73D5000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF72B7000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF71A5000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF59C1000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA511B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF59D8000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, ????????? ???????? ?????????? ?????)

0xF63FE000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xA7562000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7277000 pci.sys 69632 bytes (Microsoft Corporation, ?????????? PCI ??????????? ??? ?????? ??????????? ??? NT)

0xF59B0000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF59EC000 C:\WINDOWS\system32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, ????????? ???????? ????????? ????????)

0xA73ED000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)

0xA7C49000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF76A0000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF7650000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xF75E0000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xA8B96000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xA8BD6000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF69B9000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, ????????? ???????? ??? ??????? ???? Redbook)

0xA773F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xEFC65000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF75F0000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xF76B0000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, ????????? ???????? ??? ????? i8042)

0xF74D0000 ibvspkrg.sys 57344 bytes

0xF7500000 VolSnap.sys 57344 bytes (Microsoft Corporation, ????????? ???????? ???????? ?????????? ?????)

0xF75A0000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF76C0000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF76E0000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xA8B86000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7690000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF74F0000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF76D0000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF75D0000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)

0xF7680000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)

0xF74E0000 isapnp.sys 40960 bytes (Microsoft Corporation, ????????? ???????? ??? ??????? PNP ISA)

0xF0450000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF7570000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0xF0BF7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF7590000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xA7C69000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF76F0000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xA8BA6000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xF2B38000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF75B0000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xA8BB6000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7820000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, ????????? ???????? ??? ??????)

0xA7E5D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7830000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7880000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF7838000 C:\WINDOWS\system32\DRIVERS\fetnd5.sys 28672 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)

0xA7E4D000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7888000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, ????????? ???????? ?????? ?????????????)

0xF7750000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xA7E3D000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF04D8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, ????????? ???????? ?????? ?????????)

0xA7E55000 C:\WINDOWS\System32\Drivers\StarOpen.SYS 24576 bytes

0xF7828000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xA7E6D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xEF91D000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes

0xA7E65000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7758000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF04E8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF04E0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7890000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xA78D7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF06FD000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xF2E90000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF6FAD000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF78E4000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xA77A4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xA7E25000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xA8B4B000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0x86E53000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xA7E11000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, ????????? ???????? ??????? ????????? HID)

0xF6FA9000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xA8B43000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xA8B3F000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xF7A3C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF1FB0000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7A3A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7A3E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7A40000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF79E0000 sojuscsi.sys 8192 bytes ( , SCSI miniport)

0xF79E2000 speedfan.sys 8192 bytes

0xF1219000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7A48000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF79D8000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF79D0000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7AF5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xA8386000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7A99000 giveio.sys 4096 bytes

0xA810A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7A98000 pciide.sys 4096 bytes (Microsoft Corporation, ?????? ????????? ???????? ??????? PCI IDE)

0x871511F8 unknown_irp_handler 3592 bytes

0x871621F8 unknown_irp_handler 3592 bytes

0x871D51F8 unknown_irp_handler 3592 bytes

0x871631F8 unknown_irp_handler 3592 bytes

!!!!!!!!!!!Hidden driver: 0x86EAE292 ?_empty_? 3438 bytes

0x86A40500 unknown_irp_handler 2816 bytes

0x86A6D500 unknown_irp_handler 2816 bytes

0x86BBE500 unknown_irp_handler 2816 bytes

0x86ACA500 unknown_irp_handler 2816 bytes

0x86A8B500 unknown_irp_handler 2816 bytes

0x86A21918 unknown_irp_handler 1768 bytes

0x86A7BBA8 unknown_irp_handler 1112 bytes

0x86BABBC8 unknown_irp_handler 1080 bytes

0x86A8CC70 unknown_irp_handler 912 bytes

==============================================

>Stealth

==============================================

0xF7221000 WARNING: suspicious driver modification [ ::0x86EAE292]

0x01060000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x86B1F780 ] PID: 2580, 110592 bytes

0x01230000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x86B1F780 ] PID: 2580, 28672 bytes

0x01460000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x86B1F780 ] PID: 2580, 28672 bytes

0x01480000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x86B1F780 ] PID: 2580, 307200 bytes

0x01090000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x86B1F780 ] PID: 2580, 45056 bytes

0x01100000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x86B1F780 ] PID: 2580, 45056 bytes

WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]

0x01110000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x86B1F780 ] PID: 2580, 69632 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\apronrythes\Thumbs.dbes_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\jailshirtm.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\lacetexture.ddss

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\Pantieswhite.dds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\Pantieswhite_n.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants.ddsite.dds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants01f.dds.dds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants01f_n.ddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants02m.ddsdsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants02m_n.ddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants03f.ddsdsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants03f_n.ddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants04f.ddsdsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants04f_n.ddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants05f.ddsdsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants05f_n.ddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants05m.ddsdsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants05m_n.ddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants06f.ddsdsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants06f_n.ddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants07f.dds_n.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants07f_n.ddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants08f.ddsdsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants08f_n.ddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants09f.ddsdsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants09f_n.ddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants_n.ddsddsds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\pants_orange.dds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\semanialcshirt.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\semanialcshoes.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\semanialcshoes_n.ddse.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt.ddsshoes_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt01f.ddses_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt01f_n.dds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt02m.ddsds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt02m_n.dds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt03f.ddsds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt03f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt04f.ddsds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt04f_n.dds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt05f.ddsds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt05f_n.dds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt06f.ddsds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt06f_n.dds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt07f.ddsds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt07f_n.dds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt08f.ddsds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt08f_n.dds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt09f.ddsds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt09f_n.dds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt10f.ddsds_orange.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt10f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt11f.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt11f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt12f.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt12f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt13f.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt13f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt14f.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt14f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt15f.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt15f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt_dark.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shirt_n.ddsdds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoe02.dds.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoe02_n.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoe03f.ddssds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoe03f_n.ddss.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes01f.ddsss.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes01f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes04f.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes04f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes05f.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes05f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes06f.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes06f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes07f.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes07f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes08f.ddsds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\shoes08f_n.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\skirt.ddsn.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\skirt_dark.dds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\skirt_n.ddsdds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\lowerclass\Thumbs.dbdsdds.ddsnge.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcpantskungfublkm.ddsn.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcpantskungfublkm_n.ddsdds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcshirtforesterm.ddsddsdds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcshirtforesterm_n.ddssdds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcshirthobbitm.dds.ddssdds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcshirthobbitm_n.ddsdssdds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcshirtshopkeeperm.ddssdds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcshirtshopkeeperm_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcshirtsneakym.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcshirtsneakym_n.dds.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcshirtsuspendersm.ddsdsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\mcshirtsuspendersm_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\Pantieswhite.ddssm_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\Pantieswhite_n.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\pants01f.dds_n.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\pants01f_n.dds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\pants02f.ddsds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\pants02f_n.dds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\pants04f.ddsds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\pants04f_n.dds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\pants05f.ddsds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\pants05f_n.dds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirt01f.ddsds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirt02f.ddsds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirt02f_n.dds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirt04f.ddsds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirt04f_n.dds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirt05f.ddsds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirt05f_n.dds.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirtback03f.ddsds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirtback03f_n.dds_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirtfront03f.ddss_n.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shirtfront03f_n.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shoe01f.dds3f_n.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shoe01f_n.dds_n.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shoe02f.ddsds_n.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shoe02f_n.dds_n.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shoes03f.ddss_n.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shoes03f_n.ddsn.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shoes04f.ddsdsn.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shoes04f_n.ddsn.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shoes05f.ddsdsn.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\shoes05f_n.ddsn.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\middleclass\Thumbs.dbn.ddsn.ddsn.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\Pantieswhite.ddsnsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\Pantieswhite_n.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\pants01f.dds_n.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\pants01f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\pants02f.ddsds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\pants02f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\pants03f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\pants04f.ddsds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\pants04f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\pants05f.ddsds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\pants05f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shirt01f.ddsds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shirt01f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shirt02f.ddsds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shirt02f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shirt03f.ddsds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shirt03f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shirt04f.ddsds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shirt05f.ddsds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shirt05f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shoes01f.ddsds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shoes01f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shoes03f.ddsds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\shoes03f_n.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\Thumbs.dbn.dds.ddsBk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\ucpantscountess.ddsk_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\ucpantscountess_n.ddsn.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\ucshirtcountess.ddsdsn.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\ucshirtcountess_n.ddsn.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\ucshirthighwaym.ddsdsn.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\upperclass\ucshirthighwaym_n.ddsn.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\wizard\shoes.dds_n.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\wizard\shoes_n.dds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\wizard\Thumbs.dbds.dds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\colourwheels_Sexy_Stock_Armor_and_clothing_Replacer_v2_2-23143\Colourwheels Sexy Stock Armor & Clothing Replacer HGEC v2_2\data\textures\Colourwheels Sexy Stock Clothing\wizard\upperbody.ddsds

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Erotic_Oblivion_-_Included_in_OPPIII-13193\CTAddPose_bs_0_5\CTAddPose_bondage_sex_0_5\Meshes\characters\_male\idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S\S1.IMP.kf1.D.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Erotic_Oblivion_-_Included_in_OPPIII-13193\CTAddPose_bs_0_5\CTAddPose_bondage_sex_0_5\Meshes\characters\_male\idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S\S2.A.IMP.kfD.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Erotic_Oblivion_-_Included_in_OPPIII-13193\CTAddPose_bs_0_5\CTAddPose_bondage_sex_0_5\Meshes\characters\_male\idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S\S2.B.IMP.kfD.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Erotic_Oblivion_-_Included_in_OPPIII-13193\CTAddPose_bs_0_5\CTAddPose_bondage_sex_0_5\Meshes\characters\_male\idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S\S2.C.IMP.kfD.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Erotic_Oblivion_-_Included_in_OPPIII-13193\CTAddPose_bs_0_5\CTAddPose_bondage_sex_0_5\Meshes\characters\_male\idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S\S2.D.IMP.kfD.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Erotic_Oblivion_-_Included_in_OPPIII-13193\CTAddPose_bs_0_5\CTAddPose_bondage_sex_0_5\Meshes\characters\_male\idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S\S2.E.IMP.kfD.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\M.bondage pose pack.bondage sex readme.txt\bondage1.A.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\M.bondage pose pack.bondage sex readme.txt\bondage1.B.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\M.bondage pose pack.bondage sex readme.txt\bondage2.A.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\M.bondage pose pack.bondage sex readme.txt\bondage4.A.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\M.bondage pose pack.bondage sex readme.txt\bondage4.B.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\M.bondage pose pack.bondage sex readme.txt\bondage4.C.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\M.bondage pose pack.bondage sex readme.txt\bondage4.D.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\M.bondage pose pack.bondage sex readme.txt\bondagebj1.A.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\M.bondage pose pack.bondage sex readme.txt\bondagebj1.B.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S sex\M.bondagepack.bondage sex readme.txt\Irrumatio1.A.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S sex\M.bondagepack.bondage sex readme.txt\Irrumatio1.B.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S sex\M.bondagepack.bondage sex readme.txt\Irrumatio1.C.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S sex\M.bondagepack.bondage sex readme.txt\Irrumatio1.D.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S sex\M.bondagepack.bondage sex readme.txt\S1.IMP.kf1.D.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S sex\M.bondagepack.bondage sex readme.txt\S2.A.IMP.kfD.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S sex\M.bondagepack.bondage sex readme.txt\S2.B.IMP.kfD.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S sex\M.bondagepack.bondage sex readme.txt\S2.C.IMP.kfD.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S sex\M.bondagepack.bondage sex readme.txt\S2.D.IMP.kfD.IMP.kf

!-->[Hidden] C:\Documents and Settings\Meletis\????????? ????????\MODS\Oblivion mods\Oblivion_Pose_Pack_III_and_Erotic_Oblivion_Pose_Pack_II-13193\OblivionPosePackandEroticPosePackIII\Data\meshes\characters\_male\Idleanims\CTAddPose\Jp Modders Community pose?pack.bondage sex\S sex\M.bondagepack.bondage sex readme.txt\S2.E.IMP.kfD.IMP.kf

!-->[Hidden] C:\RECYCLER\S-1-5-21-3356485021-903880006-872053565-1007\Dc1.dat

!-->[Hidden] C:\RECYCLER\S-1-5-21-3356485021-903880006-872053565-1007\Dc2.dat

!-->[Hidden] C:\RECYCLER\S-1-5-21-3356485021-903880006-872053565-1007\Dc3.dat

!-->[Hidden] C:\RECYCLER\S-1-5-21-3356485021-903880006-872053565-1007\Dc4.dat

!-->[Hidden] C:\RECYCLER\S-1-5-21-3356485021-903880006-872053565-1007\Dc5.dat

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x0002D85C, Type: Inline - RelativeCall 0x8050485C-->F4F72EF1 [unknown_code_page]

ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]

[1108]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71974057-->00000000 [unknown_code_page]

[1108]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x7197433A-->00000000 [unknown_code_page]

[1108]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71975847-->00000000 [unknown_code_page]

[1108]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C91E47C-->00000000 [unknown_code_page]

[1108]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C91D6EE-->00000000 [unknown_code_page]

[1108]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C91DFAE-->00000000 [unknown_code_page]

[1108]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E3A974E-->00000000 [unknown_code_page]

[1836]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [shimeng.dll]

[1836]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [shimeng.dll]

[1836]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[1836]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71974057-->00000000 [unknown_code_page]

[1836]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x7197433A-->00000000 [unknown_code_page]

[1836]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71975847-->00000000 [unknown_code_page]

[1836]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C91E47C-->00000000 [unknown_code_page]

[1836]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C91D6EE-->00000000 [unknown_code_page]

[1836]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C91DFAE-->00000000 [unknown_code_page]

[1836]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9D15A4-->00000000 [shimeng.dll]

[1836]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E39133C-->00000000 [shimeng.dll]

[2076]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040C0E4-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0040C0E0-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0040C0B0-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0040C0B8-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x7C9D1134-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9D15A4-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9D13E8-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9D163C-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9D161C-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9D15A0-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x7C9D1D18-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcA, Type: IAT modification 0x7C9D1D48-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x7C9D1EA4-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x7C9D1E3C-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x7C9D1EE4-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x7C9D1F90-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x7C9D1D34-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->user32.dll-->DefWindowProcW, Type: IAT modification 0x0040C268-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->user32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x7E391130-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x0040C2A4-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E39133C-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3912F4-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E391208-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E391340-->00000000 [yui.dll]

[2076]Ymsgr_tray.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x0040C29C-->00000000 [yui.dll]

[3172]wmplayer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [shimeng.dll]

[3172]wmplayer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [shimeng.dll]

[3172]wmplayer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001028-->00000000 [shimeng.dll]

[3172]wmplayer.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x01001094-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x01001054-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9D15A4-->00000000 [shimeng.dll]

[3172]wmplayer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9D13E8-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9D163C-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9D161C-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9D15A0-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E39133C-->00000000 [shimeng.dll]

[3172]wmplayer.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3912F4-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E391208-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E391340-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x40B814B0-->00000000 [shimeng.dll]

[3172]wmplayer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x40B814B4-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x40B81450-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x40B81350-->00000000 [aclayers.dll]

[3172]wmplayer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719D109C-->00000000 [shimeng.dll]

[3172]wmplayer.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719D10A8-->00000000 [aclayers.dll]

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

OTL extras

OTL Extras logfile created on: 22/10/2010 4:57:32 ?? - Run 1

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Meletis\????????? ????????

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000408 | Country: ?????? | Language: ELL | Date Format: d/M/yyyy

1.022,00 Mb Total Physical Memory | 415,00 Mb Available Physical Memory | 41,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 293,97 Gb Total Space | 15,55 Gb Free Space | 5,29% Space Free | Partition Type: NTFS

Drive D: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MEL | User Name: Meletis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:????????????? ??????? -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation)

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)

"C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:????????????? ??????? -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation)

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)

"C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)

"C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\SCDA-Offline\System\SplinterCell4.exe" = C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4 -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found

"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008 -- File not found

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)

"D:\HIW\stInstall.exe" = D:\HIW\stInstall.exe:*:Enabled:Thomson Home Install Wizard -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found

"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found

"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 -- File not found

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)

"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)

"C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe" = C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)

"C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe" = C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)

"C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe" = C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game -- (BioWare)

"C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe" = C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher -- (BioWare)

"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- File not found

"C:\Documents and Settings\Meletis\????????? ????????\??????? (15)\PIC6777658898-JPG-www.facebook.com.scr" = C:\WINDOWS\jusched.exe:*:Enabled:Java developer Script Browse -- File not found

"C:\Program Files\Dragon Age\tools\DragonAgeToolset.exe" = C:\Program Files\Dragon Age\tools\DragonAgeToolset.exe:*:Enabled:Dragon Age Toolset -- File not found

"C:\Program Files\Dragon Age\tools\RPU.exe" = C:\Program Files\Dragon Age\tools\RPU.exe:*:Enabled:Dragon Age Toolset RPU -- File not found

"C:\Program Files\Dragon Age\tools\lightmapper\eclipseRay.exe" = C:\Program Files\Dragon Age\tools\lightmapper\eclipseRay.exe:*:Enabled:Dragon Age Toolset Lightmapper -- File not found

"C:\Program Files\Dragon Age\tools\GffEditor.exe" = C:\Program Files\Dragon Age\tools\GffEditor.exe:*:Enabled:Dragon Age Toolset GFF editor -- File not found

"C:\Program Files\Dragon Age\tools\ErfEditor.exe" = C:\Program Files\Dragon Age\tools\ErfEditor.exe:*:Enabled:Dragon Age Toolset ERF editor -- File not found

"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)

"C:\Program Files\GreenLife Emerald Viewer\SLVoice.exe" = C:\Program Files\GreenLife Emerald Viewer\SLVoice.exe:*:Enabled:SLVoice -- File not found

"C:\Program Files\Imprudence\SLVoice.exe" = C:\Program Files\Imprudence\SLVoice.exe:*:Enabled:SLVoice -- ()

"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()

"C:\DOCUME~1\Meletis\LOCALS~1\Temp\0.09279522507920523.exe" = C:\DOCUME~1\Meletis\LOCALS~1\Temp\0.09279522507920523.exe:*:Enabled:ldrsoft -- File not found

"C:\Documents and Settings\Meletis\Application Data\download2\svcnost.exe" = C:\Documents and Settings\Meletis\Application Data\download2\svcnost.exe:*:Enabled:ldrsoft -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{00BE2030-4991-43DF-80ED-358431E39B7C}" = Windows Live Essentials

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = ???????? ????????? ??? Windows Live

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2C272396-11B1-79BD-2BB3-40B9BEE9BCE5}" = Catalyst Control Center Core Implementation

"{2C497FCD-1328-4E40-8371-891510FF868D}" = Trivial Pursuit Bring On The 90s

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{31DABA20-10A1-4746-9D9F-57955B8DFF66}" = Free Games Offer, Desktop Shortcut

"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C9408-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{3965256E-B886-43BD-9354-984FCEDDAAD7}" = Samsung PC Studio

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset

"{3D9E9EB7-B14F-4AE4-8C1F-1AD4CF3093BE}" = Microsoft .NET Framework 1.1 Greek Language Pack

"{4062364A-1290-43E5-8250-6A0C8C74CABC}" = ccc-core-preinstall

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{4231395F-C55C-FBAD-E4A5-C0E7D67F32E4}" = Catalyst Control Center Graphics Full New

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{51962132-EF73-4015-A69E-1538CDDFB835}" = Windows Live Mail

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{572527DD-05F1-E9EA-5B4F-055ECDD720EB}" = ccc-utility

"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1" = Community Expansion Pack version 1.01b

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{68C5D587-4E0C-3657-B1E1-C67153A02750}" = Microsoft .NET Framework 3.5 Language Pack - ell

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7326545B-05C8-4308-9697-EAA3F9552018}" = Sudoku Works

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{75052453-E294-3E34-82AE-91BF5E236837}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ELL

"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{784B4EE3-E308-4706-B3DC-51029944240B}" = Microsoft Works

"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer

"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights

"{7E37FE5D-833D-8CEC-68DE-665DDDDA06B5}" = Catalyst Control Center Graphics Light

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.13

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate II - Shadows of Amn

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90110408-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable

"{94F70511-C8A8-413C-AC8D-65313D8D3082}" = Windows Live Messenger

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9977BB98-D0E6-4850-A3BF-2BD8CFB9D794}" = ?????? ??????? ??? Windows Live

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9FEECBDA-8378-4874-AD65-D9E232BE2D11}" = Windows Live Sync

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A73C3B76-C889-29FF-811E-14AF82CCEBEE}" = ccc-core-static

"{A8B2C826-3627-52AA-D5B5-D89F178F4A8B}" = Catalyst Control Center Graphics Full Existing

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABC0976C-723E-CDA4-7F09-378FAF2C2890}" = Skins

"{AC138218-5F23-DCC0-357D-143EF8451483}" = CCC Help English

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1032-7B44-A70000000000}" = Adobe Reader 7.0 - Greek

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{B1166CA2-9264-C562-AEDE-7C1965CBAAF8}" = Catalyst Control Center Graphics Previews Common

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor

"{D7736EE8-AFCE-4735-BBE3-652CDFBBFCA8}_is1" = Imprudence Viewer 1.3.0 RC2

"{D87B8C91-4659-4C3B-A894-A4D670AE95E2}" = ??????? ??????????? ??? Windows Live

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 52%

"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2

"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase

"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

OTL EXTRAS

OTL Extras logfile created on: 22/10/2010 4:57:32 ?? - Run 1

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Meletis\????????? ????????

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000408 | Country: ?????? | Language: ELL | Date Format: d/M/yyyy

1.022,00 Mb Total Physical Memory | 415,00 Mb Available Physical Memory | 41,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 293,97 Gb Total Space | 15,55 Gb Free Space | 5,29% Space Free | Partition Type: NTFS

Drive D: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MEL | User Name: Meletis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:????????????? ??????? -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation)

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)

"C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:????????????? ??????? -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation)

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)

"C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)

"C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\SCDA-Offline\System\SplinterCell4.exe" = C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4 -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found

"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008 -- File not found

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)

"D:\HIW\stInstall.exe" = D:\HIW\stInstall.exe:*:Enabled:Thomson Home Install Wizard -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found

"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found

"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 -- File not found

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)

"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)

"C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe" = C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)

"C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe" = C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)

"C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe" = C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game -- (BioWare)

"C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe" = C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher -- (BioWare)

"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- File not found

"C:\Documents and Settings\Meletis\????????? ????????\??????? (15)\PIC6777658898-JPG-www.facebook.com.scr" = C:\WINDOWS\jusched.exe:*:Enabled:Java developer Script Browse -- File not found

"C:\Program Files\Dragon Age\tools\DragonAgeToolset.exe" = C:\Program Files\Dragon Age\tools\DragonAgeToolset.exe:*:Enabled:Dragon Age Toolset -- File not found

"C:\Program Files\Dragon Age\tools\RPU.exe" = C:\Program Files\Dragon Age\tools\RPU.exe:*:Enabled:Dragon Age Toolset RPU -- File not found

"C:\Program Files\Dragon Age\tools\lightmapper\eclipseRay.exe" = C:\Program Files\Dragon Age\tools\lightmapper\eclipseRay.exe:*:Enabled:Dragon Age Toolset Lightmapper -- File not found

"C:\Program Files\Dragon Age\tools\GffEditor.exe" = C:\Program Files\Dragon Age\tools\GffEditor.exe:*:Enabled:Dragon Age Toolset GFF editor -- File not found

"C:\Program Files\Dragon Age\tools\ErfEditor.exe" = C:\Program Files\Dragon Age\tools\ErfEditor.exe:*:Enabled:Dragon Age Toolset ERF editor -- File not found

"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)

"C:\Program Files\GreenLife Emerald Viewer\SLVoice.exe" = C:\Program Files\GreenLife Emerald Viewer\SLVoice.exe:*:Enabled:SLVoice -- File not found

"C:\Program Files\Imprudence\SLVoice.exe" = C:\Program Files\Imprudence\SLVoice.exe:*:Enabled:SLVoice -- ()

"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()

"C:\DOCUME~1\Meletis\LOCALS~1\Temp\0.09279522507920523.exe" = C:\DOCUME~1\Meletis\LOCALS~1\Temp\0.09279522507920523.exe:*:Enabled:ldrsoft -- File not found

"C:\Documents and Settings\Meletis\Application Data\download2\svcnost.exe" = C:\Documents and Settings\Meletis\Application Data\download2\svcnost.exe:*:Enabled:ldrsoft -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{00BE2030-4991-43DF-80ED-358431E39B7C}" = Windows Live Essentials

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = ???????? ????????? ??? Windows Live

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2C272396-11B1-79BD-2BB3-40B9BEE9BCE5}" = Catalyst Control Center Core Implementation

"{2C497FCD-1328-4E40-8371-891510FF868D}" = Trivial Pursuit Bring On The 90s

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{31DABA20-10A1-4746-9D9F-57955B8DFF66}" = Free Games Offer, Desktop Shortcut

"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C9408-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{3965256E-B886-43BD-9354-984FCEDDAAD7}" = Samsung PC Studio

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset

"{3D9E9EB7-B14F-4AE4-8C1F-1AD4CF3093BE}" = Microsoft .NET Framework 1.1 Greek Language Pack

"{4062364A-1290-43E5-8250-6A0C8C74CABC}" = ccc-core-preinstall

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{4231395F-C55C-FBAD-E4A5-C0E7D67F32E4}" = Catalyst Control Center Graphics Full New

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{51962132-EF73-4015-A69E-1538CDDFB835}" = Windows Live Mail

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{572527DD-05F1-E9EA-5B4F-055ECDD720EB}" = ccc-utility

"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1" = Community Expansion Pack version 1.01b

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{68C5D587-4E0C-3657-B1E1-C67153A02750}" = Microsoft .NET Framework 3.5 Language Pack - ell

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7326545B-05C8-4308-9697-EAA3F9552018}" = Sudoku Works

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{75052453-E294-3E34-82AE-91BF5E236837}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ELL

"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{784B4EE3-E308-4706-B3DC-51029944240B}" = Microsoft Works

"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer

"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights

"{7E37FE5D-833D-8CEC-68DE-665DDDDA06B5}" = Catalyst Control Center Graphics Light

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.13

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate II - Shadows of Amn

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90110408-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable

"{94F70511-C8A8-413C-AC8D-65313D8D3082}" = Windows Live Messenger

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9977BB98-D0E6-4850-A3BF-2BD8CFB9D794}" = ?????? ??????? ??? Windows Live

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9FEECBDA-8378-4874-AD65-D9E232BE2D11}" = Windows Live Sync

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A73C3B76-C889-29FF-811E-14AF82CCEBEE}" = ccc-core-static

"{A8B2C826-3627-52AA-D5B5-D89F178F4A8B}" = Catalyst Control Center Graphics Full Existing

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABC0976C-723E-CDA4-7F09-378FAF2C2890}" = Skins

"{AC138218-5F23-DCC0-357D-143EF8451483}" = CCC Help English

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1032-7B44-A70000000000}" = Adobe Reader 7.0 - Greek

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{B1166CA2-9264-C562-AEDE-7C1965CBAAF8}" = Catalyst Control Center Graphics Previews Common

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor

"{D7736EE8-AFCE-4735-BBE3-652CDFBBFCA8}_is1" = Imprudence Viewer 1.3.0 RC2

"{D87B8C91-4659-4C3B-A894-A4D670AE95E2}" = ??????? ??????????? ??? Windows Live

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 52%

"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2

"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase

"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

OTL Extras logfile created on: 22/10/2010 4:57:32 ?? - Run 1

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Meletis\????????? ????????

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000408 | Country: ?????? | Language: ELL | Date Format: d/M/yyyy

1.022,00 Mb Total Physical Memory | 415,00 Mb Available Physical Memory | 41,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 293,97 Gb Total Space | 15,55 Gb Free Space | 5,29% Space Free | Partition Type: NTFS

Drive D: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MEL | User Name: Meletis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:???????? ?????? ?????? ??????? ??? Windows Media Player

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:????????????? ??????? -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation)

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)

"C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:????????????? ??????? -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation)

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)

"C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)

"C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\SCDA-Offline\System\SplinterCell4.exe" = C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4 -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found

"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008 -- File not found

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)

"D:\HIW\stInstall.exe" = D:\HIW\stInstall.exe:*:Enabled:Thomson Home Install Wizard -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found

"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found

"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 -- File not found

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)

"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)

"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)

"C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe" = C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)

"C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe" = C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)

"C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe" = C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game -- (BioWare)

"C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe" = C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher -- (BioWare)

"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- File not found

"C:\Documents and Settings\Meletis\????????? ????????\??????? (15)\PIC6777658898-JPG-www.facebook.com.scr" = C:\WINDOWS\jusched.exe:*:Enabled:Java developer Script Browse -- File not found

"C:\Program Files\Dragon Age\tools\DragonAgeToolset.exe" = C:\Program Files\Dragon Age\tools\DragonAgeToolset.exe:*:Enabled:Dragon Age Toolset -- File not found

"C:\Program Files\Dragon Age\tools\RPU.exe" = C:\Program Files\Dragon Age\tools\RPU.exe:*:Enabled:Dragon Age Toolset RPU -- File not found

"C:\Program Files\Dragon Age\tools\lightmapper\eclipseRay.exe" = C:\Program Files\Dragon Age\tools\lightmapper\eclipseRay.exe:*:Enabled:Dragon Age Toolset Lightmapper -- File not found

"C:\Program Files\Dragon Age\tools\GffEditor.exe" = C:\Program Files\Dragon Age\tools\GffEditor.exe:*:Enabled:Dragon Age Toolset GFF editor -- File not found

"C:\Program Files\Dragon Age\tools\ErfEditor.exe" = C:\Program Files\Dragon Age\tools\ErfEditor.exe:*:Enabled:Dragon Age Toolset ERF editor -- File not found

"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)

"C:\Program Files\GreenLife Emerald Viewer\SLVoice.exe" = C:\Program Files\GreenLife Emerald Viewer\SLVoice.exe:*:Enabled:SLVoice -- File not found

"C:\Program Files\Imprudence\SLVoice.exe" = C:\Program Files\Imprudence\SLVoice.exe:*:Enabled:SLVoice -- ()

"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()

"C:\DOCUME~1\Meletis\LOCALS~1\Temp\0.09279522507920523.exe" = C:\DOCUME~1\Meletis\LOCALS~1\Temp\0.09279522507920523.exe:*:Enabled:ldrsoft -- File not found

"C:\Documents and Settings\Meletis\Application Data\download2\svcnost.exe" = C:\Documents and Settings\Meletis\Application Data\download2\svcnost.exe:*:Enabled:ldrsoft -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{00BE2030-4991-43DF-80ED-358431E39B7C}" = Windows Live Essentials

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = ???????? ????????? ??? Windows Live

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2C272396-11B1-79BD-2BB3-40B9BEE9BCE5}" = Catalyst Control Center Core Implementation

"{2C497FCD-1328-4E40-8371-891510FF868D}" = Trivial Pursuit Bring On The 90s

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{31DABA20-10A1-4746-9D9F-57955B8DFF66}" = Free Games Offer, Desktop Shortcut

"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C9408-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{3965256E-B886-43BD-9354-984FCEDDAAD7}" = Samsung PC Studio

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset

"{3D9E9EB7-B14F-4AE4-8C1F-1AD4CF3093BE}" = Microsoft .NET Framework 1.1 Greek Language Pack

"{4062364A-1290-43E5-8250-6A0C8C74CABC}" = ccc-core-preinstall

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{4231395F-C55C-FBAD-E4A5-C0E7D67F32E4}" = Catalyst Control Center Graphics Full New

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{51962132-EF73-4015-A69E-1538CDDFB835}" = Windows Live Mail

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{572527DD-05F1-E9EA-5B4F-055ECDD720EB}" = ccc-utility

"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1" = Community Expansion Pack version 1.01b

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{68C5D587-4E0C-3657-B1E1-C67153A02750}" = Microsoft .NET Framework 3.5 Language Pack - ell

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7326545B-05C8-4308-9697-EAA3F9552018}" = Sudoku Works

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{75052453-E294-3E34-82AE-91BF5E236837}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ELL

"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{784B4EE3-E308-4706-B3DC-51029944240B}" = Microsoft Works

"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer

"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights

"{7E37FE5D-833D-8CEC-68DE-665DDDDA06B5}" = Catalyst Control Center Graphics Light

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.13

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate II - Shadows of Amn

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90110408-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable

"{94F70511-C8A8-413C-AC8D-65313D8D3082}" = Windows Live Messenger

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9977BB98-D0E6-4850-A3BF-2BD8CFB9D794}" = ?????? ??????? ??? Windows Live

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9FEECBDA-8378-4874-AD65-D9E232BE2D11}" = Windows Live Sync

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A73C3B76-C889-29FF-811E-14AF82CCEBEE}" = ccc-core-static

"{A8B2C826-3627-52AA-D5B5-D89F178F4A8B}" = Catalyst Control Center Graphics Full Existing

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABC0976C-723E-CDA4-7F09-378FAF2C2890}" = Skins

"{AC138218-5F23-DCC0-357D-143EF8451483}" = CCC Help English

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1032-7B44-A70000000000}" = Adobe Reader 7.0 - Greek

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{B1166CA2-9264-C562-AEDE-7C1965CBAAF8}" = Catalyst Control Center Graphics Previews Common

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor

"{D7736EE8-AFCE-4735-BBE3-652CDFBBFCA8}_is1" = Imprudence Viewer 1.3.0 RC2

"{D87B8C91-4659-4C3B-A894-A4D670AE95E2}" = ??????? ??????????? ??? Windows Live

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 52%

"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2

"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase

"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
    DRV - (kwuwwmn) -- C:\WINDOWS\System32\drivers\ajhym.sys File not found
    DRV - (asbp2poa) -- C:\DOCUME~1\Meletis\LOCALS~1\Temp\asbp2poa.sys File not found
    DRV - (sxfhokzk) -- C:\WINDOWS\system32\drivers\uuchnu.sys ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {6DBBD536-66E5-4ED5-811D-2A13F863F378} - File not found
    O2 - BHO: (no name) - {A22E55EC-BDF3-4A09-9CB3-0524BD8F49D5} - File not found
    O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
    O4 - HKCU..\Run: [nodenable] C:\Program Files\eset\nodenable.exe File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\urqnoNhf) - File not found

    :Files
    C:\WINDOWS\system32\Drivers\str.sys

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

===================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

Thanks for your reply here is the OLT log:

All processes killed

========== OTL ==========

Service Lbd stopped successfully!

Service Lbd deleted successfully!

File C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found not found.

Service kwuwwmn stopped successfully!

Service kwuwwmn deleted successfully!

File C:\WINDOWS\System32\drivers\ajhym.sys File not found not found.

Service asbp2poa stopped successfully!

Service asbp2poa deleted successfully!

File C:\DOCUME~1\Meletis\LOCALS~1\Temp\asbp2poa.sys File not found not found.

Service sxfhokzk stopped successfully!

Service sxfhokzk deleted successfully!

C:\WINDOWS\system32\drivers\uuchnu.sys moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DBBD536-66E5-4ED5-811D-2A13F863F378}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DBBD536-66E5-4ED5-811D-2A13F863F378}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A22E55EC-BDF3-4A09-9CB3-0524BD8F49D5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A22E55EC-BDF3-4A09-9CB3-0524BD8F49D5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nodenable deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\urqnoNhf deleted successfully.

========== FILES ==========

File\Folder C:\WINDOWS\system32\Drivers\str.sys not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 196742 bytes

->Flash cache emptied: 348 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 196742 bytes

->Flash cache emptied: 348 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 18879642 bytes

User: Meletis

->Temp folder emptied: 159405810 bytes

->Temporary Internet Files folder emptied: 519075169 bytes

->Java cache emptied: 35303603 bytes

->FireFox cache emptied: 107600298 bytes

->Google Chrome cache emptied: 594288 bytes

->Flash cache emptied: 418518 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 437515 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 531569 bytes

%systemroot%\System32 .tmp files removed: 4231070 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2340761 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91256808 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34329 bytes

RecycleBin emptied: 347093179 bytes

Total Files Cleaned = 1.228,00 mb

OTL by OldTimer - Version 3.2.16.0 log created on 10232010_192611

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

.....and the TDSS report :

2010/10/23 20:02:46.0109 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/23 20:02:46.0109 ================================================================================

2010/10/23 20:02:46.0109 SystemInfo:

2010/10/23 20:02:46.0109

2010/10/23 20:02:46.0109 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/23 20:02:46.0109 Product type: Workstation

2010/10/23 20:02:46.0109 ComputerName: MEL

2010/10/23 20:02:46.0109 UserName: Meletis

2010/10/23 20:02:46.0109 Windows directory: C:\WINDOWS

2010/10/23 20:02:46.0109 System windows directory: C:\WINDOWS

2010/10/23 20:02:46.0109 Processor architecture: Intel x86

2010/10/23 20:02:46.0109 Number of processors: 2

2010/10/23 20:02:46.0109 Page size: 0x1000

2010/10/23 20:02:46.0109 Boot type: Normal boot

2010/10/23 20:02:46.0109 ================================================================================

2010/10/23 20:02:48.0000 Initialize success

2010/10/23 20:03:17.0031 ================================================================================

2010/10/23 20:03:17.0031 Scan started

2010/10/23 20:03:17.0031 Mode: Manual;

2010/10/23 20:03:17.0031 ================================================================================

2010/10/23 20:03:17.0375 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/23 20:03:17.0437 ACPI (1c3c72c504f312c19426cc7cb9ad8e98) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/23 20:03:17.0468 ACPIEC (99f9466c2611e379c88fbbfc8df89b17) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/23 20:03:17.0515 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/23 20:03:17.0562 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/23 20:03:17.0609 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/23 20:03:17.0703 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2010/10/23 20:03:17.0781 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/23 20:03:17.0843 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/23 20:03:17.0859 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/23 20:03:17.0875 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/23 20:03:17.0906 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/23 20:03:17.0921 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/23 20:03:17.0953 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/23 20:03:18.0000 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/23 20:03:18.0046 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/23 20:03:18.0062 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/23 20:03:18.0078 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/23 20:03:18.0093 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/23 20:03:18.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/23 20:03:18.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/23 20:03:18.0421 ati2mtag (b1ae41cfe277e043837aa2b875adb757) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/23 20:03:18.0500 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys

2010/10/23 20:03:18.0546 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/23 20:03:18.0609 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/23 20:03:18.0625 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/23 20:03:18.0687 C-Dilla (4ff76600b4ca68376b80af1683799c60) C:\WINDOWS\system32\drivers\CDANT.SYS

2010/10/23 20:03:18.0765 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/23 20:03:18.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/23 20:03:18.0828 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/23 20:03:18.0875 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/23 20:03:18.0890 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/23 20:03:18.0953 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/23 20:03:18.0968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/23 20:03:19.0062 CmdIde (60283ea308dc655c9380738d0af1da5c) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/23 20:03:19.0078 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/23 20:03:19.0125 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/23 20:03:19.0140 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/23 20:03:19.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/23 20:03:19.0265 dmboot (fd983f66eeb5245ef9b28ea3444b2e20) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/23 20:03:19.0328 dmio (a732fc0d3b930e2539018eb8ec9314c2) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/23 20:03:19.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/23 20:03:19.0437 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/23 20:03:19.0468 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/23 20:03:19.0484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/23 20:03:19.0531 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/23 20:03:19.0562 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/23 20:03:19.0593 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

2010/10/23 20:03:19.0703 Fips (418d3078a9b107de75c9ba9b56cba035) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/23 20:03:19.0734 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/23 20:03:19.0796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/23 20:03:19.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/23 20:03:19.0875 Ftdisk (9c798fdc0d53dfba6f4c4059a11fbfe8) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/23 20:03:19.0937 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys

2010/10/23 20:03:20.0078 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/23 20:03:20.0125 HdAudAddService (231101a621df0a85baef6e14549db3ac) C:\WINDOWS\system32\drivers\viahduaa.sys

2010/10/23 20:03:20.0234 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/23 20:03:20.0265 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/23 20:03:20.0328 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/23 20:03:20.0390 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/10/23 20:03:20.0437 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/10/23 20:03:20.0468 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/10/23 20:03:20.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/23 20:03:20.0593 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/23 20:03:20.0609 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/23 20:03:20.0656 i8042prt (f8d6633482e0bd81766c74441b134fdf) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/23 20:03:20.0687 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/23 20:03:20.0750 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/23 20:03:20.0812 IntelIde (f7fef9ec8265d512dc65c7c5dcdcc445) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/23 20:03:20.0875 intelppm (bb055e429e9f54aa3fba2dd33beb0935) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/23 20:03:20.0921 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/23 20:03:20.0953 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/23 20:03:21.0000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/23 20:03:21.0046 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/23 20:03:21.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/23 20:03:21.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/23 20:03:21.0140 isapnp (d3715a2dba29215be59dcfc11294d493) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/23 20:03:21.0187 Kbdclass (af1fd8035b4a34eaf25f8bb1cd3c95ff) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/23 20:03:21.0234 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/23 20:03:21.0296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/23 20:03:21.0375 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

2010/10/23 20:03:21.0437 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/23 20:03:21.0500 Modem (4c84460a6bc9a5bf60555c04be55792e) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/23 20:03:21.0515 Mouclass (6be02786a7c13cceae728298effa0730) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/23 20:03:21.0578 mouhid (89ddb41a54ddf8b3e5b7b9e92ed23a50) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/23 20:03:21.0609 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/23 20:03:21.0656 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/23 20:03:21.0734 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/23 20:03:21.0796 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/23 20:03:21.0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/23 20:03:21.0859 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/23 20:03:21.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/23 20:03:21.0937 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/23 20:03:21.0984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/23 20:03:22.0031 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/23 20:03:22.0109 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

2010/10/23 20:03:22.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/23 20:03:22.0250 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/23 20:03:22.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/23 20:03:22.0343 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/23 20:03:22.0375 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/23 20:03:22.0421 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/23 20:03:22.0437 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/23 20:03:22.0453 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/23 20:03:22.0484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/23 20:03:22.0531 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/23 20:03:22.0609 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/23 20:03:22.0671 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/23 20:03:22.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/23 20:03:22.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/23 20:03:22.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/23 20:03:22.0843 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/23 20:03:22.0890 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/23 20:03:22.0968 Parport (3d383486b2d3b97cd44334a406ae3418) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/23 20:03:23.0031 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/23 20:03:23.0078 ParVdm (cbc2a624a1dac81bd1a2932985a8955f) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/23 20:03:23.0125 PCI (dcb32b61125e35af33cb8cd54a1e7737) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/23 20:03:23.0171 PCIIde (d0f88f309e94460ae276c843192d9de7) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/23 20:03:23.0218 Pcmcia (1e052d2d5a43c0d097fd96b1490d6083) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/23 20:03:23.0437 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/23 20:03:23.0453 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/23 20:03:23.0531 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/23 20:03:23.0562 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/23 20:03:23.0609 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/23 20:03:23.0671 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/23 20:03:23.0687 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/23 20:03:23.0703 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/23 20:03:23.0765 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/23 20:03:23.0812 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/23 20:03:23.0828 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/23 20:03:23.0859 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/23 20:03:23.0906 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/23 20:03:23.0953 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/23 20:03:24.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/23 20:03:24.0031 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/23 20:03:24.0046 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/23 20:03:24.0093 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/23 20:03:24.0140 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/23 20:03:24.0187 redbook (eb83edb7f55f1910e4db8c823a86ceed) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/23 20:03:24.0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/23 20:03:24.0359 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/23 20:03:24.0406 Serial (ad994a88bbfa3c686397951b11a701a5) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/23 20:03:24.0421 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/23 20:03:24.0515 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/23 20:03:24.0609 sojubus (4ad09198f3752a92a8a88dbd4ebc4c62) C:\WINDOWS\system32\DRIVERS\sojubus.sys

2010/10/23 20:03:24.0625 sojuscsi (fde30bd6a81d0da7ef783198a1fe3d7e) C:\WINDOWS\system32\DRIVERS\sojuscsi.sys

2010/10/23 20:03:24.0687 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/23 20:03:24.0718 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys

2010/10/23 20:03:24.0812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/23 20:03:24.0875 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys

2010/10/23 20:03:24.0875 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

2010/10/23 20:03:24.0890 sptd - detected Locked file (1)

2010/10/23 20:03:24.0906 sr (a41ac0d87dc3054db716f1456c84391c) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/23 20:03:24.0968 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/23 20:03:25.0046 ssm_bus (df5c19f053eff7f8ba25d73aea899656) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys

2010/10/23 20:03:25.0093 ssm_mdfl (5347169fa449eabc4d0728ae39fab926) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys

2010/10/23 20:03:25.0140 ssm_mdm (7aae23dd105eed15c4f45fc269fa42a9) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

2010/10/23 20:03:25.0187 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/23 20:03:25.0234 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/23 20:03:25.0312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/23 20:03:25.0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/23 20:03:25.0421 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/23 20:03:25.0468 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/23 20:03:25.0500 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/23 20:03:25.0531 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/23 20:03:25.0593 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/23 20:03:25.0687 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/23 20:03:25.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/23 20:03:25.0781 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/23 20:03:25.0843 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/23 20:03:25.0906 TosIde (db1964d2fa24fdd5aa23c80e1e049f75) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/23 20:03:25.0968 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

2010/10/23 20:03:26.0031 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/23 20:03:26.0078 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/23 20:03:26.0125 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/23 20:03:26.0187 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/10/23 20:03:26.0234 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/23 20:03:26.0281 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/23 20:03:26.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/23 20:03:26.0343 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/23 20:03:26.0406 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/23 20:03:26.0468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/23 20:03:26.0515 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/23 20:03:26.0562 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/10/23 20:03:26.0593 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2010/10/23 20:03:26.0656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/23 20:03:26.0718 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/23 20:03:26.0734 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/23 20:03:26.0781 VolSnap (3cf5dc3fdf17ae17d488d4548ac33741) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/23 20:03:26.0843 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/23 20:03:26.0890 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/23 20:03:27.0015 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/23 20:03:27.0078 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/23 20:03:27.0125 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/23 20:03:27.0140 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/23 20:03:27.0203 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/23 20:03:27.0203 ================================================================================

2010/10/23 20:03:27.0203 Scan finished

2010/10/23 20:03:27.0203 ================================================================================

2010/10/23 20:03:27.0218 Detected object count: 2

2010/10/23 20:03:57.0765 Locked file(sptd) - User select action: Skip

2010/10/23 20:03:57.0796 \HardDisk0\MBR - will be cured after reboot

2010/10/23 20:03:57.0796 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/23 20:04:22.0296 Deinitialize success

Sadly I am unable to run combofix.Whn I try to I get a bunch of repeated error messages saying that windows can't access the following files:

32788R22FWJFW\iexplore.exe

32788R22FWJFW\n.pif

32788R22FWJFW\hidec.exe

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Please delete the version of Combofix from off of the desktop.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe

Please post the log in your next reply.

Note: The log can be found at the root of your installed hard drive entitled rkill.log

Do not reboot after running that.

Then Download Combofix from any of the links below.

Please rename it to Iexplore.exe then save it to your desktop.

Link 1

Link 2

--------------------------------------------------------------------

Double click on Iexplore.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

Here is the log from rkill (licencetokill is the folder I created in desktop):

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as Meletis on 24/10/2010 at 1:04:30.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Meletis\????????? ????????\licencetokill\rkill.com

Rkill completed on 24/10/2010 at 1:04:32.

--------------------

Unfortunately I still can't run Combofix.After running rkill I downloaded it and renamed it accordingly but I still get the same repeated error messages.I click ok a bunch of times and I get a repeated prompt along with them saying that windows can't open nircmd.exe (the propmt that you have to choose a program from the list to open a file or search the web)

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Ok.

  1. Please download mbrcheck from Here
  2. Save that file to your desktop and double click on it to run it.
  3. It will show a Black screen with some data on it then hit any key to continue.
  4. Once it finishes there will be a log produced on your desktop that is labeled mbrcheck*.txt (where the * is date)
  5. Please post the contents of that log in your next reply.

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

Ok,here is the MBRcheck report:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000007fc

Kernel Drivers (total 170):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E6000 \WINDOWS\system32\hal.dll

0xF79D0000 \WINDOWS\system32\KDCOM.DLL

0xF78E0000 \WINDOWS\system32\BOOTVID.dll

0xF72CF000 spzg.sys

0xF79D2000 \WINDOWS\System32\Drivers\WMILIB.SYS

0xF72B7000 \WINDOWS\System32\Drivers\SCSIPORT.SYS

0xF7288000 ACPI.sys

0xF7277000 pci.sys

0xF74D0000 isapnp.sys

0xF7258000 sojubus.sys

0xF7A98000 pciide.sys

0xF7750000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF79D4000 aliide.sys

0xF79D6000 cmdide.sys

0xF79D8000 toside.sys

0xF79DA000 viaide.sys

0xF79DC000 intelide.sys

0xF74E0000 MountMgr.sys

0xF7239000 ftdisk.sys

0xF7758000 PartMgr.sys

0xF74F0000 VolSnap.sys

0xF78E4000 cpqarray.sys

0xF7221000

0xF78E8000 aha154x.sys

0xF7760000 sparrow.sys

0xF78EC000 symc810.sys

0xF7500000 aic78xx.sys

0xF78F0000 dac960nt.sys

0xF7510000 ql10wnt.sys

0xF78F4000 amsint.sys

0xF7768000 asc.sys

0xF78F8000 asc3550.sys

0xF7770000 mraid35x.sys

0xF7778000 i2omp.sys

0xF78FC000 ini910u.sys

0xF7520000 ql1240.sys

0xF7530000 aic78u2.sys

0xF7780000 symc8xx.sys

0xF7788000 sym_hi.sys

0xF7790000 sym_u3.sys

0xF7798000 ABP480N5.SYS

0xF77A0000 asc3350p.sys

0xF79DE000 cd20xrnt.sys

0xF7540000 ultra.sys

0xF7208000 adpu160m.sys

0xF77A8000 dpti2o.sys

0xF7550000 ql1080.sys

0xF7560000 ql1280.sys

0xF7570000 ql12160.sys

0xF77B0000 perc2.sys

0xF79E0000 perc2hib.sys

0xF77B8000 hpn.sys

0xF7900000 cbidf2k.sys

0xF71DC000 dac2w2k.sys

0xF79E2000 sojuscsi.sys

0xF7580000 disk.sys

0xF7590000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF71BC000 fltmgr.sys

0xF75A0000 PxHelp20.sys

0xF71A5000 KSecDD.sys

0xF7118000 Ntfs.sys

0xF70EB000 NDIS.sys

0xF75B0000 viaagp.sys

0xF75C0000 uagp35.sys

0xF79E4000 speedfan.sys

0xF75D0000 ohci1394.sys

0xF75E0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xF70D1000 Mup.sys

0xF7A99000 giveio.sys

0xF75F0000 alim1541.sys

0xF7600000 amdagp.sys

0xF7610000 agpCPQ.sys

0xF7640000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xF68E0000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF6399000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

0xF6385000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF6272000 \SystemRoot\system32\DRIVERS\AGRSM.sys

0xF624F000 \SystemRoot\system32\DRIVERS\ks.sys

0xF7A3A000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7868000 \SystemRoot\System32\Drivers\Modem.SYS

0xF68D0000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF68C0000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF68B0000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF7870000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xF622B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7878000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF7880000 \SystemRoot\system32\DRIVERS\fetnd5.sys

0xF6203000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF619E000 \SystemRoot\System32\Drivers\a7gmannm.SYS

0xF78D0000 \SystemRoot\system32\DRIVERS\fdc.sys

0xF618D000 \SystemRoot\system32\DRIVERS\serial.sys

0xF700D000 \SystemRoot\system32\DRIVERS\serenum.sys

0xF6179000 \SystemRoot\system32\DRIVERS\parport.sys

0xF7650000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF78D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF7B4D000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7660000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7009000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF6162000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF7670000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF7680000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF77C8000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF6151000 \SystemRoot\system32\DRIVERS\psched.sys

0xF7690000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF77D0000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7800000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF76A0000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7808000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7A48000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF60F3000 \SystemRoot\system32\DRIVERS\update.sys

0xF6FFD000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF76B0000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF76F0000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xAE7D8000 \SystemRoot\system32\drivers\viahduaa.sys

0xAE7B4000 \SystemRoot\system32\drivers\portcls.sys

0xF7710000 \SystemRoot\system32\drivers\drmk.sys

0xF6E42000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xF6E3A000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF7730000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF7818000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7A50000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xAE6E4000 \SystemRoot\System32\Drivers\Null.SYS

0xF7A52000 \SystemRoot\System32\Drivers\Beep.SYS

0xF7828000 \SystemRoot\System32\drivers\vga.sys

0xF7A54000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7A56000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF7830000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7838000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF6E26000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xAE6A5000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xAE64C000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xAE624000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF6E22000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xAE602000 \SystemRoot\System32\drivers\afd.sys

0xF70C1000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF7848000 \SystemRoot\System32\Drivers\StarOpen.SYS

0xAE5D7000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xAE567000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF70B1000 \SystemRoot\System32\Drivers\Fips.SYS

0xAE541000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF70A1000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF7091000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xF69F2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF79BC000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF6930000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xAE501000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7A7E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF5F61000 \SystemRoot\System32\drivers\Dxapi.sys

0xF69DA000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7AE4000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF062000 \SystemRoot\System32\ati2cqag.dll

0xBF0EE000 \SystemRoot\System32\atikvmag.dll

0xBF15B000 \SystemRoot\System32\atiok3x2.dll

0xBF19E000 \SystemRoot\System32\ati3duag.dll

0xBF571000 \SystemRoot\System32\ativvaxx.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xAC1BD000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xABE9C000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xABD69000 \SystemRoot\system32\DRIVERS\atksgt.sys

0xABD00000 \SystemRoot\System32\Drivers\HTTP.sys

0xABCC3000 \SystemRoot\system32\drivers\wdmaud.sys

0xABDAC000 \SystemRoot\system32\drivers\sysaudio.sys

0xABB55000 \SystemRoot\system32\DRIVERS\srv.sys

0xF7898000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0xABE2C000 \SystemRoot\system32\DRIVERS\secdrv.sys

0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 44):

0 System Idle Process

4 System

624 C:\WINDOWS\system32\smss.exe

676 csrss.exe

712 C:\WINDOWS\system32\winlogon.exe

764 C:\WINDOWS\system32\services.exe

776 C:\WINDOWS\system32\lsass.exe

936 C:\WINDOWS\system32\ati2evxx.exe

956 C:\WINDOWS\system32\svchost.exe

1024 svchost.exe

1072 C:\WINDOWS\system32\svchost.exe

1156 svchost.exe

1188 svchost.exe

1276 C:\WINDOWS\system32\ati2evxx.exe

1404 C:\WINDOWS\system32\spoolsv.exe

1556 svchost.exe

1668 C:\Program Files\AskBarDis\bar\bin\AskService.exe

1732 C:\Program Files\Bonjour\mDNSResponder.exe

1744 C:\WINDOWS\system32\drivers\CDANTSRV.EXE

1812 C:\WINDOWS\explorer.exe

1892 C:\WINDOWS\system32\svchost.exe

188 C:\WINDOWS\system32\HPZipm12.exe

268 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

388 C:\WINDOWS\system32\svchost.exe

540 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

584 C:\WINDOWS\system32\wuauclt.exe

672 wmpnetwk.exe

2116 C:\Program Files\VIAudioi\HDADeck\HDeck.exe

2140 C:\WINDOWS\AGRSMMSG.exe

2156 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

2164 C:\Program Files\QuickTime\qttask.exe

2204 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

2212 C:\Program Files\Java\jre6\bin\jusched.exe

2232 C:\WINDOWS\system32\ctfmon.exe

2260 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

2316 C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe

2416 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

2424 C:\Program Files\DAEMON Tools Lite\daemon.exe

2460 C:\Program Files\Windows Media Player\wmpnscfg.exe

3204 C:\WINDOWS\system32\wscntfy.exe

3324 wmiprvse.exe

3372 alg.exe

3468 C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe

3024 C:\Documents and Settings\Meletis\

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`07c33400 (NTFS)

PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AAC

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 5695AAF95A32284894D71211499743BB702112B6

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Looks like the mbr was not fixed.

Please run MBR check again and type Y at the "Enter 'Y' and hit ENTER for more options, or 'N' to exit" prompt.

Then at the next option choose option 1 then hit enter.

When prompted for the location of the disk type 0 then hit enter.

When prompted for a name to dump to type in mbrdump then hit enter then type -1 to exit.

After that please upload the dump Here it will be located on your desktop.

I will need to have a look at it.

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

Ok here is the new OTL log :

OTL logfile created on: 25/10/2010 12:44:21 ?? - Run 2

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Meletis\????????? ????????

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000408 | Country: ?????? | Language: ELL | Date Format: d/M/yyyy

1.022,00 Mb Total Physical Memory | 687,00 Mb Available Physical Memory | 67,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 293,97 Gb Total Space | 19,19 Gb Free Space | 6,53% Space Free | Partition Type: NTFS

Drive K: | 2,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MEL | User Name: Meletis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Meletis\????????? ????????\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Meletis\????????? ????????\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()

SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)

DRV - (usbaudio) ????????? ???????? ???? USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI)

DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI)

DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (sojubus) -- C:\WINDOWS\system32\DRIVERS\sojubus.sys ( )

DRV - (sojuscsi) -- C:\WINDOWS\system32\DRIVERS\sojuscsi.sys ( )

DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?mkt=el-gr&ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 31 FC 39 51 72 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.gr/"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 13:32:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 13:32:22 | 000,000,000 | ---D | M]

[2010/08/21 15:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Extensions

[2010/02/09 21:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2008/10/18 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\extensions

[2008/10/18 12:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/10/25 00:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions

[2010/08/22 19:20:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/18 13:39:04 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}

[2010/09/03 03:09:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/09/08 03:34:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/10/25 00:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\en-US@dictionaries.addons.mozilla.org

[2010/09/18 14:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\personas@christopher.beard

[2010/09/21 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\staged-xpis

[2010/08/21 15:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/23 03:14:25 | 000,001,525 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/07/23 03:14:25 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/07/23 03:14:25 | 000,001,219 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2004/09/07 15:00:00 | 000,000,944 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {6DBBD536-66E5-4ED5-811D-2A13F863F378} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (no name) - {A22E55EC-BDF3-4A09-9CB3-0524BD8F49D5} - No CLSID value found.

O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.

O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)

O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\???????????\????????\ID_???????_????????_???????????_HP_ell.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\Meletis\Start Menu\???????????\????????\PowerReg Scheduler V3.exe (Leader Technologies)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll File not found

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\iifcDSKB: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (???????? ?????? ??????) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Meletis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Meletis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/10/12 13:01:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/30 11:30:42 | 000,000,154 | R--- | M] () - K:\autorun.cfg -- [ UDF ]

O32 - AutoRun File - [2008/11/27 15:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - K:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006/09/11 16:26:42 | 000,000,027 | R--- | M] () - K:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{23ef24dc-0dc9-11de-901b-001617c8902f}\Shell - "" = AutoRun

O33 - MountPoints2\{23ef24dc-0dc9-11de-901b-001617c8902f}\Shell\AutoRun\command - "" = K:\autorun.exe -- [2008/11/27 15:02:24 | 000,214,280 | R--- | M] (Sports Interactive)

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe -- File not found

O33 - MountPoints2\Z\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\PROGRA~1\AVG\AVG10\avgrsx.exe File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 01:13:52 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/10/24 01:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\????????? ????????\licencetokill

[2010/10/23 19:26:11 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/10/23 19:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\????????? ????????\tdss

[2010/10/22 16:53:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Meletis\????????? ????????\OTL.exe

[2010/10/22 15:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/22 15:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/10/22 14:47:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Meletis\????????? ????????\HijackThis.exe

[2010/10/21 23:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\Application Data\download2

[2010/10/21 22:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\Application Data\Malwarebytes

[2010/10/21 22:33:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/21 22:33:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/21 22:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/21 22:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/21 20:30:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/19 13:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OptiTex

[2010/10/19 13:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

Ok,here is the new OTL log:

OTL logfile created on: 25/10/2010 12:44:21 ?? - Run 2

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Meletis\????????? ????????

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000408 | Country: ?????? | Language: ELL | Date Format: d/M/yyyy

1.022,00 Mb Total Physical Memory | 687,00 Mb Available Physical Memory | 67,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 293,97 Gb Total Space | 19,19 Gb Free Space | 6,53% Space Free | Partition Type: NTFS

Drive K: | 2,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MEL | User Name: Meletis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Meletis\????????? ????????\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Meletis\????????? ????????\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()

SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)

DRV - (usbaudio) ????????? ???????? ???? USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI)

DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI)

DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (sojubus) -- C:\WINDOWS\system32\DRIVERS\sojubus.sys ( )

DRV - (sojuscsi) -- C:\WINDOWS\system32\DRIVERS\sojuscsi.sys ( )

DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?mkt=el-gr&ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 31 FC 39 51 72 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.gr/"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 13:32:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 13:32:22 | 000,000,000 | ---D | M]

[2010/08/21 15:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Extensions

[2010/02/09 21:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2008/10/18 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\extensions

[2008/10/18 12:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/10/25 00:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions

[2010/08/22 19:20:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/18 13:39:04 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}

[2010/09/03 03:09:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/09/08 03:34:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/10/25 00:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\en-US@dictionaries.addons.mozilla.org

[2010/09/18 14:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\personas@christopher.beard

[2010/09/21 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meletis\Application Data\Mozilla\Firefox\Profiles\btzcgaf8.default\extensions\staged-xpis

[2010/08/21 15:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/23 03:14:25 | 000,001,525 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/07/23 03:14:25 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/07/23 03:14:25 | 000,001,219 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-el.xml

O1 HOSTS File: ([2004/09/07 15:00:00 | 000,000,944 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {6DBBD536-66E5-4ED5-811D-2A13F863F378} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (no name) - {A22E55EC-BDF3-4A09-9CB3-0524BD8F49D5} - No CLSID value found.

O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.

O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)

O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\???????????\????????\ID_???????_????????_???????????_HP_ell.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\Meletis\Start Menu\???????????\????????\PowerReg Scheduler V3.exe (Leader Technologies)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll File not found

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\iifcDSKB: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (???????? ?????? ??????) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Meletis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Meletis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/10/12 13:01:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/30 11:30:42 | 000,000,154 | R--- | M] () - K:\autorun.cfg -- [ UDF ]

O32 - AutoRun File - [2008/11/27 15:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - K:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006/09/11 16:26:42 | 000,000,027 | R--- | M] () - K:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{23ef24dc-0dc9-11de-901b-001617c8902f}\Shell - "" = AutoRun

O33 - MountPoints2\{23ef24dc-0dc9-11de-901b-001617c8902f}\Shell\AutoRun\command - "" = K:\autorun.exe -- [2008/11/27 15:02:24 | 000,214,280 | R--- | M] (Sports Interactive)

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe -- File not found

O33 - MountPoints2\Z\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\PROGRA~1\AVG\AVG10\avgrsx.exe File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 01:13:52 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/10/24 01:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\????????? ????????\licencetokill

[2010/10/23 19:26:11 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/10/23 19:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\????????? ????????\tdss

[2010/10/22 16:53:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Meletis\????????? ????????\OTL.exe

[2010/10/22 15:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/22 15:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/10/22 14:47:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Meletis\????????? ????????\HijackThis.exe

[2010/10/21 23:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\Application Data\download2

[2010/10/21 22:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\Application Data\Malwarebytes

[2010/10/21 22:33:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/21 22:33:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/21 22:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/21 22:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/21 20:30:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/19 13:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OptiTex

[2010/10/19 13:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meletis\

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

1. Please download The Avenger2 by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\Drivers\str.sys


Folders to delete:
C:\Documents and Settings\All Users\Documents\Server

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

[*]It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)

[*]On reboot, it will briefly open a black command window on your desktop, this is normal.

[*]After the restart, it creates a log file that should open with the results of Avenger

Link to post
Share on other sites
Alexxx.D

Alexxx.D

Posted
  • Author
Posted

Hey I ran the Avenger tool but sadly it caused an endless cycle of reboots with windows failing to load.So I resorted to reformatting (after the 10th reboot) and reinstalling XP using the recovery back-up cds I have made when I purchased the PC.I can only guess that the problem was that the str.sys rootkit seemed to be removed (I ran both mb and tdss scans before using avenger and they came out clean of infections)Although either something was still inside or the rootkit removal left my system in a mess because I couldn't install zone alarm and I was getting various errors on start up including missing drivers and a regsvr32.exe error.So I guess reformatting was the best option in the end!Now both avg and mbam scans look completly clean!

Anyway I want to thank you for your time and effort and since mbam found what others were failing to I am thinking of buying the full version in the near future:))

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your