Solved I have 2 gmail accounts that were compromised

f0cus · Nov 14, 2010

Someone from south korea (or proxied to look like south korea) has logged into 2 of my gmail accounts. One of the gmail recovery emails was in chinese. The two accounts had different passwords and neither of them have been accessed recently from anything but this computer and my blackberry (of course they could have been holding onto the passwords and finally struck now). This happened about 24 hours ago according to the gmail records. I have a feeling it's for my battle.net account info but that's just speculation. Here are the log files, hope someone can help! Oh also, I have Avast free version running constantly.

---------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5111

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/14/2010 4:41:38 AM
mbam-log-2010-11-14 (04-41-38).txt

Scan type: Quick scan
Objects scanned: 141514
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------------------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 06:38:12
Windows 6.1.7600
Running: bpcve3eq.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x64 0x5E 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0x74 0x00 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xDD 0x80 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x64 0x5E 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0x74 0x00 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xDD 0x80 0x34 ...

---- EOF - GMER 1.0.15 ----

---------------------------------------------------------------------

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Tommy at 6:39:53.01 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2624 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
e:\Programs\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\taskhost.exe
e:\Programs\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\RayV\RayV\RayV.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
E:\Games\SIMU\SGE\SGETask.Exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Razer\Tarantula\razertra.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
F:\Downloads\bpcve3eq.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
F:\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - e:\Programs\Hotspot Shield\HssIE\HssIE.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Core Temp] "E:\System\CoreTemp\Core Temp.exe"
uRun: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [RTSS] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Tommy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RIVATU~1.LNK - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SGETask.lnk - E:\Games\SIMU\SGE\SGETask.Exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: play.net\*
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - e:\Programs\Hotspot Shield\HssIE\HssIE_64.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL -
FF - component: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Tommy\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-2-25 121936]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-2-25 22096]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-2-25 63568]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
R2 HssWd;Hotspot Shield Monitoring Service;e:\Programs\Hotspot Shield\bin\hsswd.exe -product HSS --> e:\Programs\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-25 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2009-6-17 17464]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 TarFltr;Razer Tarantula USB Keyboard;C:\Windows\System32\drivers\UsbFltr.sys [2010-5-18 49664]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-4-2 25832]
S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2008-8-14 24064]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-27 1255736]
S4 LightTPD;LightTPD;C:\Windows\LIGHTSRC.exe [2010-3-6 9728]

=============== Created Last 30 ================

2010-11-14 10:30:32 -------- d-----w- C:\PROGRA~3\SecTaskMan
2010-11-14 03:51:48 -------- d-----w- C:\Users\Tommy\.gstreamer-0.10
2010-11-13 04:31:48 -------- d-----w- C:\Windows\Entropia Universe
2010-11-10 04:04:37 -------- d-----w- C:\Users\Tommy\AppData\Local\SKIDROW
2010-11-02 10:02:53 -------- d-----w- C:\Program Files (x86)\GRETECH
2010-10-22 19:10:05 -------- d-----w- C:\Users\Tommy\AppData\Roaming\RayV
2010-10-22 19:10:04 -------- d-----w- C:\Program Files (x86)\RayV
2010-10-22 03:22:13 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2010-10-19 00:15:15 -------- d-----w- C:\Users\Tommy\AppData\Roaming\Polynomial
2010-10-17 18:05:06 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A04E297C-8D87-4F78-A06B-85012C9E9203}\mpengine.dll
2010-10-16 23:39:59 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2010-10-15 20:47:29 -------- d-----w- C:\PROGRA~3\Nexon
2010-10-15 20:42:40 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2010-10-15 20:39:50 -------- d-----w- C:\PROGRA~3\NexonUS

==================== Find3M ====================

2010-10-25 00:41:37 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-10-25 00:30:44 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-10-16 23:39:59 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-10-11 02:12:58 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2010-10-05 22:59:33 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe
2010-09-15 08:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 6:40:10.27 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/15/2010 5:41:32 PM
System Uptime: 11/14/2010 6:24:01 AM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 965P-DS3
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2933/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 17.603 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 62.922 GiB free.
E: is FIXED (NTFS) - 552 GiB total, 79.507 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 55.58 GiB free.
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

@BIOS Ver.2.07
3DMark Vantage
Activision(R)
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3.3
Alien Breed: Impact Demo
Alien Swarm
Altitude
Altitude 1.0.0
Apple Application Support
Apple Software Update
ArcaniA: Gothic IV - Demo
avast! Free Antivirus
Avencast
Avencast™ Demo
Bandisoft MPEG-1 Decoder
Battle of the Immortals
Battlefield: Bad Company 2
Beat Hazard Demo
BioShock 2
BlackBerry Desktop Software 6.0
Bloodline Champions Beta
Blur(TM)
Borderlands
Clive Barker's Jericho
Combined Community Codec Pack 2009-09-09
Command & Conquer™ Red Alert™ 3 Demo
Counter-Strike
Crayon Physics Deluxe Demo
Diablo II
DirectVobSub (remove only)
DivX Setup
DogFighter
Download Manager 2.3.10
DTVblizzcon
EA SPORTS(TM) FIFA Online
Entropia Universe
erLT
Feed Viewer for Windows SideShow
FINAL FANTASY XIV Beta Version
Francesco's leveled creatures-items mod 4.5b
Francesco's optional new items/creatures 4.5
Fraps
Futuremark SystemInfo
Global Agenda - Demo
GOMTV Streamer
Google Chrome
Google Talk Plugin
Gothic 3
Gothic II: Gold Edition
HijackThis 2.0.2
Hotspot Shield 1.45
Inkscape 0.48.0
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
King Arthur - The Role-playing Wargame Demo
Lara Croft and the Guardian of Light
Lead and Gold - Gangs of the Wild West
League of Legends
Madballs in...Babo: Invasion
Mafia II - Demo
Malwarebytes' Anti-Malware
Mass Effect 2 Demo
Medal of Honor Beta
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.1
Miro
MKVtoolnix 4.0.0
Mount&Blade Warband
Mozilla Firefox (3.6.12)
MSVCRT
MUSHclient (remove only)
Nexon Game Manager
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
Oblivion mod manager 1.1.12
Octoshape Streaming Services
OnLive
Osmos Demo
Overlord
Overlord II
Overlord: Raising Hell
Pando Media Booster
Planescape - Torment
Plants vs. Zombies Demo
Portal
PunkBuster Services
Python 2.6.4
Quake Live Mozilla Plugin
QuickTime
Raptr
Razer Tarantula
Rhythm Zone - Demo
Risen
Risen Demo
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Rosetta Stone Version 3
Ruby 1.8.6-p287
Sacred 2 Demo
Safari
Search Toolbar
Secunia PSI
Security Task Manager 1.8
Shank Demo
Shatter
Ship Simulator Extremes Demo
Sid Meier's Civilization IV
Sid Meier's Civilization IV: Beyond the Sword
Sid Meier's Civilization IV: Colonization
Sid Meier's Civilization IV: Warlords
Sid Meier's Civilization V - Demo
Simutronics Game Entry
Skype™ 4.2
Spybot - Search & Destroy
StarCraft
StarCraft II
StarCraft II Beta
StormFront
Super Laser Racer Demo 1.12
System Requirements Lab
The Ball Demo
The Lich v3.50
The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
The Lord of the Rings Online™: Siege of Mirkwood™ v03.02.00.185
The Polynomial - Demo
The Settlers 7 - Paths to a Kingdom
Thief - Deadly Shadows Demo
Titan Quest
Titan Quest Immortal Throne
Tomb Raider: Legend
TorchED
Torchlight
Tribes 2
Trillian
Ubisoft Game Launcher
Uniblue ProcessScanner
Unity Web Player
Unofficial Oblivion Patch v3.2.0
VC80CRTRedist - 8.0.50727.4053
Vindictus
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Vuze
Vuze_Remote Toolbar
VVVVVV Demo
WampServer 2.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinPcap 4.1.1
Wireshark 1.2.6
World of Warcraft
Worms Reloaded Demo
Xvid 1.2.2 final uninstall
Zeno Clash

==== Event Viewer Messages From Past Week ========

11/14/2010 3:54:05 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/13/2010 10:45:21 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

==== End Of File ===========================

f0cus · Nov 14, 2010

I'm also looking through other threads, one suggested running TDSKiller. I ran it and it said no infection found.

f0cus · Nov 14, 2010

And another about MBRCheck. Here are the results:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: 965P-DS3
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 208):
0x02C03000 \SystemRoot\system32\ntoskrnl.exe
0x031DF000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00C14000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C58000 \SystemRoot\system32\PSHED.dll
0x00C6C000 \SystemRoot\system32\CLFS.SYS
0x00CCA000 \SystemRoot\system32\CI.dll
0x00EB5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F59000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01029000 \SystemRoot\System32\Drivers\spdc.sys
0x0114F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01158000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01187000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x011DE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011E8000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F68000 \SystemRoot\system32\DRIVERS\pci.sys
0x01000000 \SystemRoot\System32\drivers\partmgr.sys
0x00F9B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x01015000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0101D000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E6C000 \SystemRoot\System32\drivers\mountmgr.sys
0x011F5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E86000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00FB0000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00D8A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FBB000 \SystemRoot\system32\drivers\fileinfo.sys
0x01245000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014D6000 \SystemRoot\System32\Drivers\msrpc.sys
0x01534000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0154E000 \SystemRoot\System32\Drivers\cng.sys
0x015C1000 \SystemRoot\System32\drivers\pcw.sys
0x015D2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016AF000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x017A1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017EB000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0168B000 \SystemRoot\System32\Drivers\spldr.sys
0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01693000 \SystemRoot\System32\Drivers\mup.sys
0x016A5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01486000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x014C0000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00FCF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x013E8000 \SystemRoot\System32\Drivers\Null.SYS
0x013F1000 \SystemRoot\System32\Drivers\Beep.SYS
0x00DD6000 \SystemRoot\System32\drivers\vga.sys
0x02C17000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C3C000 \SystemRoot\System32\drivers\watchdog.sys
0x02C4C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C55000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C5E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C67000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C72000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C83000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CA1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CAE000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02CBE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D03000 \SystemRoot\system32\drivers\afd.sys
0x02D8D000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x02D97000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DA0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DC6000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03A27000 \SystemRoot\system32\DRIVERS\serial.sys
0x03A44000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03A5F000 \SystemRoot\system32\drivers\vpcvmm.sys
0x03AB6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03ACA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03B1B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03B27000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03B32000 \SystemRoot\System32\drivers\discache.sys
0x03B41000 \SystemRoot\system32\drivers\csc.sys
0x03BC4000 \SystemRoot\System32\Drivers\dfsc.sys
0x03BE2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03A00000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03D1F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FE22000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10AB4000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x10AB6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10BAA000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10BF0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03D35000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0FE00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03D8B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C00000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x0FE11000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03C65000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03C71000 \SystemRoot\system32\DRIVERS\parport.sys
0x03C8E000 \SystemRoot\System32\Drivers\awrcasdx.SYS
0x03CD3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03CE3000 \SystemRoot\System32\Drivers\RootMdm.sys
0x03DAF000 \SystemRoot\system32\drivers\modem.sys
0x03DBE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03DD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03CEB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E67000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E96000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03EB1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03ED2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03EEC000 \SystemRoot\system32\DRIVERS\taphss.sys
0x03EF9000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x03F01000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03F0C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03F1B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03F2A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03F2C000 \SystemRoot\system32\DRIVERS\ks.sys
0x03F6F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03F81000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x03F9E000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x03FAD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03FAF000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x03E00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03E5A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x03FEB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04ADE000 \SystemRoot\system32\drivers\HdAudio.sys
0x04B3A000 \SystemRoot\system32\drivers\portcls.sys
0x04B77000 \SystemRoot\system32\drivers\drmk.sys
0x04B99000 \SystemRoot\system32\drivers\ksthunk.sys
0x04B9F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04BAD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04BB9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04BC2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x04BD5000 \SystemRoot\System32\drivers\Dxapi.sys
0x04BE1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04A00000 \SystemRoot\system32\drivers\usbaudio.sys
0x04A1B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04A29000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04A42000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04A4B000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x04A5D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04A6A000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x04A7D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04A8B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x04A99000 \SystemRoot\system32\drivers\UsbFltr.sys
0x006E0000 \SystemRoot\System32\cdd.dll
0x00870000 \SystemRoot\System32\ATMFD.DLL
0x04AA6000 \SystemRoot\system32\drivers\luafv.sys
0x03CF7000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x04AC9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x015DC000 \SystemRoot\system32\drivers\WudfPf.sys
0x02DE9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x00DE4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04E7E000 \SystemRoot\system32\drivers\HTTP.sys
0x04F46000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04F64000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04F7C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04FA9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04E23000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x03D12000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x02C00000 \SystemRoot\system32\drivers\npf.sys
0x05415000 \SystemRoot\system32\drivers\peauth.sys
0x054BB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x054C6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x054F3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05505000 \SystemRoot\System32\DRIVERS\srv2.sys
0x058F6000 \SystemRoot\System32\DRIVERS\srv.sys
0x0598C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x059C2000 \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
0x059C9000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0x05871000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77110000 \Windows\System32\ntdll.dll
0x48330000 \Windows\System32\smss.exe
0xFF430000 \Windows\System32\apisetschema.dll
0xFF610000 \Windows\System32\autochk.exe
0xFF3A0000 \Windows\System32\difxapi.dll
0xFF350000 \Windows\System32\Wldap32.dll
0xFF0F0000 \Windows\System32\iertutil.dll
0xFF050000 \Windows\System32\comdlg32.dll
0xFEE40000 \Windows\System32\ole32.dll
0xFEDD0000 \Windows\System32\gdi32.dll
0xFEDC0000 \Windows\System32\lpk.dll
0x77010000 \Windows\System32\user32.dll
0xFECF0000 \Windows\System32\usp10.dll
0x772E0000 \Windows\System32\psapi.dll
0xFEC50000 \Windows\System32\clbcatq.dll
0xFDEC0000 \Windows\System32\shell32.dll
0xFDEA0000 \Windows\System32\imagehlp.dll
0xFDD70000 \Windows\System32\wininet.dll
0xFDD50000 \Windows\System32\sechost.dll
0xFDC20000 \Windows\System32\rpcrt4.dll
0xFDBA0000 \Windows\System32\shlwapi.dll
0xFDB50000 \Windows\System32\ws2_32.dll
0xFD9D0000 \Windows\System32\urlmon.dll
0xFD9A0000 \Windows\System32\imm32.dll
0xFD990000 \Windows\System32\nsi.dll
0xFD8F0000 \Windows\System32\msvcrt.dll
0xFD7E0000 \Windows\System32\msctf.dll
0x76EF0000 \Windows\System32\kernel32.dll
0xFD700000 \Windows\System32\oleaut32.dll
0xFD520000 \Windows\System32\setupapi.dll
0xFD440000 \Windows\System32\advapi32.dll
0x772D0000 \Windows\System32\normaliz.dll
0xFD2D0000 \Windows\System32\crypt32.dll
0xFD290000 \Windows\System32\wintrust.dll
0xFD270000 \Windows\System32\devobj.dll
0xFD230000 \Windows\System32\cfgmgr32.dll
0xFD1C0000 \Windows\System32\KernelBase.dll
0xFD120000 \Windows\System32\comctl32.dll
0xFD110000 \Windows\System32\msasn1.dll

Processes (total 67):
0 System Idle Process
4 System
244 C:\Windows\System32\smss.exe
344 csrss.exe
408 C:\Windows\System32\wininit.exe
428 csrss.exe
460 C:\Windows\System32\services.exe
484 C:\Windows\System32\lsass.exe
492 C:\Windows\System32\lsm.exe
528 C:\Windows\System32\winlogon.exe
632 C:\Windows\System32\svchost.exe
720 C:\Windows\System32\nvvsvc.exe
760 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
300 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
1052 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1112 C:\Windows\System32\nvvsvc.exe
1332 C:\Windows\System32\spoolsv.exe
1364 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\svchost.exe
1568 E:\Programs\Hotspot Shield\bin\openvpnas.exe
1700 C:\Windows\System32\taskhost.exe
1716 E:\Programs\Hotspot Shield\bin\hsswd.exe
1828 C:\Windows\System32\dwm.exe
1840 C:\Windows\SysWOW64\PnkBstrA.exe
1864 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1892 C:\Windows\System32\svchost.exe
1956 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
1988 C:\Windows\explorer.exe
2452 C:\Program Files\Windows Sidebar\sidebar.exe
2700 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
2996 WmiPrvSE.exe
2208 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
1608 WmiPrvSE.exe
2696 C:\Program Files (x86)\RayV\RayV\RayV.exe
1252 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2776 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1092 C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
840 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2896 C:\Program Files\Logitech\SetPoint II\SetPointII.exe
2804 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
2976 E:\Games\SIMU\SGE\SGETask.Exe
2140 C:\Windows\System32\SearchIndexer.exe
2212 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3556 C:\Windows\System32\taskeng.exe
3568 C:\Program Files (x86)\Razer\Tarantula\razertra.exe
3732 C:\Program Files (x86)\Secunia\PSI\psi.exe
3792 C:\Windows\System32\svchost.exe
3984 C:\Program Files\Windows Media Player\wmpnetwk.exe
2808 C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
3452 WmiPrvSE.exe
3540 C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
3944 C:\Windows\System32\svchost.exe
3936 C:\Windows\System32\wuauclt.exe
2464 C:\Windows\SysWOW64\ctfmon.exe
2548 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
360 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1968 C:\Windows\explorer.exe
2152 E:\Programs\Notepad++\notepad++.exe
2920 C:\Windows\System32\notepad.exe
2408 C:\Windows\System32\audiodg.exe
404 F:\Downloads\MBRCheck.exe
3748 C:\Windows\System32\conhost.exe
3332 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x0000000c`34f34a00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000024`9ed8e200 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)

PhysicalDrive1 Model Number: WDCWD7501AALS-00J7B0, Rev: 05.00K05
PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Broni · Nov 14, 2010

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

I'm also looking through other threads, one suggested running TDSKiller. I ran it and it said no infection found.

Never use any solutions designed for other computers!

========================================================================

Your Gmail accounts were compromised not necessarily through your computer.
They could have been hacked from the outside.
So far, I don't see anything malicious on your computer.

========================================================================

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

f0cus · Nov 14, 2010

OTL Extras logfile created on: 11/14/2010 4:00:41 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = F:\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
10.00 Gb Paging File | 9.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 6141 12282 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.83 Gb Total Space | 17.58 Gb Free Space | 36.00% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 62.92 Gb Free Space | 64.44% Space Free | Partition Type: NTFS
Drive E: | 552.15 Gb Total Space | 79.51 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 55.57 Gb Free Space | 23.86% Space Free | Partition Type: NTFS

Computer Name: MEGA-7 | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Programs\LightTPD\lighttpd.exe" = E:\Programs\LightTPD\lighttpd.exe:*:Enabled:LightTPD (WLMP Project) -- (LightTPD, http://www.lighttpd.net/)
"E:\Programs\LightTPD\lighttpd.exe" = E:\Programs\LightTPD\lighttpd.exe:*:Enabled:LightTPD (WLMP Project) -- (LightTPD, http://www.lighttpd.net/)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{36A415C2-7181-421D-92C9-8255766E0FF3}" = TortoiseSVN 1.6.10.19898 (64 bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"jEdit_is1" = jEdit 4.3.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A82D40B-899C-4BDB-BAC1-8A0126C3DAA2}" = Risen Demo
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4636E701-5410-4231-BF83-6B99DE575149}" = Sacred 2 Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000018301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
"{65678DF6-BF29-4B89-B473-9C15E4725E4A}_is1" = Ruby 1.8.6-p287
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV Beta Version
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.07
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}" = Bloodline Champions Beta
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4DA04B6-3EC4-4DFD-A14E-44959EF36D5B}" = Feed Viewer for Windows SideShow
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB3CEC18-A1C4-4909-8FE2-0C30D7A07E32}" = Thief - Deadly Shadows Demo
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA971CC3-23EF-4051-9A4F-B67D868F958D}}_is1" = Super Laser Racer Demo 1.12
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
"4578-0181-0549-1546" = Altitude 1.0.0
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"avast5" = avast! Free Antivirus
"Avencast™ Demo - Rise of The Mage_is1" = Avencast™ Demo
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Diablo II" = Diablo II
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.10
"e01f4d10-f2d0-11dd-ba2f-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.02.00.185
"Entropia Universe" = Entropia Universe
"Francesco's leveled creatures-items mod_is1" = Francesco's leveled creatures-items mod 4.5b
"Francesco's optional new items/creatures_is1" = Francesco's optional new items/creatures 4.5
"Fraps" = Fraps
"GomTVStreamer" = GOMTV Streamer
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.45
"Inkscape" = Inkscape 0.48.0
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"Lich_is1" = The Lich v3.50
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Miro" = Miro
"MKVtoolnix" = MKVtoolnix 4.0.0
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MUSHclient" = MUSHclient (remove only)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OnLive" = OnLive
"Planescape - Torment" = Planescape - Torment
"ProcessScanner_is1" = Uniblue ProcessScanner
"PunkBusterSvc" = PunkBuster Services
"Raptr" = Raptr
"RayV" = DTVblizzcon
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Runic Games TorchED" = TorchED
"Runic Games Torchlight" = Torchlight
"Search Toolbar" = Search Toolbar
"Secunia PSI" = Secunia PSI
"Security Task Manager" = Security Task Manager 1.8
"Simutronics Game Entry" = Simutronics Game Entry
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10" = Counter-Strike
"Steam App 11420" = Clive Barker's Jericho
"Steam App 11450" = Overlord
"Steam App 12710" = Overlord: Raising Hell
"Steam App 12810" = Overlord II
"Steam App 16810" = Sid Meier's Civilization IV: Colonization
"Steam App 17050" = Global Agenda - Demo
"Steam App 20820" = Shatter
"Steam App 22200" = Zeno Clash
"Steam App 22620" = Alien Breed: Impact Demo
"Steam App 22690" = Worms Reloaded Demo
"Steam App 24430" = King Arthur - The Role-playing Wargame Demo
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 25700" = Madballs in...Babo: Invasion
"Steam App 26910" = Crayon Physics Deluxe Demo
"Steam App 29200" = Osmos Demo
"Steam App 35130" = Lara Croft and the Guardian of Light
"Steam App 35490" = The Ball Demo
"Steam App 3592" = Plants vs. Zombies Demo
"Steam App 38910" = Rhythm Zone - Demo
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 39500" = Gothic 3
"Steam App 39510" = Gothic II: Gold Edition
"Steam App 3990" = Sid Meier's Civilization IV: Warlords
"Steam App 400" = Portal
"Steam App 41300" = Altitude
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 42500" = DogFighter
"Steam App 46410" = Avencast
"Steam App 47760" = Mass Effect 2 Demo
"Steam App 47770" = Medal of Honor Beta
"Steam App 48810" = Ship Simulator Extremes Demo
"Steam App 49610" = Beat Hazard Demo
"Steam App 50280" = Mafia II - Demo
"Steam App 6130" = Shank Demo
"Steam App 630" = Alien Swarm
"Steam App 65520" = ArcaniA: Gothic IV - Demo
"Steam App 65900" = Sid Meier's Civilization V - Demo
"Steam App 67010" = The Polynomial - Demo
"Steam App 7000" = Tomb Raider: Legend
"Steam App 70310" = VVVVVV Demo
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 8980" = Borderlands
"StormFront" = StormFront
"Tribes 2" = Tribes 2
"Trillian" = Trillian
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"Vindictus" = Vindictus
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WampServer 2_is1" = WampServer 2.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.6
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2010 3:34:01 AM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/8/2010 5:53:38 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "E:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/8/2010 5:59:43 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/9/2010 2:09:30 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "E:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/9/2010 2:15:42 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/11/2010 6:39:27 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "E:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2010 6:46:46 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/12/2010 2:20:30 PM | Computer Name = Mega-7 | Source = Application Hang | ID = 1002
Description = The program SC2.exe version 1.1.3.16939 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 7dc Start Time:
01cb8295f978ad7a Termination Time: 78 Application Path: E:\Games\StarCraft II\Versions\Base16939\SC2.exe

Report
Id:

Error - 11/13/2010 8:15:11 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "E:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/13/2010 8:21:26 PM | Computer Name = Mega-7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 8/13/2010 2:56:54 PM | Computer Name = Mega-7 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/17/2010 2:36:39 PM | Computer Name = Mega-7 | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/20/2010 2:41:32 AM | Computer Name = Mega-7 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 8/20/2010 2:41:32 AM | Computer Name = Mega-7 | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 8/21/2010 6:30:00 PM | Computer Name = Mega-7 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/24/2010 10:32:09 PM | Computer Name = Mega-7 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 8/24/2010 10:32:09 PM | Computer Name = Mega-7 | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 8/24/2010 11:08:08 PM | Computer Name = Mega-7 | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/24/2010 11:08:08 PM | Computer Name = Mega-7 | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/25/2010 9:28:37 PM | Computer Name = Mega-7 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

< End of report >

f0cus · Nov 14, 2010

OTL logfile created on: 11/14/2010 4:00:41 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = F:\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
10.00 Gb Paging File | 9.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 6141 12282 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.83 Gb Total Space | 17.58 Gb Free Space | 36.00% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 62.92 Gb Free Space | 64.44% Space Free | Partition Type: NTFS
Drive E: | 552.15 Gb Total Space | 79.51 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 55.57 Gb Free Space | 23.86% Space Free | Partition Type: NTFS

Computer Name: MEGA-7 | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 15:58:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
PRC - [2010/10/21 14:52:16 | 002,839,848 | ---- | M] (RayV) -- C:\Program Files (x86)\RayV\RayV\RayV.exe
PRC - [2010/10/16 18:39:59 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/07 09:05:32 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi.exe
PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/25 16:00:40 | 000,323,632 | ---- | M] () -- e:\Programs\Hotspot Shield\bin\hsswd.exe
PRC - [2010/05/24 21:41:00 | 000,248,368 | ---- | M] () -- e:\Programs\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/03/09 06:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/30 06:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/08/22 13:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
PRC - [2009/08/22 13:25:00 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/04 10:00:40 | 000,091,720 | ---- | M] (Simutronics Corporation) -- E:\Games\SIMU\SGE\SGETask.Exe
PRC - [2007/05/07 09:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
PRC - [2007/03/05 17:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Modules (SafeList) ==========

MOD - [2010/11/14 15:58:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/08/22 13:25:00 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSHooks.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/03/09 06:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/04 17:42:36 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/16 18:39:59 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/25 16:00:40 | 000,323,632 | ---- | M] () [Auto | Running] -- e:\Programs\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/05/24 21:42:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- e:\Programs\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/05/24 21:41:00 | 000,248,368 | ---- | M] () [Auto | Running] -- e:\Programs\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/04/02 13:54:31 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- e:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/20 20:04:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/12 01:19:50 | 000,009,728 | ---- | M] (WLMP Project TEAM, http://en.wlmp-project.net/) [Disabled | Stopped] -- C:\Windows\LIGHTSRC.exe -- (LightTPD)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/10/10 21:12:58 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/07/21 23:34:23 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/07/07 09:05:32 | 000,017,464 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/03/09 06:08:56 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/02/20 20:15:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/08 18:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/22 20:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 20:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 20:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 20:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/14 05:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2007/07/17 16:42:38 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/07/17 16:42:32 | 000,054,288 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/04/11 15:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr)
DRV - [2010/05/26 04:06:50 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/02/16 19:04:56 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2006/09/27 13:48:04 | 000,044,800 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\UsbFltr.sys -- (TarFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 8C D8 30 90 AE CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.9.2
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 13:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 13:44:13 | 000,000,000 | ---D | M]

[2010/02/15 17:44:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla\Extensions
[2010/11/13 16:13:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions
[2010/09/12 19:50:06 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/11/12 13:14:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/12 19:50:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/08 14:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/03/05 13:05:40 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/11/03 15:43:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/09 22:03:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/11 14:09:54 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/10/15 03:58:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\amznUWL@amazon.com
[2010/06/21 21:51:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\eafo3fflauncher@ea.com
[2010/05/07 13:59:31 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\firebug@software.joehewitt.com
[2010/05/26 16:14:34 | 000,001,948 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\searchplugins\bing-zugo.xml
[2010/11/01 14:11:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/17 13:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/09 16:15:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 12:37:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 14:11:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/05/31 14:52:02 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - e:\Programs\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - e:\Programs\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RTSS] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe ()
O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKCU..\Run: [Core Temp] E:\System\CoreTemp\Core Temp.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe (RayV)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RivaTuner.lnk = C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: play.net ([*] * in Trusted sites)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/15 11:11:14 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\Shell - "" = AutoRun
O33 - MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\Shell - "" = AutoRun
O33 - MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\Shell - "" = AutoRun
O33 - MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 07:11:56 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/14 05:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/11/13 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\Tommy\.gstreamer-0.10
[2010/11/13 22:46:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Entropia Universe
[2010/11/12 23:31:48 | 000,000,000 | ---D | C] -- C:\Windows\Entropia Universe
[2010/11/09 23:04:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\SKIDROW
[2010/11/08 15:44:06 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\apply
[2010/11/05 15:01:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\SS
[2010/11/04 04:56:43 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\GRETECH
[2010/11/02 05:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2010/10/22 14:10:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\RayV
[2010/10/22 14:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RayV
[2010/10/21 22:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2010/10/18 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Polynomial
[2010/10/16 18:41:36 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\BFBC2
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 16:03:00 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 16:03:00 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 15:55:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 15:55:41 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 06:44:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-225202367-2320189925-3991510653-1001UA.job
[2010/11/14 06:32:45 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/14 06:32:45 | 000,625,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/14 06:32:45 | 000,108,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/13 22:52:28 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-225202367-2320189925-3991510653-1001Core.job
[2010/11/13 22:42:48 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Entropia Universe.lnk
[2010/11/11 15:56:46 | 000,000,600 | ---- | M] () -- C:\Users\Tommy\AppData\Local\PUTTY.RND
[2010/11/10 14:40:31 | 000,164,030 | ---- | M] () -- C:\Users\Tommy\Desktop\webinar-banner.png
[2010/11/09 22:51:40 | 000,000,557 | ---- | M] () -- C:\Users\Tommy\Desktop\Sid Meiers Civilization V.lnk
[2010/11/05 15:00:50 | 000,000,633 | ---- | M] () -- C:\Users\Tommy\Desktop\Fraps.lnk
[2010/11/04 21:52:38 | 000,137,404 | ---- | M] () -- C:\Users\Tommy\Desktop\wtf.JPG
[2010/10/24 19:41:37 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/10/24 19:30:44 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/10/22 14:10:05 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\BlizzConLive.lnk
[2010/10/21 22:23:30 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Bloodline Champions.lnk
[2010/10/16 18:39:59 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/10/16 18:39:59 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/10/15 17:57:48 | 020,015,890 | ---- | M] () -- C:\Users\Tommy\Desktop\MOV00912.MPG
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/12 23:31:48 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Entropia Universe.lnk
[2010/11/10 14:40:29 | 000,164,030 | ---- | C] () -- C:\Users\Tommy\Desktop\webinar-banner.png
[2010/11/09 22:51:40 | 000,000,557 | ---- | C] () -- C:\Users\Tommy\Desktop\Sid Meiers Civilization V.lnk
[2010/11/05 15:00:50 | 000,000,633 | ---- | C] () -- C:\Users\Tommy\Desktop\Fraps.lnk
[2010/11/04 21:52:31 | 000,137,404 | ---- | C] () -- C:\Users\Tommy\Desktop\wtf.JPG
[2010/10/22 14:10:05 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\BlizzConLive.lnk
[2010/10/21 22:23:30 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Bloodline Champions.lnk
[2010/10/16 18:39:59 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/10/15 17:54:52 | 020,015,890 | ---- | C] () -- C:\Users\Tommy\Desktop\MOV00912.MPG
[2010/08/17 01:17:32 | 000,000,807 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/15 10:42:04 | 000,000,093 | ---- | C] () -- C:\Users\Tommy\AppData\Local\fusioncache.dat
[2010/08/13 20:33:44 | 000,745,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/01 19:31:02 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\psfind.dll
[2010/05/18 21:21:46 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/18 21:21:46 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/11 13:37:10 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/04/05 13:35:33 | 000,000,760 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\setup_ldm.iss
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/20 03:16:15 | 000,000,257 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/02/25 12:50:18 | 000,000,036 | ---- | C] () -- C:\Users\Tommy\AppData\Local\housecall.guid.cache
[2010/02/23 12:38:30 | 000,000,600 | ---- | C] () -- C:\Users\Tommy\AppData\Local\PUTTY.RND
[2010/02/16 13:14:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2008/09/19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008/09/19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini

========== LOP Check ==========

[2010/10/10 18:55:53 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Azureus
[2010/07/02 13:01:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Beat Hazard
[2010/08/19 01:22:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Bioshock2
[2010/06/10 18:45:22 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\bizarre creations
[2010/07/05 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Codemasters
[2010/07/01 19:07:42 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Crayon Physics Deluxe
[2010/02/20 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools Lite
[2010/11/11 17:20:16 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\FileZilla
[2010/06/21 18:58:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\GetRightToGo
[2010/05/26 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\gtk-2.0
[2010/02/28 14:11:11 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\IDM
[2010/02/20 19:55:15 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ImgBurn
[2010/09/13 18:37:18 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\inkscape
[2010/04/05 13:35:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Leadertech
[2010/07/19 21:06:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LolClient
[2010/06/24 22:57:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\mkvtoolnix
[2010/02/27 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mount&Blade
[2010/02/28 14:31:18 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mount&Blade Warband
[2010/02/28 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\NBC Direct
[2010/03/15 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Notepad++
[2010/08/27 17:45:38 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Octoshape
[2010/10/05 14:29:03 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OnLive App
[2010/05/26 16:19:10 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Participatory Culture Foundation
[2010/06/03 15:09:34 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PCF-VLC
[2010/10/18 19:23:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Polynomial
[2010/11/12 13:14:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Raptr
[2010/11/11 14:07:22 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\RayV
[2010/04/19 03:22:32 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Red Alert 3 Demo
[2010/04/12 01:14:05 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Research In Motion
[2010/03/10 01:52:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\runic games
[2010/05/26 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\StormFront
[2010/02/16 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Subversion
[2010/06/25 12:40:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\SystemRequirementsLab
[2010/02/15 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Trillian
[2010/08/15 10:42:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Turbine
[2010/06/22 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Unity
[2010/02/25 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Wireshark
[2010/03/01 02:04:07 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/09/01 12:06:11 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/03/01 02:03:03 | 000,001,788 | ---- | M] () -- C:\aaw7boot.log
[2008/10/15 11:11:14 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/08/15 21:51:24 | 000,000,354 | -H-- | M] () -- C:\Boot.BAK
[2010/02/15 20:31:08 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2010/02/15 20:31:08 | 000,000,354 | RHS- | M] () -- C:\Boot.ini.saved
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/02/15 20:31:09 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2008/10/15 11:11:14 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/11/14 15:55:41 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/05 01:42:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/05 19:32:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/14 15:55:42 | 2144,337,919 | -HS- | M] () -- C:\pagefile.sys
[2010/11/14 07:06:05 | 000,064,726 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_14.11.2010_07.04.44_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/15 17:42:40 | 000,000,221 | -HS- | M] () -- C:\Users\Tommy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/07/21 22:57:31 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/07/21 22:57:31 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/04/24 15:34:13 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/04/24 15:34:13 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/07/21 22:57:31 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/26 13:37:39 | 000,000,402 | -HS- | M] () -- C:\Users\Tommy\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/10/15 15:50:43 | 000,000,000 | ---D | M](C:\Users\Tommy\Documents\?? ???) -- C:\Users\Tommy\Documents\넥슨 플러그
[2010/10/15 15:50:43 | 000,000,000 | ---D | C](C:\Users\Tommy\Documents\?? ???) -- C:\Users\Tommy\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:BEB15613

< End of report >

Broni · Nov 14, 2010

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O33 - MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\Shell - "" = AutoRun
O33 - MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\Shell - "" = AutoRun
O33 - MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\Shell - "" = AutoRun
O33 - MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:BEB15613

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

f0cus · Nov 14, 2010

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1edf3361-1e4c-11df-9d97-001a4d425c20}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1edf3361-1e4c-11df-9d97-001a4d425c20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1edf3361-1e4c-11df-9d97-001a4d425c20}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30655942-2a1b-11df-8e39-001a4d425c20}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30655942-2a1b-11df-8e39-001a4d425c20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30655942-2a1b-11df-8e39-001a4d425c20}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca162536-1e86-11df-b784-001a4d425c20}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca162536-1e86-11df-b784-001a4d425c20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca162536-1e86-11df-b784-001a4d425c20}\ not found.
File H:\Installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe not found.
C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully.
ADS C:\ProgramData\TEMP:BEB15613 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tommy
->Temp folder emptied: 581193 bytes
->Temporary Internet Files folder emptied: 2423637 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43652588 bytes
->Google Chrome cache emptied: 7091802 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 611 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 51.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tommy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11142010_162303

Files\Folders moved on Reboot...
C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

f0cus · Nov 14, 2010

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.3.3
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````

Broni · Nov 14, 2010

All good, so far.
Eset, please.

f0cus · Nov 14, 2010

Hrm, it found some stuff...

probably a variant of Win32/Obfuscated.ISZPTDH trojan
a variant of Win32/Packed.VMProtect.AAA trojan
a variant of Win32/HotSpotShield application

Broni · Nov 14, 2010

I need a log. I can't remove anything unless I need files locations.
That's what my instructions clearly say.

f0cus · Nov 14, 2010

Ok

E:\Games\Deep Silver\Risen\bin\dvm.dll probably a variant of Win32/Obfuscated.ISZPTDH trojan
E:\Games\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\1911.dll a variant of Win32/Packed.VMProtect.AAA trojan
E:\Programs\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
F:\Downloads\rld-rsnf.7z probably a variant of Win32/Obfuscated.ISZPTDH trojan
F:\Other\ISO\TheSettlers7\rzr-set7.iso a variant of Win32/Packed.VMProtect.AAA trojan

Broni · Nov 14, 2010

Your computer is basically clean.
All I need to see is Eset log and we're done.

However, if you wish to reinstall, that's your choice....

f0cus · Nov 14, 2010

Edited the post above right as you posted that. I typically reformat every 6 months or so but really haven't since I got win 7 which was a while ago.

Broni · Nov 14, 2010

Formatting once in a while was a good idea before NTFS (Windows ME and earlier).
With NTFS (Windows 2000 and later) it really doesn't make sense, unless there some serious issues, like system files corruption, or not curable infection.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL

:Services

:Reg

:Files
E:\Games\Deep Silver\Risen\bin\dvm.dll 
E:\Games\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\1911.dll 
E:\Programs\Hotspot Shield\bin\openvpnas.exe 
F:\Downloads\rld-rsnf.7z 
F:\Other\ISO\TheSettlers7\rzr-set7.iso

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

f0cus · Nov 14, 2010

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
E:\Games\Deep Silver\Risen\bin\dvm.dll moved successfully.
E:\Games\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\1911.dll moved successfully.
File move failed. E:\Programs\Hotspot Shield\bin\openvpnas.exe scheduled to be moved on reboot.
F:\Downloads\rld-rsnf.7z moved successfully.
F:\Other\ISO\TheSettlers7\rzr-set7.iso moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tommy
->Temp folder emptied: 303219 bytes
->Temporary Internet Files folder emptied: 1672325 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47111754 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 792 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tommy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11142010_225257

Files\Folders moved on Reboot...
File move failed. E:\Programs\Hotspot Shield\bin\openvpnas.exe scheduled to be moved on reboot.
C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

f0cus · Nov 14, 2010

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tommy
->Temp folder emptied: 302818 bytes
->Temporary Internet Files folder emptied: 1057169 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7875188 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tommy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 11142010_225853

Files\Folders moved on Reboot...
C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Broni · Nov 14, 2010

Wonderful

12. Please, let me know, how your computer is doing.

Whenever you're ready...

f0cus · Nov 14, 2010

Ok, installing a couple windows updates and grabbing FileHippo Update Checker. I have the other stuff you mentioned and use them regularly (except TFC which I got during this process and will start using now). I'll hold off on reformatting if it's not going to be useful.

Did you conclude that I had trojans or were they false positives? Is it time to go change all my passwords, or did they get them some other way besides a keylogger on my computer?

Thank you for your help, it's much appreciated

And sorry for running TDSKiller without being told to, I'm used to taking the initiative to help myself and thought that reading through threads and trying stuff was a good idea, though apparently that helped spawn a different thread to emphasize that it wasn't

Normally I would get the opposite response on a forum asking for help (did you try this and that? learn to use the search function! etc)

Broni · Nov 14, 2010

Normally I would get the opposite response on a forum asking for help (did you try this and that? learn to use the search function! etc)

That may be a good idea everywhere else, but malware forum.
It's very unique in a sense, that you really have to know, what you're doing.
Using a wrong tool may end up with a disaster.

Probably not in your case, because your computer was pretty clean.
So, your passwords should be safe.

Good luck and stay safe

f0cus · Nov 14, 2010

Great! Thanks again

Broni · Nov 14, 2010

Sure thing

Solved I have 2 gmail accounts that were compromised

Posts: 14 +0

Posts: 14 +0

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Similar threads