Someone from south korea (or proxied to look like south korea) has logged into 2 of my gmail accounts. One of the gmail recovery emails was in chinese. The two accounts had different passwords and neither of them have been accessed recently from anything but this computer and my blackberry (of course they could have been holding onto the passwords and finally struck now). This happened about 24 hours ago according to the gmail records. I have a feeling it's for my battle.net account info but that's just speculation. Here are the log files, hope someone can help! Oh also, I have Avast free version running constantly.
---------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5111
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/14/2010 4:41:38 AM
mbam-log-2010-11-14 (04-41-38).txt
Scan type: Quick scan
Objects scanned: 141514
Time elapsed: 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 06:38:12
Windows 6.1.7600
Running: bpcve3eq.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x64 0x5E 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0x74 0x00 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xDD 0x80 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x64 0x5E 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0x74 0x00 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xDD 0x80 0x34 ...
---- EOF - GMER 1.0.15 ----
---------------------------------------------------------------------
DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Tommy at 6:39:53.01 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2624 [GMT -5:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
e:\Programs\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\taskhost.exe
e:\Programs\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\RayV\RayV\RayV.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
E:\Games\SIMU\SGE\SGETask.Exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Razer\Tarantula\razertra.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
F:\Downloads\bpcve3eq.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
F:\Downloads\dds.scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - e:\Programs\Hotspot Shield\HssIE\HssIE.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Core Temp] "E:\System\CoreTemp\Core Temp.exe"
uRun: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [RTSS] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Tommy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RIVATU~1.LNK - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SGETask.lnk - E:\Games\SIMU\SGE\SGETask.Exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: play.net\*
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - e:\Programs\Hotspot Shield\HssIE\HssIE_64.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL -
FF - component: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Tommy\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-2-25 121936]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-2-25 22096]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-2-25 63568]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
R2 HssWd;Hotspot Shield Monitoring Service;e:\Programs\Hotspot Shield\bin\hsswd.exe -product HSS --> e:\Programs\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-25 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2009-6-17 17464]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 TarFltr;Razer Tarantula USB Keyboard;C:\Windows\System32\drivers\UsbFltr.sys [2010-5-18 49664]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-4-2 25832]
S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2008-8-14 24064]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-27 1255736]
S4 LightTPD;LightTPD;C:\Windows\LIGHTSRC.exe [2010-3-6 9728]
=============== Created Last 30 ================
2010-11-14 10:30:32 -------- d-----w- C:\PROGRA~3\SecTaskMan
2010-11-14 03:51:48 -------- d-----w- C:\Users\Tommy\.gstreamer-0.10
2010-11-13 04:31:48 -------- d-----w- C:\Windows\Entropia Universe
2010-11-10 04:04:37 -------- d-----w- C:\Users\Tommy\AppData\Local\SKIDROW
2010-11-02 10:02:53 -------- d-----w- C:\Program Files (x86)\GRETECH
2010-10-22 19:10:05 -------- d-----w- C:\Users\Tommy\AppData\Roaming\RayV
2010-10-22 19:10:04 -------- d-----w- C:\Program Files (x86)\RayV
2010-10-22 03:22:13 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2010-10-19 00:15:15 -------- d-----w- C:\Users\Tommy\AppData\Roaming\Polynomial
2010-10-17 18:05:06 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A04E297C-8D87-4F78-A06B-85012C9E9203}\mpengine.dll
2010-10-16 23:39:59 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2010-10-15 20:47:29 -------- d-----w- C:\PROGRA~3\Nexon
2010-10-15 20:42:40 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2010-10-15 20:39:50 -------- d-----w- C:\PROGRA~3\NexonUS
==================== Find3M ====================
2010-10-25 00:41:37 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-10-25 00:30:44 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-10-16 23:39:59 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-10-11 02:12:58 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2010-10-05 22:59:33 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe
2010-09-15 08:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
============= FINISH: 6:40:10.27 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/15/2010 5:41:32 PM
System Uptime: 11/14/2010 6:24:01 AM (0 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | 965P-DS3
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2933/266mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 17.603 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 62.922 GiB free.
E: is FIXED (NTFS) - 552 GiB total, 79.507 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 55.58 GiB free.
G: is CDROM ()
H: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
@BIOS Ver.2.07
3DMark Vantage
Activision(R)
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3.3
Alien Breed: Impact Demo
Alien Swarm
Altitude
Altitude 1.0.0
Apple Application Support
Apple Software Update
ArcaniA: Gothic IV - Demo
avast! Free Antivirus
Avencast
Avencast™ Demo
Bandisoft MPEG-1 Decoder
Battle of the Immortals
Battlefield: Bad Company 2
Beat Hazard Demo
BioShock 2
BlackBerry Desktop Software 6.0
Bloodline Champions Beta
Blur(TM)
Borderlands
Clive Barker's Jericho
Combined Community Codec Pack 2009-09-09
Command & Conquer™ Red Alert™ 3 Demo
Counter-Strike
Crayon Physics Deluxe Demo
Diablo II
DirectVobSub (remove only)
DivX Setup
DogFighter
Download Manager 2.3.10
DTVblizzcon
EA SPORTS(TM) FIFA Online
Entropia Universe
erLT
Feed Viewer for Windows SideShow
FINAL FANTASY XIV Beta Version
Francesco's leveled creatures-items mod 4.5b
Francesco's optional new items/creatures 4.5
Fraps
Futuremark SystemInfo
Global Agenda - Demo
GOMTV Streamer
Google Chrome
Google Talk Plugin
Gothic 3
Gothic II: Gold Edition
HijackThis 2.0.2
Hotspot Shield 1.45
Inkscape 0.48.0
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
King Arthur - The Role-playing Wargame Demo
Lara Croft and the Guardian of Light
Lead and Gold - Gangs of the Wild West
League of Legends
Madballs in...Babo: Invasion
Mafia II - Demo
Malwarebytes' Anti-Malware
Mass Effect 2 Demo
Medal of Honor Beta
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.1
Miro
MKVtoolnix 4.0.0
Mount&Blade Warband
Mozilla Firefox (3.6.12)
MSVCRT
MUSHclient (remove only)
Nexon Game Manager
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
Oblivion mod manager 1.1.12
Octoshape Streaming Services
OnLive
Osmos Demo
Overlord
Overlord II
Overlord: Raising Hell
Pando Media Booster
Planescape - Torment
Plants vs. Zombies Demo
Portal
PunkBuster Services
Python 2.6.4
Quake Live Mozilla Plugin
QuickTime
Raptr
Razer Tarantula
Rhythm Zone - Demo
Risen
Risen Demo
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Rosetta Stone Version 3
Ruby 1.8.6-p287
Sacred 2 Demo
Safari
Search Toolbar
Secunia PSI
Security Task Manager 1.8
Shank Demo
Shatter
Ship Simulator Extremes Demo
Sid Meier's Civilization IV
Sid Meier's Civilization IV: Beyond the Sword
Sid Meier's Civilization IV: Colonization
Sid Meier's Civilization IV: Warlords
Sid Meier's Civilization V - Demo
Simutronics Game Entry
Skype™ 4.2
Spybot - Search & Destroy
StarCraft
StarCraft II
StarCraft II Beta
StormFront
Super Laser Racer Demo 1.12
System Requirements Lab
The Ball Demo
The Lich v3.50
The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
The Lord of the Rings Online™: Siege of Mirkwood™ v03.02.00.185
The Polynomial - Demo
The Settlers 7 - Paths to a Kingdom
Thief - Deadly Shadows Demo
Titan Quest
Titan Quest Immortal Throne
Tomb Raider: Legend
TorchED
Torchlight
Tribes 2
Trillian
Ubisoft Game Launcher
Uniblue ProcessScanner
Unity Web Player
Unofficial Oblivion Patch v3.2.0
VC80CRTRedist - 8.0.50727.4053
Vindictus
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Vuze
Vuze_Remote Toolbar
VVVVVV Demo
WampServer 2.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinPcap 4.1.1
Wireshark 1.2.6
World of Warcraft
Worms Reloaded Demo
Xvid 1.2.2 final uninstall
Zeno Clash
==== Event Viewer Messages From Past Week ========
11/14/2010 3:54:05 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/13/2010 10:45:21 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
==== End Of File ===========================
---------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5111
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/14/2010 4:41:38 AM
mbam-log-2010-11-14 (04-41-38).txt
Scan type: Quick scan
Objects scanned: 141514
Time elapsed: 3 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 06:38:12
Windows 6.1.7600
Running: bpcve3eq.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x64 0x5E 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0x74 0x00 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xDD 0x80 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x64 0x5E 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0x74 0x00 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xDD 0x80 0x34 ...
---- EOF - GMER 1.0.15 ----
---------------------------------------------------------------------
DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Tommy at 6:39:53.01 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2624 [GMT -5:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
e:\Programs\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\taskhost.exe
e:\Programs\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\RayV\RayV\RayV.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
E:\Games\SIMU\SGE\SGETask.Exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Razer\Tarantula\razertra.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
F:\Downloads\bpcve3eq.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
F:\Downloads\dds.scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - e:\Programs\Hotspot Shield\HssIE\HssIE.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Core Temp] "E:\System\CoreTemp\Core Temp.exe"
uRun: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [RTSS] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Tommy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RIVATU~1.LNK - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SGETask.lnk - E:\Games\SIMU\SGE\SGETask.Exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: play.net\*
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - e:\Programs\Hotspot Shield\HssIE\HssIE_64.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL -
FF - component: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Tommy\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\a750pdhk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Tommy\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-2-25 121936]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-2-25 22096]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-2-25 63568]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
R2 HssWd;Hotspot Shield Monitoring Service;e:\Programs\Hotspot Shield\bin\hsswd.exe -product HSS --> e:\Programs\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-25 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2009-6-17 17464]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 TarFltr;Razer Tarantula USB Keyboard;C:\Windows\System32\drivers\UsbFltr.sys [2010-5-18 49664]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-13 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-4-2 25832]
S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2008-8-14 24064]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-27 1255736]
S4 LightTPD;LightTPD;C:\Windows\LIGHTSRC.exe [2010-3-6 9728]
=============== Created Last 30 ================
2010-11-14 10:30:32 -------- d-----w- C:\PROGRA~3\SecTaskMan
2010-11-14 03:51:48 -------- d-----w- C:\Users\Tommy\.gstreamer-0.10
2010-11-13 04:31:48 -------- d-----w- C:\Windows\Entropia Universe
2010-11-10 04:04:37 -------- d-----w- C:\Users\Tommy\AppData\Local\SKIDROW
2010-11-02 10:02:53 -------- d-----w- C:\Program Files (x86)\GRETECH
2010-10-22 19:10:05 -------- d-----w- C:\Users\Tommy\AppData\Roaming\RayV
2010-10-22 19:10:04 -------- d-----w- C:\Program Files (x86)\RayV
2010-10-22 03:22:13 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2010-10-19 00:15:15 -------- d-----w- C:\Users\Tommy\AppData\Roaming\Polynomial
2010-10-17 18:05:06 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A04E297C-8D87-4F78-A06B-85012C9E9203}\mpengine.dll
2010-10-16 23:39:59 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2010-10-15 20:47:29 -------- d-----w- C:\PROGRA~3\Nexon
2010-10-15 20:42:40 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2010-10-15 20:39:50 -------- d-----w- C:\PROGRA~3\NexonUS
==================== Find3M ====================
2010-10-25 00:41:37 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-10-25 00:30:44 234280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-10-16 23:39:59 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-10-11 02:12:58 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2010-10-05 22:59:33 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe
2010-09-15 08:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
============= FINISH: 6:40:10.27 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/15/2010 5:41:32 PM
System Uptime: 11/14/2010 6:24:01 AM (0 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | 965P-DS3
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2933/266mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 17.603 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 62.922 GiB free.
E: is FIXED (NTFS) - 552 GiB total, 79.507 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 55.58 GiB free.
G: is CDROM ()
H: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
@BIOS Ver.2.07
3DMark Vantage
Activision(R)
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3.3
Alien Breed: Impact Demo
Alien Swarm
Altitude
Altitude 1.0.0
Apple Application Support
Apple Software Update
ArcaniA: Gothic IV - Demo
avast! Free Antivirus
Avencast
Avencast™ Demo
Bandisoft MPEG-1 Decoder
Battle of the Immortals
Battlefield: Bad Company 2
Beat Hazard Demo
BioShock 2
BlackBerry Desktop Software 6.0
Bloodline Champions Beta
Blur(TM)
Borderlands
Clive Barker's Jericho
Combined Community Codec Pack 2009-09-09
Command & Conquer™ Red Alert™ 3 Demo
Counter-Strike
Crayon Physics Deluxe Demo
Diablo II
DirectVobSub (remove only)
DivX Setup
DogFighter
Download Manager 2.3.10
DTVblizzcon
EA SPORTS(TM) FIFA Online
Entropia Universe
erLT
Feed Viewer for Windows SideShow
FINAL FANTASY XIV Beta Version
Francesco's leveled creatures-items mod 4.5b
Francesco's optional new items/creatures 4.5
Fraps
Futuremark SystemInfo
Global Agenda - Demo
GOMTV Streamer
Google Chrome
Google Talk Plugin
Gothic 3
Gothic II: Gold Edition
HijackThis 2.0.2
Hotspot Shield 1.45
Inkscape 0.48.0
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
King Arthur - The Role-playing Wargame Demo
Lara Croft and the Guardian of Light
Lead and Gold - Gangs of the Wild West
League of Legends
Madballs in...Babo: Invasion
Mafia II - Demo
Malwarebytes' Anti-Malware
Mass Effect 2 Demo
Medal of Honor Beta
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.1
Miro
MKVtoolnix 4.0.0
Mount&Blade Warband
Mozilla Firefox (3.6.12)
MSVCRT
MUSHclient (remove only)
Nexon Game Manager
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
Oblivion mod manager 1.1.12
Octoshape Streaming Services
OnLive
Osmos Demo
Overlord
Overlord II
Overlord: Raising Hell
Pando Media Booster
Planescape - Torment
Plants vs. Zombies Demo
Portal
PunkBuster Services
Python 2.6.4
Quake Live Mozilla Plugin
QuickTime
Raptr
Razer Tarantula
Rhythm Zone - Demo
Risen
Risen Demo
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Rosetta Stone Version 3
Ruby 1.8.6-p287
Sacred 2 Demo
Safari
Search Toolbar
Secunia PSI
Security Task Manager 1.8
Shank Demo
Shatter
Ship Simulator Extremes Demo
Sid Meier's Civilization IV
Sid Meier's Civilization IV: Beyond the Sword
Sid Meier's Civilization IV: Colonization
Sid Meier's Civilization IV: Warlords
Sid Meier's Civilization V - Demo
Simutronics Game Entry
Skype™ 4.2
Spybot - Search & Destroy
StarCraft
StarCraft II
StarCraft II Beta
StormFront
Super Laser Racer Demo 1.12
System Requirements Lab
The Ball Demo
The Lich v3.50
The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
The Lord of the Rings Online™: Siege of Mirkwood™ v03.02.00.185
The Polynomial - Demo
The Settlers 7 - Paths to a Kingdom
Thief - Deadly Shadows Demo
Titan Quest
Titan Quest Immortal Throne
Tomb Raider: Legend
TorchED
Torchlight
Tribes 2
Trillian
Ubisoft Game Launcher
Uniblue ProcessScanner
Unity Web Player
Unofficial Oblivion Patch v3.2.0
VC80CRTRedist - 8.0.50727.4053
Vindictus
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Vuze
Vuze_Remote Toolbar
VVVVVV Demo
WampServer 2.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinPcap 4.1.1
Wireshark 1.2.6
World of Warcraft
Worms Reloaded Demo
Xvid 1.2.2 final uninstall
Zeno Clash
==== Event Viewer Messages From Past Week ========
11/14/2010 3:54:05 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/13/2010 10:45:21 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
==== End Of File ===========================