Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus/malware


  • Please log in to reply
9 replies to this topic

#1 hallflukai

hallflukai

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 03 December 2010 - 07:52 PM

Hello everyone,

I recently seem to have contracted a virus. I believe the virus is stopping Google Chrome from working (not 100%) on this, and it is also causing about 1/4 to 1/2 of the links I click in firefox to be redirected to pointless ad pages. I've run an Avast! Full system scan, a spybot: search and Destroy Scan, and an Avast! Boot Time scan, with none of them being effective in getting rid of whatever is causing this. Also, I get a lot of Avast! Messages telling me it blocked a malicious URL, with the process most of the time being svchost.exe, leading me to believe svchost has been infected. I'm currently running windows 7

Any and all help is appreciated, thanks in advance!

BC AdBot (Login to Remove)

 


#2 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:40 PM

Posted 03 December 2010 - 07:57 PM

.

Edited by trollocks, 03 December 2010 - 08:24 PM.


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:40 PM

Posted 03 December 2010 - 08:00 PM

Hi hallflukai and welcome to Bleeping Computer.

Let's eliminate a couple of things.

Step 1
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 2
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply.

In your next reply, please submit:
GooredFix.txt
TDSSKiller report


Thanks.

BBPP6nz.png


#4 hallflukai

hallflukai
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 03 December 2010 - 08:28 PM

Before reading any of this, know that the problem appears to be fixed, for now, so thanks a ton for that!


GooredFix

GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:24 on 03/12/2010 (Hallflukai)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:14 09/06/2010]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [01:43 03/07/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [17:11 27/07/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [21:35 20/10/2010]

C:\Users\Hallflukai\Application Data\Mozilla\Firefox\Profiles\yweroaw4.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [00:42 12/09/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [00:14 09/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-


TDSSKiller

2010/12/03 18:59:53.0282 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/03 18:59:53.0282 ================================================================================
2010/12/03 18:59:53.0282 SystemInfo:
2010/12/03 18:59:53.0282
2010/12/03 18:59:53.0282 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/03 18:59:53.0282 Product type: Workstation
2010/12/03 18:59:53.0282 ComputerName: HALLFLUKAI-PC
2010/12/03 18:59:53.0285 UserName: Hallflukai
2010/12/03 18:59:53.0285 Windows directory: C:\Windows
2010/12/03 18:59:53.0285 System windows directory: C:\Windows
2010/12/03 18:59:53.0285 Processor architecture: Intel x86
2010/12/03 18:59:53.0285 Number of processors: 2
2010/12/03 18:59:53.0285 Page size: 0x1000
2010/12/03 18:59:53.0285 Boot type: Normal boot
2010/12/03 18:59:53.0285 ================================================================================
2010/12/03 18:59:53.0710 Initialize success
2010/12/03 19:00:08.0449 ================================================================================
2010/12/03 19:00:08.0449 Scan started
2010/12/03 19:00:08.0449 Mode: Manual;
2010/12/03 19:00:08.0449 ================================================================================
2010/12/03 19:00:09.0220 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/03 19:00:09.0284 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
2010/12/03 19:00:09.0333 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/03 19:00:09.0369 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/03 19:00:09.0404 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/03 19:00:09.0444 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/03 19:00:09.0487 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/03 19:00:09.0697 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/03 19:00:09.0750 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/03 19:00:09.0812 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/03 19:00:09.0868 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/03 19:00:09.0906 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/03 19:00:09.0948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/03 19:00:10.0032 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/03 19:00:10.0191 amdkmdag (19529728442d4794b96d1b8a9a63eca1) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/03 19:00:10.0323 amdkmdap (b44737ff566b5888d15fdb66849f34e5) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/03 19:00:10.0378 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/03 19:00:10.0412 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/03 19:00:10.0477 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/03 19:00:10.0514 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/03 19:00:10.0567 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/03 19:00:10.0632 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/03 19:00:10.0657 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/03 19:00:10.0749 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/12/03 19:00:10.0811 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/12/03 19:00:10.0851 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/12/03 19:00:10.0921 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/12/03 19:00:10.0968 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/12/03 19:00:11.0002 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/03 19:00:11.0037 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/03 19:00:11.0116 AtiHdmiService (c822c615b2f693ef4e5b355432976a81) C:\Windows\system32\drivers\AtiHdmi.sys
2010/12/03 19:00:11.0283 atikmdag (19529728442d4794b96d1b8a9a63eca1) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/03 19:00:11.0387 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2010/12/03 19:00:11.0583 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
2010/12/03 19:00:11.0705 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/03 19:00:11.0760 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/03 19:00:11.0834 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/03 19:00:11.0896 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/03 19:00:11.0935 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/03 19:00:11.0964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/03 19:00:11.0992 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/03 19:00:12.0035 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/03 19:00:12.0074 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/03 19:00:12.0103 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/03 19:00:12.0135 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/03 19:00:12.0165 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/03 19:00:12.0290 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/03 19:00:12.0338 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/03 19:00:12.0379 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/03 19:00:12.0436 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/03 19:00:12.0557 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/03 19:00:12.0583 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/03 19:00:12.0622 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/03 19:00:12.0654 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/03 19:00:12.0704 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/03 19:00:12.0765 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/03 19:00:12.0875 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/03 19:00:12.0955 danewFltr (92a16df81f6cfeebf93204217c38dae0) C:\Windows\system32\drivers\danew.sys
2010/12/03 19:00:13.0038 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/03 19:00:13.0069 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/03 19:00:13.0138 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/03 19:00:13.0201 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/03 19:00:13.0248 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/03 19:00:13.0286 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2010/12/03 19:00:13.0615 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/03 19:00:13.0778 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/03 19:00:13.0819 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/03 19:00:13.0934 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/03 19:00:13.0981 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/03 19:00:14.0040 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/03 19:00:14.0115 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/03 19:00:14.0149 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/03 19:00:14.0213 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/03 19:00:14.0255 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/03 19:00:14.0318 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/03 19:00:14.0344 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/03 19:00:14.0380 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/03 19:00:14.0418 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/03 19:00:14.0538 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/12/03 19:00:14.0605 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2010/12/03 19:00:14.0687 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2010/12/03 19:00:14.0746 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/03 19:00:14.0798 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/03 19:00:14.0844 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/03 19:00:14.0873 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/03 19:00:14.0897 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/03 19:00:14.0951 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/03 19:00:15.0028 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/03 19:00:15.0085 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/03 19:00:15.0141 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/03 19:00:15.0177 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/03 19:00:15.0233 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/03 19:00:15.0265 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/03 19:00:15.0306 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/03 19:00:15.0363 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/03 19:00:15.0418 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/03 19:00:15.0468 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/03 19:00:15.0501 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/03 19:00:15.0537 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/03 19:00:15.0670 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/03 19:00:15.0717 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/03 19:00:15.0757 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/03 19:00:15.0812 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/03 19:00:15.0844 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/03 19:00:15.0884 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/03 19:00:15.0918 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/03 19:00:16.0004 L6UX1 (0e2e3cabb4723b78441e58e5899d82d9) C:\Windows\system32\Drivers\L6UX1.sys
2010/12/03 19:00:16.0098 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2010/12/03 19:00:16.0151 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/03 19:00:16.0226 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/03 19:00:16.0259 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/03 19:00:16.0289 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/03 19:00:16.0341 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/03 19:00:16.0395 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/03 19:00:16.0459 LycoFltr (498c211d1ebe5321c9b84954f91b5f3d) C:\Windows\system32\Drivers\Lycosa.sys
2010/12/03 19:00:16.0501 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/12/03 19:00:16.0544 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/03 19:00:16.0603 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/03 19:00:16.0647 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/03 19:00:16.0696 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/03 19:00:16.0745 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/03 19:00:16.0770 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/03 19:00:16.0803 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/03 19:00:16.0837 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/03 19:00:16.0885 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/03 19:00:16.0927 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/03 19:00:16.0963 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/03 19:00:16.0996 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/03 19:00:17.0028 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/03 19:00:17.0065 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/03 19:00:17.0099 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/03 19:00:17.0172 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/03 19:00:17.0197 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/03 19:00:17.0231 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/03 19:00:17.0328 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/03 19:00:17.0358 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/03 19:00:17.0386 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/03 19:00:17.0436 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/03 19:00:17.0484 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/03 19:00:17.0525 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/03 19:00:17.0566 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/03 19:00:17.0602 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/03 19:00:17.0691 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/03 19:00:17.0729 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/03 19:00:17.0788 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/03 19:00:17.0818 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/03 19:00:17.0854 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/03 19:00:17.0893 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/03 19:00:17.0934 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/03 19:00:17.0961 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/03 19:00:18.0018 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/03 19:00:18.0148 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/03 19:00:18.0222 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/03 19:00:18.0253 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/03 19:00:18.0314 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/03 19:00:18.0365 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/03 19:00:18.0447 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/03 19:00:18.0476 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/03 19:00:18.0513 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/03 19:00:18.0542 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/03 19:00:18.0623 pae_1394 (4a6b66bb5fe9bed677860590973fff9d) C:\Windows\system32\Drivers\pae_1394.sys
2010/12/03 19:00:18.0672 pae_avs (24163e491471fdbe115a2c580924cb9a) C:\Windows\system32\Drivers\pae_avs.sys
2010/12/03 19:00:18.0714 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/03 19:00:18.0745 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/03 19:00:18.0772 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/03 19:00:18.0819 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/03 19:00:18.0856 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/03 19:00:18.0895 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/03 19:00:18.0933 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/03 19:00:18.0973 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/03 19:00:19.0159 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/03 19:00:19.0192 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/03 19:00:19.0263 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/03 19:00:19.0374 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/03 19:00:19.0470 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/03 19:00:19.0541 QW720V32 (7520ec4d3c37fe487fe887cac22524ed) C:\Windows\system32\DRIVERS\WLANUHN.sys
2010/12/03 19:00:19.0592 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/03 19:00:19.0618 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/03 19:00:19.0654 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/03 19:00:19.0699 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/03 19:00:19.0755 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/03 19:00:19.0784 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/03 19:00:19.0815 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/03 19:00:19.0850 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/03 19:00:19.0874 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/03 19:00:19.0922 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/03 19:00:19.0956 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/03 19:00:19.0990 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/03 19:00:20.0018 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/03 19:00:20.0069 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/03 19:00:20.0145 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/03 19:00:20.0215 RTL8187B (b6b3c4259d514f10b458ca6c2e50bc2e) C:\Windows\system32\DRIVERS\wg111v3.sys
2010/12/03 19:00:20.0250 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/03 19:00:20.0320 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/03 19:00:20.0388 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/03 19:00:20.0448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/03 19:00:20.0522 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/03 19:00:20.0559 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/03 19:00:20.0592 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/03 19:00:20.0653 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/03 19:00:20.0681 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/03 19:00:20.0719 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/03 19:00:20.0749 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/03 19:00:20.0810 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/03 19:00:20.0860 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/03 19:00:20.0895 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/03 19:00:20.0938 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/03 19:00:21.0022 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2010/12/03 19:00:21.0086 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/03 19:00:21.0158 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2010/12/03 19:00:21.0221 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/03 19:00:21.0350 SrvHsfPCI (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2010/12/03 19:00:21.0410 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/12/03 19:00:21.0459 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/12/03 19:00:21.0508 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/03 19:00:21.0584 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/03 19:00:21.0644 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/03 19:00:21.0674 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/03 19:00:21.0706 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/03 19:00:21.0806 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/12/03 19:00:21.0896 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/03 19:00:21.0944 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/03 19:00:21.0988 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/03 19:00:22.0011 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/03 19:00:22.0044 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/03 19:00:22.0106 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/03 19:00:22.0185 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/03 19:00:22.0246 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/03 19:00:22.0284 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/03 19:00:22.0330 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/03 19:00:22.0407 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/03 19:00:22.0454 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/03 19:00:22.0479 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/03 19:00:22.0564 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2010/12/03 19:00:22.0604 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/03 19:00:22.0644 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/03 19:00:22.0681 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/03 19:00:22.0730 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/03 19:00:22.0767 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/03 19:00:22.0791 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/03 19:00:22.0854 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/03 19:00:22.0886 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/03 19:00:22.0956 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/03 19:00:22.0989 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/03 19:00:23.0023 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/03 19:00:23.0049 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/03 19:00:23.0118 vHidDev (949aa00a83b0c4d7a3010035d8af93d9) C:\Windows\system32\DRIVERS\vHidDev.sys
2010/12/03 19:00:23.0154 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/03 19:00:23.0182 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/03 19:00:23.0220 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/03 19:00:23.0247 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/03 19:00:23.0275 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/03 19:00:23.0318 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/03 19:00:23.0353 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/03 19:00:23.0409 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/03 19:00:23.0445 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/03 19:00:23.0486 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/12/03 19:00:23.0538 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/03 19:00:23.0587 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/03 19:00:23.0655 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/03 19:00:23.0677 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/03 19:00:23.0758 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/03 19:00:23.0805 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/03 19:00:23.0924 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/03 19:00:23.0958 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/03 19:00:24.0079 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2010/12/03 19:00:24.0115 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/03 19:00:24.0223 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/03 19:00:24.0285 WsAudioDevice_383 (85ece26f326c2d07ba77a60343468272) C:\Windows\system32\drivers\WsAudioDevice_383.sys
2010/12/03 19:00:24.0350 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/03 19:00:24.0390 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/03 19:00:24.0544 ZDCNDIS5 (228ef1572ced753fe18409bb77123204) C:\Windows\system32\ZDCNDIS5.SYS
2010/12/03 19:00:24.0657 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/03 19:00:25.0179 ================================================================================
2010/12/03 19:00:25.0179 Scan finished
2010/12/03 19:00:25.0179 ================================================================================
2010/12/03 19:00:25.0200 Detected object count: 1
2010/12/03 19:00:40.0582 \HardDisk0 - will be cured after reboot
2010/12/03 19:00:40.0583 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/03 19:01:06.0809 Deinitialize success

#5 hallflukai

hallflukai
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 03 December 2010 - 08:30 PM

I'm just curious by the way, I would love it if one of you could tell me what was wrong, or what was infected. I'm very curious about computers and I just like to know things :P

#6 hallflukai

hallflukai
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 03 December 2010 - 09:12 PM

Alright, it's doing it again. BUT I may have found the source, something just installed itself on my computer called "WhiteSmoke Translator". It was there before but I had deleted it and nothing changed, so I assumed that it wasn't it, but I might have been wrong.

Edit: From looking at some of the files, I'm not even sure if it was the fixes that actually fixed it. From the looks of it my computer reverted to a few days back, before I had the virus, and now it's still redirecting/Chrome not working, even after running both fixes again.

Edit 2: After viewing taskmanager I noticed a number of processes that aren't supposed to be there such as avp.exe, avp32.exe, drweb.exe, and iexplarer.exe. iexplorer was also running and playing random ads via audio, I of course have ended all of these via the task manager

Edited by hallflukai, 03 December 2010 - 10:27 PM.


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:40 PM

Posted 04 December 2010 - 04:20 AM

Hi hallflukai,

Please bare with me whilst i get a mod to move this thread to the malware removal forum.
We'll be able to deal with it better there.

Edited by elise025, 04 December 2010 - 04:49 AM.
Moved as requested ~Elise

BBPP6nz.png


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:40 PM

Posted 04 December 2010 - 04:54 AM

Hi hallflukai,

Step 1
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image

This is an example, you may rename ComboFix to anything you want.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Then:

    Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista, you may not see this screen
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Step 2
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Posted Image
  • Now copy the lines in bold below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
    .
  • Click the Run Scan button.

    Posted Image
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.


In your next reply, please submit:
Combofix.txt
and both reports from OTL


Thanks.

BBPP6nz.png


#9 hallflukai

hallflukai
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 04 December 2010 - 12:08 PM

Everything appears to be working correctly again, but I'm not gonna take that for granted this time ;)

Combofix: (I BSOD'd the first time I ran it, and it BSOD'd before it could create the log, which is why there's a previous run part I believe)

ComboFix 10-12-03.03 - Hallflukai 12/04/2010 9:33.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2400 [GMT -6:00]
Running from: c:\users\Hallflukai\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Public\Documents\Server\admin.txt
c:\windows\avp.exe
c:\windows\iexplarer.exe
c:\windows\lsass.exe
c:\windows\services.exe
c:\windows\system32\bridjava.dll
c:\windows\system32\config\systemprofile\AppData\Local\eyagecag.dll
c:\windows\system32\config\systemprofile\AppData\Local\neltatwl.dll
c:\windows\system32\config\systemprofile\AppData\Local\syssvc.exe
c:\windows\system32\config\systemprofile\AppData\Local\ucexuqotoli.dll
c:\windows\system32\d5720zxv.dll
c:\windows\system32\o8t7kp.dll
c:\windows\taskmgr.exe
c:\windows\Temp\avp32.exe
c:\windows\Temp\drweb.exe
c:\windows\Temp\gsqju6.exe
c:\windows\Temp\winlogon.exe
D:\install.exe

-- Previous Run --

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

--------

.
((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 15:42 . 2010-12-04 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-04 15:03 . 2010-12-04 15:05 -------- d-----w- C:\Combo-Fix
2010-12-04 14:57 . 2010-12-04 14:57 -------- d-----w- c:\users\Hallflukai\AppData\Local\{35103C9B-15B4-45F3-A7B8-C6FD051A10D2}
2010-12-04 02:54 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-12-04 02:54 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-12-04 02:50 . 2010-12-04 02:51 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-04 02:04 . 2010-12-04 02:04 -------- d-----w- C:\$WINDOWS.~BT
2010-12-04 02:02 . 2010-12-04 02:02 -------- d-----r- c:\windows\system32\config\systemprofile\Podcasts
2010-12-04 02:00 . 2010-12-04 02:00 79872 --sha-r- c:\windows\system32\dot3hck.dll
2010-12-03 03:39 . 2010-12-04 03:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-03 03:39 . 2010-12-04 03:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-03 03:32 . 2010-12-04 03:06 -------- d-----w- c:\program files\SpywareBlaster
2010-12-02 02:48 . 2010-12-02 02:48 -------- d-----w- c:\programdata\Alwil Software
2010-12-02 02:48 . 2010-12-02 02:48 -------- d-----w- c:\program files\Alwil Software
2010-12-02 02:34 . 2010-12-02 05:31 -------- d-----w- c:\users\Hallflukai\AppData\Local\{FB7A424F-E6F5-42C9-BD12-1832D8750721}
2010-12-02 02:03 . 2010-12-02 02:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Foxit Software
2010-12-02 00:50 . 2010-12-02 00:50 -------- d-----w- c:\program files\Toontrack
2010-11-30 02:23 . 2010-11-30 02:25 -------- d-----w- c:\users\Hallflukai\AppData\Roaming\Mount&Blade Warband
2010-11-30 02:23 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-11-30 02:23 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-11-30 02:23 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-11-30 01:48 . 2010-11-30 01:56 -------- d-----w- c:\users\Hallflukai\AppData\Roaming\Mount&Blade
2010-11-24 23:22 . 2010-11-29 23:38 -------- d-----w- c:\users\Hallflukai\Various
2010-11-24 22:58 . 2010-11-24 22:58 -------- d-----w- C:\HammerAutosave
2010-11-22 22:30 . 2010-11-22 22:30 -------- d-----w- c:\program files\SpacialAudio
2010-11-22 22:29 . 2009-07-22 23:46 450560 ----a-w- c:\windows\system32\GDS32.DLL
2010-11-22 22:29 . 2009-07-22 23:59 462848 ----a-w- c:\windows\system32\Firebird2Control.cpl
2010-11-22 22:29 . 2010-11-22 22:29 -------- d-----w- c:\program files\Firebird
2010-11-22 22:27 . 2010-11-22 22:28 -------- d-----w- c:\program files\Broadcastet
2010-11-22 00:28 . 2010-12-04 03:06 -------- d-----w- c:\program files\wavelab
2010-11-21 03:33 . 2010-11-21 03:33 -------- d-----w- c:\windows\.jagex_cache_32
2010-11-20 19:17 . 2010-11-20 19:17 -------- d-----w- c:\program files\BandiMPEG1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 16:08 . 2010-08-28 01:07 137976 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-23 16:07 . 2010-10-19 21:38 234280 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-23 16:07 . 2010-08-28 01:06 234280 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-19 01:09 . 2010-08-28 01:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-19 01:08 . 2010-08-28 01:07 138056 ----a-w- c:\users\Hallflukai\AppData\Roaming\PnkBstrK.sys
2010-10-19 01:08 . 2010-10-19 01:08 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-10-19 00:34 . 2010-10-19 00:34 579456 ----a-w- c:\windows\system32\drivers\L6UX1.sys
2010-10-19 00:34 . 2010-10-19 00:34 180224 ----a-w- c:\windows\system32\l6ux1.dll
2010-09-28 00:39 . 2010-09-28 00:39 249856 ------w- c:\windows\Setup1.exe
2010-09-28 00:39 . 2010-09-28 00:39 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-25 01:25 . 2010-08-28 01:06 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2010-09-24 18:25 . 2010-09-24 18:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2010-09-24 18:19 . 2010-09-24 18:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 17:14 . 2010-09-24 17:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2010-09-24 17:11 . 2010-09-24 17:11 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-09-24 17:11 . 2010-09-24 17:11 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-09-24 17:11 . 2010-09-24 17:11 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-09-24 17:11 . 2010-09-24 17:11 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-09-24 17:11 . 2010-09-24 17:11 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-09-24 17:11 . 2010-09-24 17:11 796672 ----a-w- c:\windows\system32\drivers\UMDF\ZuneDriver.dll
2010-09-24 17:11 . 2010-09-24 17:11 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
2010-09-24 17:11 . 2010-09-24 17:11 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-09-15 09:50 . 2010-07-27 17:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-06 01:03 . 2010-09-06 01:03 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-06 01:03 . 2010-09-06 01:03 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Hallflukai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Hallflukai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Hallflukai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Hallflukai\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-08 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"Steam"="d:\steam\steam.exe" [2010-11-21 1242448]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-08-28 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2010-06-08 40960]
"Qwest 11n Wireless WPS Tool"="c:\program files\Qwest 11n Wireless WPS Tool\WpsCenterV.exe" [2009-03-23 1191936]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-05 102400]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2009-10-08 232960]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Hallflukai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hallflukai\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-9-15 476464]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-6-8 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-7-22 113664]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-9-11 116736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup

R2 AutoInstallEJCD;Auto Install Eject CD Service;c:\users\HALLFL~1\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 136176]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 QW720V32;Qwest 802.11n XN720 Driver(vista);c:\windows\system32\DRIVERS\WLANUHN.sys [2009-03-23 449536]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 172032]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-05 5550592]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 176128]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-02-08 9856]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 L6UX1;Service - Line 6 UX1;c:\windows\system32\Drivers\L6UX1.sys [2010-10-19 579456]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [2009-09-30 16640]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 376832]
S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-22 5760]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]


--- Other Services/Drivers In Memory ---

*Deregistered* - bxzrpcji
.
Contents of the 'Scheduled Tasks' folder

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 13:59]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 13:59]

2010-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021429368-1449449244-671659016-1000Core.job
- c:\users\Hallflukai\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 22:26]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4021429368-1449449244-671659016-1000UA.job
- c:\users\Hallflukai\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 22:26]
.
.
------- Supplementary Scan -------
.
Trusted Zone: line6.net
TCP: {0541A502-8C56-4E2E-8130-34921FF3B301} = 205.171.3.25,205.171.2.25
FF - ProfilePath - c:\users\Hallflukai\AppData\Roaming\Mozilla\Firefox\Profiles\yweroaw4.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Hallflukai\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: XULRunner: {35103C9B-15B4-45F3-A7B8-C6FD051A10D2} - c:\users\Hallflukai\AppData\Local\{35103C9B-15B4-45F3-A7B8-C6FD051A10D2}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Hallflukai\AppData\Roaming\Mozilla\Firefox\Profiles\yweroaw4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\Hallflukai\AppData\Roaming\Mozilla\Firefox\Profiles\yweroaw4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: XULRunner: {35103C9B-15B4-45F3-A7B8-C6FD051A10D2} - c:\users\Hallflukai\AppData\Local\{35103C9B-15B4-45F3-A7B8-C6FD051A10D2}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-uPc+kt0NLVdCxl - c:\windows\system32\d5720zxv.dll
HKCU-Run-Mqurb - c:\windows\taskmgr.exe
HKCU-Run-Mqruqc - c:\windows\iexplarer.exe
HKCU-Run-Mqsuc - c:\windows\lsass.exe
HKCU-Run-Mqpe - c:\windows\avp.exe
HKCU-Run-Mquta - c:\windows\services.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-dpj - c:\users\Hallflukai\AppData\Roaming\dpj.exe
HKLM-Run-uPc+kt0NLVdCxl - c:\windows\system32\d5720zxv.dll
HKLM-Run-Mqurb - c:\windows\taskmgr.exe
HKLM-Run-Mqsuc - c:\windows\lsass.exe
HKLM-Run-Mqruqc - c:\windows\iexplarer.exe
HKLM-Run-Mqpe - c:\windows\avp.exe
HKLM-Run-Mquta - c:\windows\services.exe
HKU-Default-Run-uPc+kt0NLVdCxl - c:\windows\system32\d5720zxv.dll
HKU-Default-Run-Mqurb - c:\windows\taskmgr.exe
HKU-Default-Run-Mqsuc - c:\windows\lsass.exe
HKU-Default-Run-Mqruqc - c:\windows\iexplarer.exe
HKU-Default-Run-Mqpe - c:\windows\avp.exe
HKU-Default-Run-Mquta - c:\windows\services.exe
AddRemove-SWR English - d:\games\SWR\uninstall_th105e.exe
AddRemove-whitesmoketoolbar - c:\program files\whitesmoketoolbar\uninstall.exe
AddRemove-{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1 - d:\games\SWR\Th123\unins000.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bxzrpcji]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4021429368-1449449244-671659016-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:61,9b,74,fc,c1,ec,d2,be,0d,05,bf,c1,4d,c6,eb,f7,fc,d8,6a,8c,34,cd,90,
5a,ce,73,fb,ee,eb,65,88,49,aa,4a,d1,03,05,66,ec,f6,56,28,e1,e3,ad,f4,3f,8f,\
"??"=hex:94,b3,fb,e7,cc,55,7f,5e,9a,8e,27,b1,04,62,b5,25

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4000)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\Hallflukai\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Completion time: 2010-12-04 09:45:12
ComboFix-quarantined-files.txt 2010-12-04 15:45

Pre-Run: 377,418,604,544 bytes free
Post-Run: 377,398,226,944 bytes free

- - End Of File - - 9F78E8603AF7E966EC79EC88188E6BA4

OTL:

OTL logfile created on: 12/4/2010 10:44:41 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Hallflukai\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 351.00 Gb Free Space | 75.38% Space Free | Partition Type: NTFS
Drive D: | 882.68 Gb Total Space | 346.11 Gb Free Space | 39.21% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.71 Mb Free Space | 61.71% Space Free | Partition Type: NTFS
Drive J: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 332.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 654.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HALLFLUKAI-PC | User Name: Hallflukai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hallflukai\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
PRC - C:\Program Files\Razer\DeathAdder\razerhid.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Razer\DeathAdder\razertra.exe ()
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
PRC - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Qwest 11n Wireless WPS Tool\WpsCenterV.exe ()
PRC - C:\Program Files\Razer\DeathAdder\razerofa.exe (Razer Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Hallflukai\Desktop\OTL.scr (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AutoInstallEJCD) -- C:\Users\HALLFL~1\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe File not found
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\Users\HALLFL~1\AppData\Local\Temp\catchme.sys File not found
DRV - (L6UX1) -- C:\Windows\System32\drivers\L6UX1.sys (Line 6)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ZDCNDIS5) -- C:\Windows\System32\ZDCndis5.sys (ZDC., Inc. (ZDC))
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (danewFltr) -- C:\Windows\System32\drivers\danew.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (pae_1394) -- C:\Windows\System32\drivers\pae_1394.sys (Archwave AG)
DRV - (pae_avs) -- C:\Windows\System32\drivers\pae_avs.sys (Archwave AG)
DRV - (vHidDev) -- C:\Windows\System32\drivers\vHidDev.sys (Windows ® Win 7 DDK provider)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (LycoFltr) -- C:\Windows\System32\drivers\Lycosa.sys (Razer USA Ltd.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfPCI) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (QW720V32) Qwest 802.11n XN720 Driver(vista) -- C:\Windows\System32\drivers\WLANUHN.sys (Atheros Communications, Inc.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WsAudioDevice_383) -- C:\Windows\System32\drivers\WsAudioDevice_383.sys (Wondershare)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 30 B5 C7 67 07 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {35103C9B-15B4-45F3-A7B8-C6FD051A10D2}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{35103C9B-15B4-45F3-A7B8-C6FD051A10D2}: C:\Users\Hallflukai\AppData\Local\{35103C9B-15B4-45F3-A7B8-C6FD051A10D2} [2010/12/04 08:57:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/03 21:06:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/03 21:06:35 | 000,000,000 | ---D | M]

[2010/06/08 18:14:15 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Mozilla\Extensions
[2010/06/08 17:39:14 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/12/04 10:42:45 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Mozilla\Firefox\Profiles\yweroaw4.default\extensions
[2010/11/17 21:33:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hallflukai\AppData\Roaming\Mozilla\Firefox\Profiles\yweroaw4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/08 18:14:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hallflukai\AppData\Roaming\Mozilla\Firefox\Profiles\yweroaw4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/04 10:42:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/27 11:11:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/20 15:35:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/08 10:02:21 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/12/03 20:01:38 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2010/12/04 09:24:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AutoEJCD_0ACE20FF] C:\Program Files\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Qwest 11n Wireless WPS Tool] C:\Program Files\Qwest 11n Wireless WPS Tool\WpsCenterV.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] d:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Hallflukai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hallflukai\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Hallflukai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O4 - Startup: C:\Users\Hallflukai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 03:26:40 | 000,000,043 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/05/12 23:28:16 | 000,000,025 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/11/21 11:26:21 | 000,000,057 | R--- | M] () - L:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe - ()
MsConfig - State: "startup" - 2


========== Files/Folders - Created Within 30 Days ==========

[2010/12/04 10:43:23 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Hallflukai\Desktop\OTL.scr
[2010/12/04 10:36:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\ShellExt
[2010/12/04 09:52:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/12/04 09:45:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/04 09:43:45 | 000,000,000 | -HSD | C] -- C:\$Recycle.Bin
[2010/12/04 09:31:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/04 09:05:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/04 09:05:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/04 09:05:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/04 09:03:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/04 09:03:22 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/12/04 09:01:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/04 08:57:19 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\AppData\Local\{35103C9B-15B4-45F3-A7B8-C6FD051A10D2}
[2010/12/03 20:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/12/03 20:18:37 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hallflukai\Desktop\TDSSKiller.exe
[2010/12/03 20:01:42 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/12/03 19:24:27 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Desktop\GooredFix Backups
[2010/12/02 21:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/02 21:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/02 21:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/12/01 20:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/01 20:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/01 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\AppData\Local\{FB7A424F-E6F5-42C9-BD12-1832D8750721}
[2010/12/01 18:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Toontrack
[2010/11/29 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Documents\Mount&Blade Warband Savegames
[2010/11/29 20:23:26 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Documents\Mount&Blade Warband
[2010/11/29 20:23:26 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\AppData\Roaming\Mount&Blade Warband
[2010/11/29 20:23:25 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/11/29 20:23:23 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/11/29 20:23:22 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010/11/29 19:55:44 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Documents\Mount&Blade Savegames
[2010/11/29 19:48:45 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\AppData\Roaming\Mount&Blade
[2010/11/24 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Documents\INVedit
[2010/11/24 17:22:16 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Various
[2010/11/24 17:20:24 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Documents\Ps2 Emulator
[2010/11/24 16:58:18 | 000,000,000 | ---D | C] -- C:\HammerAutosave
[2010/11/22 16:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpacialAudio
[2010/11/22 16:29:56 | 000,450,560 | ---- | C] (Firebird Project) -- C:\Windows\System32\GDS32.DLL
[2010/11/22 16:29:51 | 000,462,848 | ---- | C] (IBPhoenix) -- C:\Windows\System32\Firebird2Control.cpl
[2010/11/22 16:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Firebird
[2010/11/22 16:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcastet
[2010/11/21 18:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\wavelab
[2010/11/20 21:33:09 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2010/11/20 14:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Documents\Vindictus
[2010/11/20 13:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2010/11/10 20:35:42 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Documents\Drums
[2010/11/07 13:21:26 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Documents\World of MC
[2010/11/05 20:21:38 | 000,000,000 | ---D | C] -- C:\Users\Hallflukai\Documents\Emulator
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/04 12:12:50 | 268,435,456 | -HS- | M] () -- C:\WinPEpge.sys
[2010/12/04 10:46:27 | 000,762,368 | ---- | M] () -- C:\Windows\System32\drivers\bxzrpcji.sys
[2010/12/04 10:44:52 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/04 10:44:52 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/04 10:43:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Hallflukai\Desktop\OTL.scr
[2010/12/04 10:40:04 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/12/04 10:40:04 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/12/04 10:37:43 | 000,623,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/04 10:37:43 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/04 10:33:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/04 10:32:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/04 10:32:51 | 2615,697,408 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/04 10:04:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/04 09:49:16 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4021429368-1449449244-671659016-1000UA.job
[2010/12/04 09:26:16 | 295,820,571 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/04 09:24:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/04 09:04:47 | 003,984,351 | R--- | M] () -- C:\Users\Hallflukai\Desktop\Combo-Fix.exe
[2010/12/03 20:00:48 | 000,079,872 | RHS- | M] () -- C:\Windows\System32\dot3hck.dll
[2010/12/03 19:27:02 | 000,002,342 | ---- | M] () -- C:\Users\Hallflukai\Desktop\Google Chrome.lnk
[2010/12/03 16:55:41 | 000,000,112 | ---- | M] () -- C:\ProgramData\V8cofhB.dat
[2010/12/02 21:17:28 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2010/12/02 21:17:19 | 000,003,558 | ---- | M] () -- C:\Users\Hallflukai\Desktop\Windows Compatibility Report.htm
[2010/12/02 12:29:14 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hallflukai\Desktop\TDSSKiller.exe
[2010/12/01 16:49:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4021429368-1449449244-671659016-1000Core.job
[2010/11/29 19:43:37 | 011,061,510 | ---- | M] () -- C:\Users\Hallflukai\Documents\DJ Esi - Clowning Around.mp3
[2010/11/24 20:24:25 | 000,023,982 | ---- | M] () -- C:\Users\Hallflukai\Documents\transcend.mid
[2010/11/23 21:56:51 | 002,226,746 | ---- | M] () -- C:\Users\Hallflukai\Documents\Weird4.mp3
[2010/11/22 16:31:28 | 000,034,308 | ---- | M] () -- C:\Windows\System32\BASSMOD.dll
[2010/11/22 16:30:21 | 000,001,984 | ---- | M] () -- C:\Users\Hallflukai\Application Data\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2010/11/20 21:44:28 | 000,425,551 | ---- | M] () -- C:\Users\Hallflukai\Documents\Glitchdown.mp3
[2010/11/20 14:24:52 | 008,628,375 | ---- | M] () -- C:\Users\Hallflukai\Documents\MetalDoc.mp3
[2010/11/13 15:26:00 | 000,947,164 | ---- | M] () -- C:\Users\Hallflukai\Documents\a.mp3
[2010/11/13 14:38:56 | 001,329,598 | ---- | M] () -- C:\Users\Hallflukai\Documents\hodir2.PNG
[2010/11/13 14:37:23 | 001,419,212 | ---- | M] () -- C:\Users\Hallflukai\Documents\hodir.PNG
[2010/11/10 21:24:32 | 018,383,021 | ---- | M] () -- C:\Users\Hallflukai\Documents\ITCHY_SYNTHS_-_OVERDOSE_SUITE.rar
[2010/11/10 21:20:59 | 000,464,597 | ---- | M] () -- C:\Users\Hallflukai\Documents\Link and Mario 8 bit minecraft.PNG
[2010/11/10 21:02:19 | 000,562,600 | ---- | M] () -- C:\Users\Hallflukai\Documents\Link 8 bit minecraft.PNG
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/04 19:40:55 | 001,543,995 | ---- | M] () -- C:\Users\Hallflukai\Documents\Mr. pants.PNG
[2010/11/04 19:36:15 | 001,306,277 | ---- | M] () -- C:\Users\Hallflukai\Documents\Mr. Melon.PNG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/04 12:12:50 | 268,435,456 | -HS- | C] () -- C:\WinPEpge.sys
[2010/12/04 09:05:56 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/04 09:05:56 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/04 09:05:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/04 09:05:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/04 09:05:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/04 09:04:41 | 003,984,351 | R--- | C] () -- C:\Users\Hallflukai\Desktop\Combo-Fix.exe
[2010/12/03 20:01:43 | 000,762,368 | ---- | C] () -- C:\Windows\System32\drivers\bxzrpcji.sys
[2010/12/03 20:00:48 | 000,079,872 | RHS- | C] () -- C:\Windows\System32\dot3hck.dll
[2010/12/03 19:27:02 | 000,002,342 | ---- | C] () -- C:\Users\Hallflukai\Desktop\Google Chrome.lnk
[2010/12/03 16:53:19 | 000,000,112 | ---- | C] () -- C:\ProgramData\V8cofhB.dat
[2010/12/02 21:17:28 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
[2010/12/02 21:17:19 | 000,003,558 | ---- | C] () -- C:\Users\Hallflukai\Desktop\Windows Compatibility Report.htm
[2010/11/29 19:34:24 | 011,061,510 | ---- | C] () -- C:\Users\Hallflukai\Documents\DJ Esi - Clowning Around.mp3
[2010/11/24 20:24:24 | 000,023,982 | ---- | C] () -- C:\Users\Hallflukai\Documents\transcend.mid
[2010/11/23 21:53:42 | 002,226,746 | ---- | C] () -- C:\Users\Hallflukai\Documents\Weird4.mp3
[2010/11/22 16:31:28 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/11/22 16:30:21 | 000,001,984 | ---- | C] () -- C:\Users\Hallflukai\Application Data\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2010/11/20 21:36:45 | 000,425,551 | ---- | C] () -- C:\Users\Hallflukai\Documents\Glitchdown.mp3
[2010/11/20 14:24:27 | 008,628,375 | ---- | C] () -- C:\Users\Hallflukai\Documents\MetalDoc.mp3
[2010/11/18 00:36:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/11/18 00:36:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/11/13 15:23:19 | 000,947,164 | ---- | C] () -- C:\Users\Hallflukai\Documents\a.mp3
[2010/11/13 14:38:16 | 001,329,598 | ---- | C] () -- C:\Users\Hallflukai\Documents\hodir2.PNG
[2010/11/13 14:36:53 | 001,419,212 | ---- | C] () -- C:\Users\Hallflukai\Documents\hodir.PNG
[2010/11/10 21:22:06 | 018,383,021 | ---- | C] () -- C:\Users\Hallflukai\Documents\ITCHY_SYNTHS_-_OVERDOSE_SUITE.rar
[2010/11/10 21:20:29 | 000,464,597 | ---- | C] () -- C:\Users\Hallflukai\Documents\Link and Mario 8 bit minecraft.PNG
[2010/11/10 21:02:09 | 000,562,600 | ---- | C] () -- C:\Users\Hallflukai\Documents\Link 8 bit minecraft.PNG
[2010/11/04 19:40:28 | 001,543,995 | ---- | C] () -- C:\Users\Hallflukai\Documents\Mr. pants.PNG
[2010/11/04 19:35:44 | 001,306,277 | ---- | C] () -- C:\Users\Hallflukai\Documents\Mr. Melon.PNG
[2010/09/18 10:09:34 | 000,000,098 | ---- | C] () -- C:\Users\Hallflukai\AppData\Local\fusioncache.dat
[2010/09/04 17:08:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/08/27 19:07:14 | 000,138,056 | ---- | C] () -- C:\Users\Hallflukai\AppData\Roaming\PnkBstrK.sys
[2010/08/27 19:07:14 | 000,137,976 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/08/22 19:43:00 | 000,000,132 | ---- | C] () -- C:\Users\Hallflukai\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/22 19:42:33 | 000,000,132 | ---- | C] () -- C:\Users\Hallflukai\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/08/14 19:43:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/08/12 01:57:14 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/01 14:42:21 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/12 10:21:37 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/06/12 10:21:36 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/06/08 16:25:03 | 000,000,067 | ---- | C] () -- C:\Windows\WpsCenterV.INI
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/08 19:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2008/03/19 08:34:00 | 000,516,096 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/11/17 21:33:04 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\.minecraft
[2010/07/12 18:08:25 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Antares
[2010/07/22 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Desktop Apps
[2010/12/04 10:42:33 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Dropbox
[2010/08/24 12:02:01 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\fltk.org
[2010/06/08 18:05:39 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\FMZilla
[2010/08/26 12:54:44 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\fofix
[2010/12/04 09:55:59 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\foobar2000
[2010/07/08 10:02:39 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Foxit Software
[2010/08/26 12:30:45 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\fretsonfire
[2010/11/17 21:33:05 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Line 6
[2010/11/29 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Mount&Blade
[2010/11/29 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Mount&Blade Warband
[2010/08/14 12:59:10 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\NationRed
[2010/12/03 21:06:43 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Notepad++
[2010/09/07 17:20:09 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\OpenOffice.org
[2010/09/22 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\PACE Anti-Piracy
[2010/08/06 18:30:35 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Publish Providers
[2010/12/03 21:06:43 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Rainmeter
[2010/12/03 21:06:43 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Razer
[2010/09/11 20:34:13 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\REAPER
[2010/07/04 16:09:24 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\runic games
[2010/06/08 17:39:13 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Songbird2
[2010/08/12 01:58:47 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Sony
[2010/09/11 12:48:44 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/09/22 16:52:38 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Stardock
[2010/07/05 13:45:32 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Steinberg
[2010/08/24 10:45:50 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Subversion
[2010/07/30 16:02:51 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\TeamViewer
[2010/12/04 10:43:42 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\uTorrent
[2010/07/05 13:45:32 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\VST3 Presets
[2010/08/26 20:32:22 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\X-Chat 2
[2010/07/02 19:31:30 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\zenses
[2010/07/27 11:07:47 | 000,000,000 | ---D | M] -- C:\Users\Hallflukai\AppData\Roaming\Zuse
[2010/09/26 17:04:34 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 20:16:04 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2010/12/03 20:00:48 | 000,079,872 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\dot3hck.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/12/04 11:06:33 | 000,762,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\bxzrpcji.sys

< >

========== Files - Unicode (All) ==========
[2010/11/20 14:58:30 | 000,000,000 | ---D | M](C:\Users\Hallflukai\Documents\?? ???) -- C:\Users\Hallflukai\Documents\넥슨 플러그
[2010/11/20 14:58:30 | 000,000,000 | ---D | C](C:\Users\Hallflukai\Documents\?? ???) -- C:\Users\Hallflukai\Documents\넥슨 플러그

< End of report >

Extras:

OTL Extras logfile created on: 12/4/2010 10:44:41 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Hallflukai\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 351.00 Gb Free Space | 75.38% Space Free | Partition Type: NTFS
Drive D: | 882.68 Gb Total Space | 346.11 Gb Free Space | 39.21% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.71 Mb Free Space | 61.71% Space Free | Partition Type: NTFS
Drive J: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 332.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 654.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HALLFLUKAI-PC | User Name: Hallflukai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Free Music Zilla\FMZilla.exe" = C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{102CDCAA-A884-6DC5-9FA8-DDFF77023FF8}" = Catalyst Control Center HydraVision Full
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11432CAF-EA32-4102-9AEE-5D31F2E9F762}" = Microsoft XNA Game Studio 3.1 Zune Extensions
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DB2107E-82FE-3167-6E71-B9D44EA4FD26}" = AMD Drag and Drop Transcoding
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C00B132-7446-9C4D-F0D5-FC00F965B7CA}" = ccc-utility
"{51AC53CA-6D26-459A-9BDF-53BAEB3E11A3}" = Cubase 5
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{566D674E-819E-75E0-ADBE-685613F73627}" = Catalyst Control Center Graphics Previews Vista
"{58410A6D-E72D-49CA-A5BA-2A1000018201}" = Blacklight: Tango Down
"{58410A6D-E72D-49CA-A5BA-2A1000018202}" = Blacklight: Tango Down
"{58410A6D-E72D-49CA-A5BA-2A1000018203}" = Blacklight: Tango Down
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63DF0F7A-67FD-473C-B061-C9801516237B}" = TQ Defiler.NET
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C7DAF94-0520-19F0-7666-8A7334714E81}" = Catalyst Control Center Graphics Full Existing
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8959EC83-3C83-4E74-8086-7AA5D9C75CAC}" = Whitesmoke Translator
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDB07A4-22C8-AE44-29C5-CA5B46E0E58D}" = Catalyst Control Center Graphics Light
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AD91D676-ABD7-4E41-A321-2D7F93376BC0}_is1" = Zuse version 1.9.7.1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools
"{BF19FE33-C168-04D1-9E58-17E7248B9EF7}" = ATI Catalyst Install Manager
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8E73595-C7C1-F1A4-ECD1-7EA8F7DBD3A8}" = CCC Help English
"{C976F327-2337-17E7-CAD3-133607CD321B}" = Catalyst Control Center Core Implementation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D893FFAF-5DEE-6EDA-5153-2925E0B5FAFF}" = Catalyst Control Center InstallProxy
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E8F857C4-E153-6B03-909E-0006D803F865}" = ccc-core-static
"{E9AF8687-6055-C82B-00A0-9B1B93BF0DCA}" = Catalyst Control Center Graphics Previews Common
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F5796AEB-D38E-A4C0-F02F-B14A04945143}" = Catalyst Control Center Graphics Full New
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1" = “Œ•û”ê‘z“V Ver1.06
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.03.8013
"Addictive Drums" = Addictive Drums
"Addictive Drums Inno Setup_is1" = Addictive Drums 1.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AnalogX AutoTune" = AnalogX AutoTune
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"ASIO4ALL" = ASIO4ALL
"AstrumNival Allods" = Allods Online 1700
"Audacity_is1" = Audacity 1.2.6
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Blacklight - Tango Down" = Blacklight - Tango Down
"Bounce Metronome" = Bounce Metronome (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Arms" = Combat Arms
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DivX Setup.divx.com" = DivX Setup
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"Everything" = Everything 1.2.1.371
"FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32)
"ffdshow_is1" = ffdshow v1.1.3516 [2010-07-25]
"FL Studio 9" = FL Studio 9
"foobar2000" = foobar2000 v1.0.3
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free Music Zilla_is1" = Free Music Zilla
"Frets on Fire" = Frets On Fire
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GoldWave v5.20" = GoldWave v5.20
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hardcore" = Hardcore
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"I-Doser 4.50" = I-Doser 4.50
"IL Download Manager" = IL Download Manager
"Impulse" = Impulse
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Just Cause 2_is1" = Just Cause 2
"LastFM_is1" = Last.fm 1.5.4.27091
"Line 6 Uninstaller" = Line 6 Uninstaller
"LogMeIn Hamachi" = LogMeIn Hamachi
"Luxonix Purity VSTi_is1" = Luxonix Purity VSTi v1.1.2
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Service Center" = Native Instruments Service Center
"Notepad++" = Notepad++
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"OpenRPG" = OpenRPG
"Pixel Ruler" = Pixel Ruler
"PoiZone" = PoiZone
"PreSonus Inspire driver v5.13.0.0" = PreSonus Inspire driver v5.13.0.0
"Priston Tale 2 (English)_is1" = Priston Tale 2 (English)
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter (remove only)
"REAPER" = REAPER
"Redblade_is1" = Redblade 1.3.0.16 RC 1
"SAM3" = SAM Broadcaster (remove only)
"Sawer" = Sawer
"sfArk" = sfArk
"Songbird-release-1667" = Songbird 1.7.2 (Build 1667)
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = ReNamer
"Steam App 1510" = Uplink
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 220" = Half-Life 2
"Steam App 22100" = Mount & Blade
"Steam App 22200" = Zeno Clash
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 2590" = Alpha Prime
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 39800" = Nation Red
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 46410" = Avencast
"Steam App 48700" = Mount and Blade: Warband
"Steam App 49800" = Guns of Icarus
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 6200" = Ghost Master
"Steam App 630" = Alien Swarm
"Steam App 9740" = Indigo Prophecy
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TeamViewer 5" = TeamViewer 5
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"Vindictus" = Vindictus
"VLC media player" = VLC media player 1.0.5
"Wondershare Streaming Audio Recorder_is1" = Wondershare Streaming Audio Recorder(Build 1.0.10.1)
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.10.1 (unicode) for Python 2.6
"xchat" = XChat 2 (remove only)
"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1
"Zenses2" = Zenses2 Beta2
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Yume Nikki 0.10 English" = Yume Nikki 0.10 English

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:40 PM

Posted 04 December 2010 - 03:15 PM

Hi hallflukai,

Things are starting to look better.

Step 1
Double click on OTL.exe to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

:Otl
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
  • Click the red Run Fix button.

    Posted Image
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 2
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

In your next reply, please submit:
Otl fix report
Dr Web scan report


Thanks.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users