I have 2 gmail accounts that were compromised

Solved
By f0cus
Nov 14, 2010
Topic Status:
Not open for further replies.
  1. Someone from south korea (or proxied to look like south korea) has logged into 2 of my gmail accounts. One of the gmail recovery emails was in chinese. The two accounts had different passwords and neither of them have been accessed recently from anything but this computer and my blackberry (of course they could have been holding onto the passwords and finally struck now). This happened about 24 hours ago according to the gmail records. I have a feeling it's for my battle.net account info but that's just speculation. Here are the log files, hope someone can help! Oh also, I have Avast free version running constantly.

    ---------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5111

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/14/2010 4:41:38 AM
    mbam-log-2010-11-14 (04-41-38).txt

    Scan type: Quick scan
    Objects scanned: 141514
    Time elapsed: 3 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ---------------------------------------------------------------------

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-14 06:38:12
    Windows 6.1.7600
    Running: bpcve3eq.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x64 0x5E 0xB3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0x74 0x00 0x54 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xDD 0x80 0x34 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x64 0x5E 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0x74 0x00 0x54 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xDD 0x80 0x34 ...

    ---- EOF - GMER 1.0.15 ----

    ---------------------------------------------------------------------


    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by Tommy at 6:39:53.01 on Sun 11/14/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2624 [GMT -5:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    e:\Programs\Hotspot Shield\bin\openvpnas.exe
    C:\Windows\system32\taskhost.exe
    e:\Programs\Hotspot Shield\bin\hsswd.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\RayV\RayV\RayV.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    E:\Games\SIMU\SGE\SGETask.Exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Razer\Tarantula\razertra.exe
    C:\Program Files (x86)\Secunia\PSI\psi.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWOW64\ctfmon.exe
    F:\Downloads\bpcve3eq.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    F:\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - e:\Programs\Hotspot Shield\HssIE\HssIE.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    uRun: [Core Temp] "E:\System\CoreTemp\Core Temp.exe"
    uRun: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [RTSS] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe" /s
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Tommy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RIVATU~1.LNK - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SGETask.lnk - E:\Games\SIMU\SGE\SGETask.Exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: play.net\*
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - e:\Programs\Hotspot Shield\HssIE\HssIE_64.dll
    TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL -
    FF - component: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    FF - component: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
    FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Tommy\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-2-25 121936]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-2-25 22096]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-2-25 63568]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
    R2 HssWd;Hotspot Shield Monitoring Service;e:\Programs\Hotspot Shield\bin\hsswd.exe -product HSS --> e:\Programs\Hotspot Shield\bin\hsswd.exe -product HSS [?]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-25 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
    R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2009-6-17 17464]
    R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
    R3 TarFltr;Razer Tarantula USB Keyboard;C:\Windows\System32\drivers\UsbFltr.sys [2010-5-18 49664]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
    S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
    S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-4-2 25832]
    S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2008-8-14 24064]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-27 1255736]
    S4 LightTPD;LightTPD;C:\Windows\LIGHTSRC.exe [2010-3-6 9728]

    =============== Created Last 30 ================

    2010-11-14 10:30:32 -------- d-----w- C:\PROGRA~3\SecTaskMan
    2010-11-14 03:51:48 -------- d-----w- C:\Users\Tommy\.gstreamer-0.10
    2010-11-13 04:31:48 -------- d-----w- C:\Windows\Entropia Universe
    2010-11-10 04:04:37 -------- d-----w- C:\Users\Tommy\AppData\Local\SKIDROW
    2010-11-02 10:02:53 -------- d-----w- C:\Program Files (x86)\GRETECH
    2010-10-22 19:10:05 -------- d-----w- C:\Users\Tommy\AppData\Roaming\RayV
    2010-10-22 19:10:04 -------- d-----w- C:\Program Files (x86)\RayV
    2010-10-22 03:22:13 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
    2010-10-19 00:15:15 -------- d-----w- C:\Users\Tommy\AppData\Roaming\Polynomial
    2010-10-17 18:05:06 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A04E297C-8D87-4F78-A06B-85012C9E9203}\mpengine.dll
    2010-10-16 23:39:59 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
    2010-10-15 20:47:29 -------- d-----w- C:\PROGRA~3\Nexon
    2010-10-15 20:42:40 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
    2010-10-15 20:39:50 -------- d-----w- C:\PROGRA~3\NexonUS

    ==================== Find3M ====================

    2010-10-25 00:41:37 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2010-10-25 00:30:44 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2010-10-16 23:39:59 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2010-10-11 02:12:58 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
    2010-10-05 22:59:33 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe
    2010-09-15 08:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

    ============= FINISH: 6:40:10.27 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/15/2010 5:41:32 PM
    System Uptime: 11/14/2010 6:24:01 AM (0 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | 965P-DS3
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2933/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 49 GiB total, 17.603 GiB free.
    D: is FIXED (NTFS) - 98 GiB total, 62.922 GiB free.
    E: is FIXED (NTFS) - 552 GiB total, 79.507 GiB free.
    F: is FIXED (NTFS) - 233 GiB total, 55.58 GiB free.
    G: is CDROM ()
    H: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    @BIOS Ver.2.07
    3DMark Vantage
    Activision(R)
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Reader 9.3.3
    Alien Breed: Impact Demo
    Alien Swarm
    Altitude
    Altitude 1.0.0
    Apple Application Support
    Apple Software Update
    ArcaniA: Gothic IV - Demo
    avast! Free Antivirus
    Avencast
    Avencast™ Demo
    Bandisoft MPEG-1 Decoder
    Battle of the Immortals
    Battlefield: Bad Company 2
    Beat Hazard Demo
    BioShock 2
    BlackBerry Desktop Software 6.0
    Bloodline Champions Beta
    Blur(TM)
    Borderlands
    Clive Barker's Jericho
    Combined Community Codec Pack 2009-09-09
    Command & Conquer™ Red Alert™ 3 Demo
    Counter-Strike
    Crayon Physics Deluxe Demo
    Diablo II
    DirectVobSub (remove only)
    DivX Setup
    DogFighter
    Download Manager 2.3.10
    DTVblizzcon
    EA SPORTS(TM) FIFA Online
    Entropia Universe
    erLT
    Feed Viewer for Windows SideShow
    FINAL FANTASY XIV Beta Version
    Francesco's leveled creatures-items mod 4.5b
    Francesco's optional new items/creatures 4.5
    Fraps
    Futuremark SystemInfo
    Global Agenda - Demo
    GOMTV Streamer
    Google Chrome
    Google Talk Plugin
    Gothic 3
    Gothic II: Gold Edition
    HijackThis 2.0.2
    Hotspot Shield 1.45
    Inkscape 0.48.0
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    King Arthur - The Role-playing Wargame Demo
    Lara Croft and the Guardian of Light
    Lead and Gold - Gangs of the Wild West
    League of Legends
    Madballs in...Babo: Invasion
    Mafia II - Demo
    Malwarebytes' Anti-Malware
    Mass Effect 2 Demo
    Medal of Honor Beta
    Microsoft .NET Framework 1.1
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft XNA Framework Redistributable 3.1
    Miro
    MKVtoolnix 4.0.0
    Mount&Blade Warband
    Mozilla Firefox (3.6.12)
    MSVCRT
    MUSHclient (remove only)
    Nexon Game Manager
    Notepad++
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Oblivion
    Oblivion mod manager 1.1.12
    Octoshape Streaming Services
    OnLive
    Osmos Demo
    Overlord
    Overlord II
    Overlord: Raising Hell
    Pando Media Booster
    Planescape - Torment
    Plants vs. Zombies Demo
    Portal
    PunkBuster Services
    Python 2.6.4
    Quake Live Mozilla Plugin
    QuickTime
    Raptr
    Razer Tarantula
    Rhythm Zone - Demo
    Risen
    Risen Demo
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    Rosetta Stone Version 3
    Ruby 1.8.6-p287
    Sacred 2 Demo
    Safari
    Search Toolbar
    Secunia PSI
    Security Task Manager 1.8
    Shank Demo
    Shatter
    Ship Simulator Extremes Demo
    Sid Meier's Civilization IV
    Sid Meier's Civilization IV: Beyond the Sword
    Sid Meier's Civilization IV: Colonization
    Sid Meier's Civilization IV: Warlords
    Sid Meier's Civilization V - Demo
    Simutronics Game Entry
    Skype™ 4.2
    Spybot - Search & Destroy
    StarCraft
    StarCraft II
    StarCraft II Beta
    StormFront
    Super Laser Racer Demo 1.12
    System Requirements Lab
    The Ball Demo
    The Lich v3.50
    The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
    The Lord of the Rings Online™: Siege of Mirkwood™ v03.02.00.185
    The Polynomial - Demo
    The Settlers 7 - Paths to a Kingdom
    Thief - Deadly Shadows Demo
    Titan Quest
    Titan Quest Immortal Throne
    Tomb Raider: Legend
    TorchED
    Torchlight
    Tribes 2
    Trillian
    Ubisoft Game Launcher
    Uniblue ProcessScanner
    Unity Web Player
    Unofficial Oblivion Patch v3.2.0
    VC80CRTRedist - 8.0.50727.4053
    Vindictus
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 Runtime Setup Package (x64)
    Vuze
    Vuze_Remote Toolbar
    VVVVVV Demo
    WampServer 2.0
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WinPcap 4.1.1
    Wireshark 1.2.6
    World of Warcraft
    Worms Reloaded Demo
    Xvid 1.2.2 final uninstall
    Zeno Clash

    ==== Event Viewer Messages From Past Week ========

    11/14/2010 3:54:05 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    11/13/2010 10:45:21 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

    ==== End Of File ===========================
  2. f0cus

    f0cus Newcomer, in training Topic Starter

    I'm also looking through other threads, one suggested running TDSKiller. I ran it and it said no infection found.
  3. f0cus

    f0cus Newcomer, in training Topic Starter

    And another about MBRCheck. Here are the results:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: 965P-DS3
    Logical Drives Mask: 0x000000fd

    Kernel Drivers (total 208):
    0x02C03000 \SystemRoot\system32\ntoskrnl.exe
    0x031DF000 \SystemRoot\system32\hal.dll
    0x00B97000 \SystemRoot\system32\kdcom.dll
    0x00C14000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C58000 \SystemRoot\system32\PSHED.dll
    0x00C6C000 \SystemRoot\system32\CLFS.SYS
    0x00CCA000 \SystemRoot\system32\CI.dll
    0x00EB5000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F59000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01029000 \SystemRoot\System32\Drivers\spdc.sys
    0x0114F000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x01158000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x01187000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x011DE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x011E8000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F68000 \SystemRoot\system32\DRIVERS\pci.sys
    0x01000000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F9B000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x01015000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x00E5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x0101D000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00E6C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x011F5000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00E86000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00FB0000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00D8A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00FBB000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01245000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x014D6000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01534000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0154E000 \SystemRoot\System32\Drivers\cng.sys
    0x015C1000 \SystemRoot\System32\drivers\pcw.sys
    0x015D2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016AF000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01801000 \SystemRoot\System32\drivers\tcpip.sys
    0x017A1000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x017EB000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0168B000 \SystemRoot\System32\Drivers\spldr.sys
    0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01693000 \SystemRoot\System32\Drivers\mup.sys
    0x016A5000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01486000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x014C0000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x00FCF000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x013E8000 \SystemRoot\System32\Drivers\Null.SYS
    0x013F1000 \SystemRoot\System32\Drivers\Beep.SYS
    0x00DD6000 \SystemRoot\System32\drivers\vga.sys
    0x02C17000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02C3C000 \SystemRoot\System32\drivers\watchdog.sys
    0x02C4C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02C55000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02C5E000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02C67000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02C72000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02C83000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02CA1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02CAE000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x02CBE000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02D03000 \SystemRoot\system32\drivers\afd.sys
    0x02D8D000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x02D97000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02DA0000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02DC6000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
    0x02DDA000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03A27000 \SystemRoot\system32\DRIVERS\serial.sys
    0x03A44000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03A5F000 \SystemRoot\system32\drivers\vpcvmm.sys
    0x03AB6000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03ACA000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03B1B000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03B27000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03B32000 \SystemRoot\System32\drivers\discache.sys
    0x03B41000 \SystemRoot\system32\drivers\csc.sys
    0x03BC4000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03BE2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03A00000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x03D1F000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0FE22000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x10AB4000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x10AB6000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x10BAA000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x10BF0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x03D35000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x0FE00000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03D8B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\yk62x64.sys
    0x0FE11000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x03C65000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x03C71000 \SystemRoot\system32\DRIVERS\parport.sys
    0x03C8E000 \SystemRoot\System32\Drivers\awrcasdx.SYS
    0x03CD3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03CE3000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x03DAF000 \SystemRoot\system32\drivers\modem.sys
    0x03DBE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03DD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03CEB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03E67000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03E96000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03EB1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03ED2000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03EEC000 \SystemRoot\system32\DRIVERS\taphss.sys
    0x03EF9000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    0x03F01000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x03F0C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03F1B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x03F2A000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03F2C000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03F6F000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03F81000 \SystemRoot\system32\DRIVERS\vpcusb.sys
    0x03F9E000 \SystemRoot\system32\DRIVERS\usbrpm.sys
    0x03FAD000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x03FAF000 \SystemRoot\system32\DRIVERS\vpchbus.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x03E5A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x03FEB000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04ADE000 \SystemRoot\system32\drivers\HdAudio.sys
    0x04B3A000 \SystemRoot\system32\drivers\portcls.sys
    0x04B77000 \SystemRoot\system32\drivers\drmk.sys
    0x04B99000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04B9F000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04BAD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x04BB9000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x04BC2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00080000 \SystemRoot\System32\win32k.sys
    0x04BD5000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04BE1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x04A00000 \SystemRoot\system32\drivers\usbaudio.sys
    0x04A1B000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04A29000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04A42000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04A4B000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x04A5D000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x04A6A000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x04A7D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x04A8B000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004F0000 \SystemRoot\System32\TSDDD.dll
    0x04A99000 \SystemRoot\system32\drivers\UsbFltr.sys
    0x006E0000 \SystemRoot\System32\cdd.dll
    0x00870000 \SystemRoot\System32\ATMFD.DLL
    0x04AA6000 \SystemRoot\system32\drivers\luafv.sys
    0x03CF7000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x04AC9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x015DC000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02DE9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x00DE4000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x04E7E000 \SystemRoot\system32\drivers\HTTP.sys
    0x04F46000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x04F64000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x04F7C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x04FA9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x04E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x04E23000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0x03D12000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0x02C00000 \SystemRoot\system32\drivers\npf.sys
    0x05415000 \SystemRoot\system32\drivers\peauth.sys
    0x054BB000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x054C6000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x054F3000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x05505000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x058F6000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0598C000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x059C2000 \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
    0x059C9000 \SystemRoot\system32\DRIVERS\psi_mf.sys
    0x05871000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x77110000 \Windows\System32\ntdll.dll
    0x48330000 \Windows\System32\smss.exe
    0xFF430000 \Windows\System32\apisetschema.dll
    0xFF610000 \Windows\System32\autochk.exe
    0xFF3A0000 \Windows\System32\difxapi.dll
    0xFF350000 \Windows\System32\Wldap32.dll
    0xFF0F0000 \Windows\System32\iertutil.dll
    0xFF050000 \Windows\System32\comdlg32.dll
    0xFEE40000 \Windows\System32\ole32.dll
    0xFEDD0000 \Windows\System32\gdi32.dll
    0xFEDC0000 \Windows\System32\lpk.dll
    0x77010000 \Windows\System32\user32.dll
    0xFECF0000 \Windows\System32\usp10.dll
    0x772E0000 \Windows\System32\psapi.dll
    0xFEC50000 \Windows\System32\clbcatq.dll
    0xFDEC0000 \Windows\System32\shell32.dll
    0xFDEA0000 \Windows\System32\imagehlp.dll
    0xFDD70000 \Windows\System32\wininet.dll
    0xFDD50000 \Windows\System32\sechost.dll
    0xFDC20000 \Windows\System32\rpcrt4.dll
    0xFDBA0000 \Windows\System32\shlwapi.dll
    0xFDB50000 \Windows\System32\ws2_32.dll
    0xFD9D0000 \Windows\System32\urlmon.dll
    0xFD9A0000 \Windows\System32\imm32.dll
    0xFD990000 \Windows\System32\nsi.dll
    0xFD8F0000 \Windows\System32\msvcrt.dll
    0xFD7E0000 \Windows\System32\msctf.dll
    0x76EF0000 \Windows\System32\kernel32.dll
    0xFD700000 \Windows\System32\oleaut32.dll
    0xFD520000 \Windows\System32\setupapi.dll
    0xFD440000 \Windows\System32\advapi32.dll
    0x772D0000 \Windows\System32\normaliz.dll
    0xFD2D0000 \Windows\System32\crypt32.dll
    0xFD290000 \Windows\System32\wintrust.dll
    0xFD270000 \Windows\System32\devobj.dll
    0xFD230000 \Windows\System32\cfgmgr32.dll
    0xFD1C0000 \Windows\System32\KernelBase.dll
    0xFD120000 \Windows\System32\comctl32.dll
    0xFD110000 \Windows\System32\msasn1.dll

    Processes (total 67):
    0 System Idle Process
    4 System
    244 C:\Windows\System32\smss.exe
    344 csrss.exe
    408 C:\Windows\System32\wininit.exe
    428 csrss.exe
    460 C:\Windows\System32\services.exe
    484 C:\Windows\System32\lsass.exe
    492 C:\Windows\System32\lsm.exe
    528 C:\Windows\System32\winlogon.exe
    632 C:\Windows\System32\svchost.exe
    720 C:\Windows\System32\nvvsvc.exe
    760 C:\Windows\System32\svchost.exe
    852 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\svchost.exe
    916 C:\Windows\System32\svchost.exe
    300 C:\Windows\System32\svchost.exe
    912 C:\Windows\System32\svchost.exe
    1052 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1112 C:\Windows\System32\nvvsvc.exe
    1332 C:\Windows\System32\spoolsv.exe
    1364 C:\Windows\System32\svchost.exe
    1540 C:\Windows\System32\svchost.exe
    1568 E:\Programs\Hotspot Shield\bin\openvpnas.exe
    1700 C:\Windows\System32\taskhost.exe
    1716 E:\Programs\Hotspot Shield\bin\hsswd.exe
    1828 C:\Windows\System32\dwm.exe
    1840 C:\Windows\SysWOW64\PnkBstrA.exe
    1864 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    1892 C:\Windows\System32\svchost.exe
    1956 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    1988 C:\Windows\explorer.exe
    2452 C:\Program Files\Windows Sidebar\sidebar.exe
    2700 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    2996 WmiPrvSE.exe
    2208 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    1608 WmiPrvSE.exe
    2696 C:\Program Files (x86)\RayV\RayV\RayV.exe
    1252 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2776 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    1092 C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    840 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2896 C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    2804 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    2976 E:\Games\SIMU\SGE\SGETask.Exe
    2140 C:\Windows\System32\SearchIndexer.exe
    2212 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3556 C:\Windows\System32\taskeng.exe
    3568 C:\Program Files (x86)\Razer\Tarantula\razertra.exe
    3732 C:\Program Files (x86)\Secunia\PSI\psi.exe
    3792 C:\Windows\System32\svchost.exe
    3984 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2808 C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
    3452 WmiPrvSE.exe
    3540 C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
    3944 C:\Windows\System32\svchost.exe
    3936 C:\Windows\System32\wuauclt.exe
    2464 C:\Windows\SysWOW64\ctfmon.exe
    2548 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    360 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    1968 C:\Windows\explorer.exe
    2152 E:\Programs\Notepad++\notepad++.exe
    2920 C:\Windows\System32\notepad.exe
    2408 C:\Windows\System32\audiodg.exe
    404 F:\Downloads\MBRCheck.exe
    3748 C:\Windows\System32\conhost.exe
    3332 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x0000000c`34f34a00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000024`9ed8e200 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)

    PhysicalDrive1 Model Number: WDCWD7501AALS-00J7B0, Rev: 05.00K05
    PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAE

    Size Device Name MBR Status
    --------------------------------------------
    698 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
  4. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Never use any solutions designed for other computers!

    ========================================================================

    Your Gmail accounts were compromised not necessarily through your computer.
    They could have been hacked from the outside.
    So far, I don't see anything malicious on your computer.

    ========================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  5. f0cus

    f0cus Newcomer, in training Topic Starter

    OTL Extras logfile created on: 11/14/2010 4:00:41 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = F:\Downloads
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
    10.00 Gb Paging File | 9.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): c:\pagefile.sys 6141 12282 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 48.83 Gb Total Space | 17.58 Gb Free Space | 36.00% Space Free | Partition Type: NTFS
    Drive D: | 97.65 Gb Total Space | 62.92 Gb Free Space | 64.44% Space Free | Partition Type: NTFS
    Drive E: | 552.15 Gb Total Space | 79.51 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
    Drive F: | 232.88 Gb Total Space | 55.57 Gb Free Space | 23.86% Space Free | Partition Type: NTFS

    Computer Name: MEGA-7 | User Name: Tommy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "E:\Programs\LightTPD\lighttpd.exe" = E:\Programs\LightTPD\lighttpd.exe:*:Enabled:LightTPD (WLMP Project) -- (LightTPD, http://www.lighttpd.net/)
    "E:\Programs\LightTPD\lighttpd.exe" = E:\Programs\LightTPD\lighttpd.exe:*:Enabled:LightTPD (WLMP Project) -- (LightTPD, http://www.lighttpd.net/)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
    "{36A415C2-7181-421D-92C9-8255766E0FF3}" = TortoiseSVN 1.6.10.19898 (64 bit)
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "jEdit_is1" = jEdit 4.3.2
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
    "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
    "{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2A82D40B-899C-4BDB-BAC1-8A0126C3DAA2}" = Risen Demo
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4636E701-5410-4231-BF83-6B99DE575149}" = Sacred 2 Demo
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
    "{5454085C-840F-4070-8FAA-441000018301}" = BioShock 2
    "{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
    "{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
    "{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
    "{65678DF6-BF29-4B89-B473-9C15E4725E4A}_is1" = Ruby 1.8.6-p287
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV Beta Version
    "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
    "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.07
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
    "{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
    "{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}" = Bloodline Champions Beta
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
    "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
    "{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E4DA04B6-3EC4-4DFD-A14E-44959EF36D5B}" = Feed Viewer for Windows SideShow
    "{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EB3CEC18-A1C4-4909-8FE2-0C30D7A07E32}" = Thief - Deadly Shadows Demo
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FA971CC3-23EF-4051-9A4F-B67D868F958D}}_is1" = Super Laser Racer Demo 1.12
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
    "4578-0181-0549-1546" = Altitude 1.0.0
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "avast5" = avast! Free Antivirus
    "Avencast™ Demo - Rise of The Mage_is1" = Avencast™ Demo
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "Diablo II" = Diablo II
    "DirectVobSub" = DirectVobSub (remove only)
    "DivX Setup.divx.com" = DivX Setup
    "Download Manager" = Download Manager 2.3.10
    "e01f4d10-f2d0-11dd-ba2f-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.02.00.185
    "Entropia Universe" = Entropia Universe
    "Francesco's leveled creatures-items mod_is1" = Francesco's leveled creatures-items mod 4.5b
    "Francesco's optional new items/creatures_is1" = Francesco's optional new items/creatures 4.5
    "Fraps" = Fraps
    "GomTVStreamer" = GOMTV Streamer
    "HijackThis" = HijackThis 2.0.2
    "HotspotShield" = Hotspot Shield 1.45
    "Inkscape" = Inkscape 0.48.0
    "InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
    "Lich_is1" = The Lich v3.50
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Miro" = Miro
    "MKVtoolnix" = MKVtoolnix 4.0.0
    "Mount&Blade Warband" = Mount&Blade Warband
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MUSHclient" = MUSHclient (remove only)
    "Notepad++" = Notepad++
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
    "OnLive" = OnLive
    "Planescape - Torment" = Planescape - Torment
    "ProcessScanner_is1" = Uniblue ProcessScanner
    "PunkBusterSvc" = PunkBuster Services
    "Raptr" = Raptr
    "RayV" = DTVblizzcon
    "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    "Runic Games TorchED" = TorchED
    "Runic Games Torchlight" = Torchlight
    "Search Toolbar" = Search Toolbar
    "Secunia PSI" = Secunia PSI
    "Security Task Manager" = Security Task Manager 1.8
    "Simutronics Game Entry" = Simutronics Game Entry
    "StarCraft" = StarCraft
    "StarCraft II" = StarCraft II
    "StarCraft II Beta" = StarCraft II Beta
    "Steam App 10" = Counter-Strike
    "Steam App 11420" = Clive Barker's Jericho
    "Steam App 11450" = Overlord
    "Steam App 12710" = Overlord: Raising Hell
    "Steam App 12810" = Overlord II
    "Steam App 16810" = Sid Meier's Civilization IV: Colonization
    "Steam App 17050" = Global Agenda - Demo
    "Steam App 20820" = Shatter
    "Steam App 22200" = Zeno Clash
    "Steam App 22620" = Alien Breed: Impact Demo
    "Steam App 22690" = Worms Reloaded Demo
    "Steam App 24430" = King Arthur - The Role-playing Wargame Demo
    "Steam App 24960" = Battlefield: Bad Company 2
    "Steam App 25700" = Madballs in...Babo: Invasion
    "Steam App 26910" = Crayon Physics Deluxe Demo
    "Steam App 29200" = Osmos Demo
    "Steam App 35130" = Lara Croft and the Guardian of Light
    "Steam App 35490" = The Ball Demo
    "Steam App 3592" = Plants vs. Zombies Demo
    "Steam App 38910" = Rhythm Zone - Demo
    "Steam App 3900" = Sid Meier's Civilization IV
    "Steam App 39500" = Gothic 3
    "Steam App 39510" = Gothic II: Gold Edition
    "Steam App 3990" = Sid Meier's Civilization IV: Warlords
    "Steam App 400" = Portal
    "Steam App 41300" = Altitude
    "Steam App 42120" = Lead and Gold - Gangs of the Wild West
    "Steam App 42500" = DogFighter
    "Steam App 46410" = Avencast
    "Steam App 47760" = Mass Effect 2 Demo
    "Steam App 47770" = Medal of Honor Beta
    "Steam App 48810" = Ship Simulator Extremes Demo
    "Steam App 49610" = Beat Hazard Demo
    "Steam App 50280" = Mafia II - Demo
    "Steam App 6130" = Shank Demo
    "Steam App 630" = Alien Swarm
    "Steam App 65520" = ArcaniA: Gothic IV - Demo
    "Steam App 65900" = Sid Meier's Civilization V - Demo
    "Steam App 67010" = The Polynomial - Demo
    "Steam App 7000" = Tomb Raider: Legend
    "Steam App 70310" = VVVVVV Demo
    "Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
    "Steam App 8980" = Borderlands
    "StormFront" = StormFront
    "Tribes 2" = Tribes 2
    "Trillian" = Trillian
    "Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
    "Vindictus" = Vindictus
    "Vuze_Remote Toolbar" = Vuze_Remote Toolbar
    "WampServer 2_is1" = WampServer 2.0
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.1
    "Wireshark" = Wireshark 1.2.6
    "World of Warcraft" = World of Warcraft
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Octoshape Streaming Services" = Octoshape Streaming Services
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/6/2010 3:34:01 AM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 11/8/2010 5:53:38 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "E:\Python26\Lib\distutils\command\wininst-8_d.exe".
    Dependent
    Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/8/2010 5:59:43 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 11/9/2010 2:09:30 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "E:\Python26\Lib\distutils\command\wininst-8_d.exe".
    Dependent
    Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/9/2010 2:15:42 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 11/11/2010 6:39:27 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "E:\Python26\Lib\distutils\command\wininst-8_d.exe".
    Dependent
    Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/11/2010 6:46:46 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 11/12/2010 2:20:30 PM | Computer Name = Mega-7 | Source = Application Hang | ID = 1002
    Description = The program SC2.exe version 1.1.3.16939 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 7dc Start Time:
    01cb8295f978ad7a Termination Time: 78 Application Path: E:\Games\StarCraft II\Versions\Base16939\SC2.exe

    Report
    Id:

    Error - 11/13/2010 8:15:11 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "E:\Python26\Lib\distutils\command\wininst-8_d.exe".
    Dependent
    Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/13/2010 8:21:26 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    [ System Events ]
    Error - 8/13/2010 2:56:54 PM | Computer Name = Mega-7 | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 8/17/2010 2:36:39 PM | Computer Name = Mega-7 | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 8/20/2010 2:41:32 AM | Computer Name = Mega-7 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 8/20/2010 2:41:32 AM | Computer Name = Mega-7 | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 8/21/2010 6:30:00 PM | Computer Name = Mega-7 | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 8/24/2010 10:32:09 PM | Computer Name = Mega-7 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 8/24/2010 10:32:09 PM | Computer Name = Mega-7 | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 8/24/2010 11:08:08 PM | Computer Name = Mega-7 | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 8/24/2010 11:08:08 PM | Computer Name = Mega-7 | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 8/25/2010 9:28:37 PM | Computer Name = Mega-7 | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.


    < End of report >
  6. f0cus

    f0cus Newcomer, in training Topic Starter

    OTL logfile created on: 11/14/2010 4:00:41 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = F:\Downloads
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
    10.00 Gb Paging File | 9.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): c:\pagefile.sys 6141 12282 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 48.83 Gb Total Space | 17.58 Gb Free Space | 36.00% Space Free | Partition Type: NTFS
    Drive D: | 97.65 Gb Total Space | 62.92 Gb Free Space | 64.44% Space Free | Partition Type: NTFS
    Drive E: | 552.15 Gb Total Space | 79.51 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
    Drive F: | 232.88 Gb Total Space | 55.57 Gb Free Space | 23.86% Space Free | Partition Type: NTFS

    Computer Name: MEGA-7 | User Name: Tommy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/14 15:58:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
    PRC - [2010/10/21 14:52:16 | 002,839,848 | ---- | M] (RayV) -- C:\Program Files (x86)\RayV\RayV\RayV.exe
    PRC - [2010/10/16 18:39:59 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/07/07 09:05:32 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi.exe
    PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/05/25 16:00:40 | 000,323,632 | ---- | M] () -- e:\Programs\Hotspot Shield\bin\hsswd.exe
    PRC - [2010/05/24 21:41:00 | 000,248,368 | ---- | M] () -- e:\Programs\Hotspot Shield\bin\openvpnas.exe
    PRC - [2010/03/09 06:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009/10/30 06:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2009/08/22 13:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
    PRC - [2009/08/22 13:25:00 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/08/04 10:00:40 | 000,091,720 | ---- | M] (Simutronics Corporation) -- E:\Games\SIMU\SGE\SGETask.Exe
    PRC - [2007/05/07 09:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    PRC - [2007/03/05 17:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/14 15:58:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/08/22 13:25:00 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSHooks.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
    SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2010/11/04 17:42:36 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/10/16 18:39:59 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/05/25 16:00:40 | 000,323,632 | ---- | M] () [Auto | Running] -- e:\Programs\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2010/05/24 21:42:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- e:\Programs\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
    SRV - [2010/05/24 21:41:00 | 000,248,368 | ---- | M] () [Auto | Running] -- e:\Programs\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
    SRV - [2010/04/02 13:54:31 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- e:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/02/20 20:04:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/02/12 01:19:50 | 000,009,728 | ---- | M] (WLMP Project TEAM, http://en.wlmp-project.net/) [Disabled | Stopped] -- C:\Windows\LIGHTSRC.exe -- (LightTPD)
    SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2010/10/10 21:12:58 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2010/07/21 23:34:23 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2010/07/07 09:05:32 | 000,017,464 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
    DRV:64bit: - [2010/03/09 06:08:56 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/02/20 20:15:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/01/08 18:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
    DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/09/22 20:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2009/09/22 20:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2009/09/22 20:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2009/09/22 20:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2008/08/14 05:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
    DRV:64bit: - [2007/07/17 16:42:38 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2007/07/17 16:42:32 | 000,054,288 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2007/04/11 15:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr)
    DRV - [2010/05/26 04:06:50 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
    DRV - [2010/02/16 19:04:56 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
    DRV - [2006/09/27 13:48:04 | 000,044,800 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\UsbFltr.sys -- (TarFltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 8C D8 30 90 AE CA 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
    FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.9.2
    FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: ""

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 13:44:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 13:44:13 | 000,000,000 | ---D | M]

    [2010/02/15 17:44:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla\Extensions
    [2010/11/13 16:13:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions
    [2010/09/12 19:50:06 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2010/11/12 13:14:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/09/12 19:50:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/11/08 14:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2010/03/05 13:05:40 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    [2010/11/03 15:43:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/05/09 22:03:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/11/11 14:09:54 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
    [2010/10/15 03:58:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\amznUWL@amazon.com
    [2010/06/21 21:51:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\eafo3fflauncher@ea.com
    [2010/05/07 13:59:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\firebug@software.joehewitt.com
    [2010/05/26 16:14:34 | 000,001,948 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\searchplugins\bing-zugo.xml
    [2010/11/01 14:11:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/02/17 13:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/05/09 16:15:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/11 12:37:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/01 14:11:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

    O1 HOSTS File: ([2010/05/31 14:52:02 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - e:\Programs\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - e:\Programs\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [RTSS] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe ()
    O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
    O4 - HKCU..\Run: [Core Temp] E:\System\CoreTemp\Core Temp.exe ()
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
    O4 - HKCU..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe (RayV)
    O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RivaTuner.lnk = C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKLM\..Trusted Domains: play.net ([*] * in Trusted sites)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/10/15 11:11:14 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\Shell - "" = AutoRun
    O33 - MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\Shell - "" = AutoRun
    O33 - MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\Shell - "" = AutoRun
    O33 - MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
    Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
    Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
    Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/14 07:11:56 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2010/11/14 05:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2010/11/13 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\Tommy\.gstreamer-0.10
    [2010/11/13 22:46:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Entropia Universe
    [2010/11/12 23:31:48 | 000,000,000 | ---D | C] -- C:\Windows\Entropia Universe
    [2010/11/09 23:04:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\SKIDROW
    [2010/11/08 15:44:06 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\apply
    [2010/11/05 15:01:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\SS
    [2010/11/04 04:56:43 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\GRETECH
    [2010/11/02 05:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
    [2010/10/22 14:10:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\RayV
    [2010/10/22 14:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RayV
    [2010/10/21 22:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
    [2010/10/18 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Polynomial
    [2010/10/16 18:41:36 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\BFBC2
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/14 16:03:00 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/14 16:03:00 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/14 15:55:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/14 15:55:41 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/14 06:44:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-225202367-2320189925-3991510653-1001UA.job
    [2010/11/14 06:32:45 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/14 06:32:45 | 000,625,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/14 06:32:45 | 000,108,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/13 22:52:28 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-225202367-2320189925-3991510653-1001Core.job
    [2010/11/13 22:42:48 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Entropia Universe.lnk
    [2010/11/11 15:56:46 | 000,000,600 | ---- | M] () -- C:\Users\Tommy\AppData\Local\PUTTY.RND
    [2010/11/10 14:40:31 | 000,164,030 | ---- | M] () -- C:\Users\Tommy\Desktop\webinar-banner.png
    [2010/11/09 22:51:40 | 000,000,557 | ---- | M] () -- C:\Users\Tommy\Desktop\Sid Meiers Civilization V.lnk
    [2010/11/05 15:00:50 | 000,000,633 | ---- | M] () -- C:\Users\Tommy\Desktop\Fraps.lnk
    [2010/11/04 21:52:38 | 000,137,404 | ---- | M] () -- C:\Users\Tommy\Desktop\wtf.JPG
    [2010/10/24 19:41:37 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2010/10/24 19:30:44 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/10/22 14:10:05 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\BlizzConLive.lnk
    [2010/10/21 22:23:30 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Bloodline Champions.lnk
    [2010/10/16 18:39:59 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/10/16 18:39:59 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/10/15 17:57:48 | 020,015,890 | ---- | M] () -- C:\Users\Tommy\Desktop\MOV00912.MPG
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/12 23:31:48 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Entropia Universe.lnk
    [2010/11/10 14:40:29 | 000,164,030 | ---- | C] () -- C:\Users\Tommy\Desktop\webinar-banner.png
    [2010/11/09 22:51:40 | 000,000,557 | ---- | C] () -- C:\Users\Tommy\Desktop\Sid Meiers Civilization V.lnk
    [2010/11/05 15:00:50 | 000,000,633 | ---- | C] () -- C:\Users\Tommy\Desktop\Fraps.lnk
    [2010/11/04 21:52:31 | 000,137,404 | ---- | C] () -- C:\Users\Tommy\Desktop\wtf.JPG
    [2010/10/22 14:10:05 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\BlizzConLive.lnk
    [2010/10/21 22:23:30 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Bloodline Champions.lnk
    [2010/10/16 18:39:59 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/10/15 17:54:52 | 020,015,890 | ---- | C] () -- C:\Users\Tommy\Desktop\MOV00912.MPG
    [2010/08/17 01:17:32 | 000,000,807 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    [2010/08/15 10:42:04 | 000,000,093 | ---- | C] () -- C:\Users\Tommy\AppData\Local\fusioncache.dat
    [2010/08/13 20:33:44 | 000,745,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/07/01 19:31:02 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\psfind.dll
    [2010/05/18 21:21:46 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/05/18 21:21:46 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/05/11 13:37:10 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2010/04/05 13:35:33 | 000,000,760 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\setup_ldm.iss
    [2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/03/20 03:16:15 | 000,000,257 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/02/25 12:50:18 | 000,000,036 | ---- | C] () -- C:\Users\Tommy\AppData\Local\housecall.guid.cache
    [2010/02/23 12:38:30 | 000,000,600 | ---- | C] () -- C:\Users\Tommy\AppData\Local\PUTTY.RND
    [2010/02/16 13:14:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2008/09/19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
    [2008/09/19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini

    ========== LOP Check ==========

    [2010/10/10 18:55:53 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Azureus
    [2010/07/02 13:01:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Beat Hazard
    [2010/08/19 01:22:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Bioshock2
    [2010/06/10 18:45:22 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\bizarre creations
    [2010/07/05 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Codemasters
    [2010/07/01 19:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Crayon Physics Deluxe
    [2010/02/20 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools Lite
    [2010/11/11 17:20:16 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\FileZilla
    [2010/06/21 18:58:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\GetRightToGo
    [2010/05/26 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\gtk-2.0
    [2010/02/28 14:11:11 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\IDM
    [2010/02/20 19:55:15 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ImgBurn
    [2010/09/13 18:37:18 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\inkscape
    [2010/04/05 13:35:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Leadertech
    [2010/07/19 21:06:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LolClient
    [2010/06/24 22:57:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\mkvtoolnix
    [2010/02/27 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mount&Blade
    [2010/02/28 14:31:18 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mount&Blade Warband
    [2010/02/28 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\NBC Direct
    [2010/03/15 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Notepad++
    [2010/08/27 17:45:38 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Octoshape
    [2010/10/05 14:29:03 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OnLive App
    [2010/05/26 16:19:10 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Participatory Culture Foundation
    [2010/06/03 15:09:34 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PCF-VLC
    [2010/10/18 19:23:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Polynomial
    [2010/11/12 13:14:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Raptr
    [2010/11/11 14:07:22 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\RayV
    [2010/04/19 03:22:32 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Red Alert 3 Demo
    [2010/04/12 01:14:05 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Research In Motion
    [2010/03/10 01:52:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\runic games
    [2010/05/26 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\StormFront
    [2010/02/16 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Subversion
    [2010/06/25 12:40:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\SystemRequirementsLab
    [2010/02/15 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Trillian
    [2010/08/15 10:42:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Turbine
    [2010/06/22 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Unity
    [2010/02/25 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Wireshark
    [2010/03/01 02:04:07 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2010/09/01 12:06:11 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/03/01 02:03:03 | 000,001,788 | ---- | M] () -- C:\aaw7boot.log
    [2008/10/15 11:11:14 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/08/15 21:51:24 | 000,000,354 | -H-- | M] () -- C:\Boot.BAK
    [2010/02/15 20:31:08 | 000,000,354 | RHS- | M] () -- C:\boot.ini
    [2010/02/15 20:31:08 | 000,000,354 | RHS- | M] () -- C:\Boot.ini.saved
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/02/15 20:31:09 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2008/10/15 11:11:14 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/11/14 15:55:41 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
    [2009/03/05 01:42:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/03/05 19:32:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/11/14 15:55:42 | 2144,337,919 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/14 07:06:05 | 000,064,726 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_14.11.2010_07.04.44_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/02/15 17:42:40 | 000,000,221 | -HS- | M] () -- C:\Users\Tommy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/07/21 22:57:31 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/07/21 22:57:31 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/04/24 15:34:13 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/04/24 15:34:13 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/07/21 22:57:31 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/09/26 13:37:39 | 000,000,402 | -HS- | M] () -- C:\Users\Tommy\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2010/10/15 15:50:43 | 000,000,000 | ---D | M](C:\Users\Tommy\Documents\?? ???) -- C:\Users\Tommy\Documents\넥슨 플러그
    [2010/10/15 15:50:43 | 000,000,000 | ---D | C](C:\Users\Tommy\Documents\?? ???) -- C:\Users\Tommy\Documents\넥슨 플러그

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:BEB15613

    < End of report >
  7. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O33 - MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\Shell - "" = AutoRun
      O33 - MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\Shell - "" = AutoRun
      O33 - MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\Shell - "" = AutoRun
      O33 - MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
      O33 - MountPoints2\I\Shell - "" = AutoRun
      O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
      [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:BEB15613
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  8. f0cus

    f0cus Newcomer, in training Topic Starter

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1edf3361-1e4c-11df-9d97-001a4d425c20}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1edf3361-1e4c-11df-9d97-001a4d425c20}\ not found.
    File I:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30655942-2a1b-11df-8e39-001a4d425c20}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30655942-2a1b-11df-8e39-001a4d425c20}\ not found.
    File I:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca162536-1e86-11df-b784-001a4d425c20}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca162536-1e86-11df-b784-001a4d425c20}\ not found.
    File H:\Installer.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
    File I:\LaunchU3.exe not found.
    C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully.
    ADS C:\ProgramData\TEMP:BEB15613 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tommy
    ->Temp folder emptied: 581193 bytes
    ->Temporary Internet Files folder emptied: 2423637 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 43652588 bytes
    ->Google Chrome cache emptied: 7091802 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 611 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 51.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tommy
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11142010_162303

    Files\Folders moved on Reboot...
    C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  9. f0cus

    f0cus Newcomer, in training Topic Starter

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.3.3
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Spybot Teatimer.exe is disabled!
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

    ``````````End of Log````````````
  10. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    All good, so far.
    Eset, please.
  11. f0cus

    f0cus Newcomer, in training Topic Starter

    Hrm, it found some stuff...

    probably a variant of Win32/Obfuscated.ISZPTDH trojan
    a variant of Win32/Packed.VMProtect.AAA trojan
    a variant of Win32/HotSpotShield application
     
  12. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    I need a log. I can't remove anything unless I need files locations.
    That's what my instructions clearly say.
  13. f0cus

    f0cus Newcomer, in training Topic Starter

    Ok

    E:\Games\Deep Silver\Risen\bin\dvm.dll probably a variant of Win32/Obfuscated.ISZPTDH trojan
    E:\Games\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\1911.dll a variant of Win32/Packed.VMProtect.AAA trojan
    E:\Programs\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
    F:\Downloads\rld-rsnf.7z probably a variant of Win32/Obfuscated.ISZPTDH trojan
    F:\Other\ISO\TheSettlers7\rzr-set7.iso a variant of Win32/Packed.VMProtect.AAA trojan
  14. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Your computer is basically clean.
    All I need to see is Eset log and we're done.

    However, if you wish to reinstall, that's your choice....
  15. f0cus

    f0cus Newcomer, in training Topic Starter

    Edited the post above right as you posted that. I typically reformat every 6 months or so but really haven't since I got win 7 which was a while ago.
  16. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Formatting once in a while was a good idea before NTFS (Windows ME and earlier).
    With NTFS (Windows 2000 and later) it really doesn't make sense, unless there some serious issues, like system files corruption, or not curable infection.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      E:\Games\Deep Silver\Risen\bin\dvm.dll 
      E:\Games\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\1911.dll 
      E:\Programs\Hotspot Shield\bin\openvpnas.exe 
      F:\Downloads\rld-rsnf.7z 
      F:\Other\ISO\TheSettlers7\rzr-set7.iso
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  17. f0cus

    f0cus Newcomer, in training Topic Starter

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    E:\Games\Deep Silver\Risen\bin\dvm.dll moved successfully.
    E:\Games\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\1911.dll moved successfully.
    File move failed. E:\Programs\Hotspot Shield\bin\openvpnas.exe scheduled to be moved on reboot.
    F:\Downloads\rld-rsnf.7z moved successfully.
    F:\Other\ISO\TheSettlers7\rzr-set7.iso moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tommy
    ->Temp folder emptied: 303219 bytes
    ->Temporary Internet Files folder emptied: 1672325 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 47111754 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 792 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 47.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tommy
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11142010_225257

    Files\Folders moved on Reboot...
    File move failed. E:\Programs\Hotspot Shield\bin\openvpnas.exe scheduled to be moved on reboot.
    C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
  18. f0cus

    f0cus Newcomer, in training Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tommy
    ->Temp folder emptied: 302818 bytes
    ->Temporary Internet Files folder emptied: 1057169 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 7875188 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 9.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tommy
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.17.3 log created on 11142010_225853

    Files\Folders moved on Reboot...
    C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
  19. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Wonderful :)

    Whenever you're ready...
  20. f0cus

    f0cus Newcomer, in training Topic Starter

    Ok, installing a couple windows updates and grabbing FileHippo Update Checker. I have the other stuff you mentioned and use them regularly (except TFC which I got during this process and will start using now). I'll hold off on reformatting if it's not going to be useful.

    Did you conclude that I had trojans or were they false positives? Is it time to go change all my passwords, or did they get them some other way besides a keylogger on my computer?

    Thank you for your help, it's much appreciated :) And sorry for running TDSKiller without being told to, I'm used to taking the initiative to help myself and thought that reading through threads and trying stuff was a good idea, though apparently that helped spawn a different thread to emphasize that it wasn't :( Normally I would get the opposite response on a forum asking for help (did you try this and that? learn to use the search function! etc)
  21. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    That may be a good idea everywhere else, but malware forum.
    It's very unique in a sense, that you really have to know, what you're doing.
    Using a wrong tool may end up with a disaster.

    Probably not in your case, because your computer was pretty clean.
    So, your passwords should be safe.

    Good luck and stay safe :)
  22. f0cus

    f0cus Newcomer, in training Topic Starter

    Great! Thanks again :)
  23. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Sure thing :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.