Solved Virus? No wireless connection and .dlls not working?

Art4l1fe · 2010/10/11

[Resolved] Virus? No wireless connection and .dlls not working?

For some reason my laptop is unable to look for a wireless connection and some registy error keeps popping up after a windows file check or something... I tried going into safe mode and virus scanned with norton but got nothing. Also the action center says to remove a win32/small.ca virus but i dont no how can someone please help me?

Ps i also tried to roll back to last good config but got nothing, i would like to avoid reformating as much as possible and also for certain programs like skype and norton av and notepad atm [ im not sure how many more programs will have this msg pop up but] they all have a pop up saying

[directory] .dll is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the softtware vendor for support.

even though everything worked fine before. Thx for ur time and help!

heres teh DDS LOG:

DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by he11bringer at 19:51:54.71 on 11/10/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.6143.4592 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe
C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\he11bringer\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
mWinlogon: Userinit=C:\Windows\SysWOW64\Userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [Turbo Gear Help] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe "
mRun: [Turbo Gear] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" -r
mRun: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
dRun: [explorer.exe] C:\Program Files (x86)/MachineLocal/explorer.exe
dRun: [ipadxxxxxx.exe] C:\ipadxxxxxx.exe\ipadxxxxxx.exe
dRun: [BSK91O3T6D] C:\Windows\TEMP\Olg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1_20091109.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefense/kdfense8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\HE11BR~1\AppData\Roaming\Mozilla\Firefox\Profiles\e0shle3g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\he11bringer\AppData\Roaming\Mozilla\Firefox\Profiles\e0shle3g.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: XULRunner: {EA07E96C-0D48-4A24-82EB-1D8C2B66274A} - C:\Windows\system32\config\systemprofile\AppData\Local\{EA07E96C-0D48-4A24-82EB-1D8C2B66274A}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1008000.029\SymEFA64.sys [2010-9-2 402992]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NAVx64\1008000.029\BHDrvx64.sys [2010-9-2 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NAVx64\1008000.029\cchpx64.sys [2010-9-2 583296]
R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2010-6-15 16384]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101008.002\IDSviA64.sys [2010-9-15 476720]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-6-15 14904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2010-6-15 6245744]
R2 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2010-6-15 72248]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-5-20 70656]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-16 215040]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NAVx64\1008000.029\symndisv.sys [2010-9-2 56880]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-9-2 359040]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1cb0ce195e85403;Google Update Service (gupdate1cb0ce195e85403);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-15 133104]
S2 Norton AntiVirus;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2010-9-2 117640]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-15 1038088]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-6-15 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-2 1255736]

=============== Created Last 30 ================

2010-10-11 20:24:35 -------- d-----w- C:\Users\HE11BR~1\AppData\Roaming\Intel
2010-10-11 20:24:34 -------- d-----w- C:\Users\he11bringer\Roaming
2010-10-11 20:24:34 -------- d-----w- C:\PROGRA~3\Roaming
2010-10-11 20:23:43 1187840 ----a-w- C:\Windows\System32\drivers\athrx.sys
2010-10-11 20:23:43 1187840 ----a-w- C:\Windows\System32\athrx.sys
2010-10-11 20:23:37 58880 ----a-w- C:\Windows\System32\athihvui.dll
2010-10-11 20:23:37 435200 ----a-w- C:\Windows\System32\athihvs.dll
2010-10-11 20:23:37 -------- d-----w- C:\Windows\System32\nn-NO
2010-10-11 20:23:21 -------- d-----w- C:\Program Files (x86)\Atheros
2010-10-11 20:23:08 -------- d-----w- C:\PROGRA~3\Atheros
2010-10-11 20:22:45 -------- d-----w- C:\Program Files\Common Files\Intel
2010-10-11 20:22:44 -------- d-----w- C:\Program Files (x86)\Cisco
2010-10-11 06:27:10 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-10-11 06:27:10 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2010-10-11 06:14:54 -------- d-----w- C:\Users\HE11BR~1\AppData\Local\Symantec
2010-10-08 15:35:47 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{0CFA4E06-57E7-4075-B7DE-5ACAAFC726FB}\mpengine.dll
2010-10-04 19:34:58 -------- d-----w- C:\Users\HE11BR~1\AppData\Roaming\WTablet
2010-09-29 16:16:09 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2010-09-29 07:00:22 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 07:00:22 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-09-28 17:21:17 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 17:21:17 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 17:20:58 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 17:20:58 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-28 04:46:16 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2010-09-28 04:45:45 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2010-09-28 04:41:52 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-09-28 04:41:04 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2010-09-28 04:41:04 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2010-09-28 01:25:57 -------- d-----w- C:\Users\HE11BR~1\AppData\Local\Microsoft Help
2010-09-28 01:25:27 -------- d-----w- C:\Windows\SysWow64\3029
2010-09-28 01:24:24 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2010-09-28 01:24:24 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2010-09-28 01:24:22 -------- d-----w- C:\Program Files (x86)\MagicDisc
2010-09-28 01:21:48 867064 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-09-28 01:19:11 -------- d-----w- C:\Program Files (x86)\MagicISO
2010-09-15 21:18:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-09-15 01:03:44 -------- d-----w- C:\Program Files (x86)\CDisplay
2010-09-14 08:06:48 -------- d-----w- C:\Program Files (x86)\Comical

==================== Find3M ====================

2010-10-11 08:17:42 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2010-10-11 08:17:31 40960 ----a-w- C:\Windows\System32\UI0Detect.exe
2010-10-11 08:12:48 7680 ----a-w- C:\Windows\System32\csrss.exe
2010-09-02 19:36:21 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-09-02 19:35:58 583296 ----a-w- C:\Windows\System32\drivers\NAVx64\1008000.029\cchpx64.sys
2010-09-02 19:35:58 334384 ----a-w- C:\Windows\System32\drivers\NAVx64\1008000.029\BHDrvx64.sys
2010-09-02 15:44:32 520192 ----a-w- C:\Windows\SysWow64\ASUS_Screensaver.scr
2010-09-02 15:44:10 3058304 ----a-w- C:\Windows\AsScrPro.exe
2010-09-02 15:38:59 35384 ----a-w- C:\Windows\System32\drivers\AsDsm.sys
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 19:52:51.73 ===============

Art4l1fe · 2010/10/11

heres the ATTACHED one:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 15/06/2010 3:24:31 PM
System Uptime: 10/11/2010 4:28:13 PM (-717 hours ago)

Motherboard: ASUSTeK Computer INC. | | G71GX
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | LGA775 | 1595/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 89.039 GiB free.
D: is FIXED (NTFS) - 221 GiB total, 144.964 GiB free.
E: is CDROM (UDF)
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {5458011f-08d4-4605-93a2-f03e61bedba3}
Description: EIO Driver
Device ID: ROOT\ASUSOTHERDEVICES\0001
Manufacturer: ASUSTek
Name: EIO Driver
PNP Device ID: ROOT\ASUSOTHERDEVICES\0001
Service: EIO64

Class GUID: {5458011f-08d4-4605-93a2-f03e61bedba3}
Description: EIO Driver
Device ID: ROOT\ASUSOTHERDEVICES\0002
Manufacturer: ASUSTek
Name: EIO Driver
PNP Device ID: ROOT\ASUSOTHERDEVICES\0002
Service: EIO64

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

4Videosoft MKV Video Converter
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
ASUS Data Security Manager
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Turbo Gear Enhanced VGA Driver
ASUS Virtual Camera
ASUS_Screensaver
Atheros Client Installation Program
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
µTorrent
AviSynth 2.5
CDisplay 1.8
Comical 0.8
Connect
ControlDeck
DFOLauncher
Direct Console 2.0
DivX Setup
Dropbox
Express Gate
ffdshow v1.1.3452 [2010-05-24]
Google Chrome
Google Update Helper
K-Defense8 Control - Ã…°º¸µÃ¥ º¸¾Ãˆ
K-Lite Codec Pack 6.0.4 (Full)
kuler
LOCO EU
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.106
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.6)
MSVCRT
NB Probe
Net4Switch
Norton AntiVirus
NVIDIA PhysX
PDF Settings CS4
Photoshop Camera Raw
PSP ISO Compressor
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5U8xx Media Driver ver.3.62.02
SD Gundam Capsule Fighter
Skype Toolbars
Skype™ 4.2
StarCraft II
Suite Shared Configuration CS4
Turbo Gear Extreme
VC80CRTRedist - 8.0.50727.4053
Videora iPod Converter 5.04
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinFlash
Wireless Console 3
XLink Kai
YouTube Downloader App 2.03

==== Event Viewer Messages From Past Week ========

11/10/2010 7:40:11 PM, Error: Service Control Manager [7023] - The WLAN AutoConfig service terminated with the following error: %%-1072896760
11/10/2010 7:40:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [4002] - WLAN AutoConfig service has failed to start. Error Code: 3222070536
11/10/2010 4:30:00 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
11/10/2010 4:28:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
11/10/2010 4:28:52 PM, Error: Service Control Manager [7024] - The Norton AntiVirus service terminated with service-specific error %%-1.
11/10/2010 4:28:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Akamai NetSession Interface service to connect.
11/10/2010 4:28:14 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
11/10/2010 4:14:55 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/10/2010 4:14:38 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
11/10/2010 4:12:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.
11/10/2010 4:12:08 AM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/10/2010 4:11:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
11/10/2010 4:11:37 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/10/2010 4:10:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
11/10/2010 4:10:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
11/10/2010 2:33:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/10/2010 2:33:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/10/2010 2:33:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/10/2010 2:32:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/10/2010 2:32:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr sptd SRTSP SRTSPX SYMTDI Wanarpv6
11/10/2010 2:28:35 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
11/10/2010 12:34:20 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/10/2010 12:33:30 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume prime.
11/10/2010 12:26:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000006b (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101110-45255-01.
11/10/2010 11:44:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2010 11:31:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/10/2010 11:31:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/10/2010 11:31:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP CSC DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr sptd SRTSP SRTSPX SymIM SYMTDI tdx vwififlt Wanarpv6 WfpLwf
11/10/2010 11:31:17 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2010 11:31:17 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/10/2010 11:31:17 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/10/2010 11:31:17 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2010 11:31:17 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2010 11:31:17 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/10/2010 11:31:17 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2010 11:31:17 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2010 11:31:17 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/10/2010 11:31:17 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/10/2010 11:16:46 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
06/10/2010 6:23:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
05/10/2010 7:25:56 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

==== End Of File ===========================

broni · 2010/10/11

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==============================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Art4l1fe · 2010/10/12

For rkill, what do i do if all the 3 rkills i downloaded says Service has been terminated by rkill?? the only one i wasn't able to download was the pif one

and also for exehelper, is the log file name exactly log.txt? cus i cant find that anywhere, i even searched for it.

heres the MBAM log file:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4801

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/10/2010 12:50:41 PM
mbam-log-2010-10-12 (12-50-41).txt

Scan type: Quick scan
Objects scanned: 137774
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b4ba40a2-75f1-51bd-f413-04b15a2c8953} (Trojan.ErtFor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4ba40a2-75f1-51bd-f413-04b15a2c8953} (Trojan.ErtFor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\Temp\jse98frrjushf87sfhdud.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\he11bringer\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

broni · 2010/10/12

You did just fine

I don't see any active AV program running.
I can see some Norton's leftovers, but that's about it.
What's the story here?

Art4l1fe · 2010/10/12

My wireless doesnt Detect any network anymore even though the wireless lit is lit. But i can turn on the service on windows mobility its as if its not there and registry errors pops up for certain programs like norton av n skype

broni · 2010/10/12

I assume then, that Norton IS your current AV program, correct?
Can you connect if hardwired?

Let's keep checking....

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

[color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Art4l1fe · 2010/10/16

I clicked on save report list but nothing happened and i couldnt find drweb.scv but i hope its the same thing in the Cureit.log

Scan statistics
-----------------------------------------------------------------------------
Scanned: 740107
Infected: 91
Modifications: 0
Suspicious: 3
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 34
Ignored: 0
Scan speed: 120 Kb/s
Scan time: 9:30:47
-----------------------------------------------------------------------------

C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{1AD87600-5BD7-485C-ABBE-E4D4DBC7EFA7}\{7DD980B3-9929-4EE7-9763-79F0369C2488}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{27887722-BDDD-43B2-B0C3-9FC207B1DDFD}\{DE4FE259-DE56-4CBC-9D7D-0B6009265799}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{3EB1B7C7-E04F-433E-BBFF-EF2D69A8E3B6}\{EC9C8855-10DA-4038-A282-8880E8DE9B36}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{6A594012-2AE5-4BC3-814D-78906974E42C}\{69537003-4493-4B47-99B5-9A7B77BD8AE2}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{0BD6D9D4-AD92-4BFE-9EF3-A02D672731C3}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{5427C5E7-FCAA-4B0E-A7AD-5BA8751CC0E5}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{FC2CA4B7-F15E-4B63-910B-FC827D58B231}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{048A7278-F3D3-4749-A797-07B743B19468}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{4BE44AA3-CB96-470E-B7CA-5DD2904A9C9A}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{9E62F163-819D-4F25-9370-9212277FA444}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{B21D2D62-4134-411C-9A41-9ADC56F0A253}\{43B3FB8B-C47D-49F6-B81B-A2E05B5A78E3}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{C59BC029-04C3-4792-8AFF-2BB2D987CABD}\{BCA96199-395C-4857-B77A-7BB8E0C91A25}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{D2DB9476-144A-4401-9BE2-B362621F2D92}\{40446F2C-FBD0-44D4-9D5C-9295E2780762}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{E779AE99-D58D-4F97-8FD9-3FA851FCEE57}\{E73360F5-E661-4203-AC62-C61CB8859DB1}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{1AD87600-5BD7-485C-ABBE-E4D4DBC7EFA7}\{7DD980B3-9929-4EE7-9763-79F0369C2488}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{27887722-BDDD-43B2-B0C3-9FC207B1DDFD}\{DE4FE259-DE56-4CBC-9D7D-0B6009265799}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{3EB1B7C7-E04F-433E-BBFF-EF2D69A8E3B6}\{EC9C8855-10DA-4038-A282-8880E8DE9B36}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{6A594012-2AE5-4BC3-814D-78906974E42C}\{69537003-4493-4B47-99B5-9A7B77BD8AE2}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{0BD6D9D4-AD92-4BFE-9EF3-A02D672731C3}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{5427C5E7-FCAA-4B0E-A7AD-5BA8751CC0E5}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{FC2CA4B7-F15E-4B63-910B-FC827D58B231}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{048A7278-F3D3-4749-A797-07B743B19468}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{4BE44AA3-CB96-470E-B7CA-5DD2904A9C9A}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{9E62F163-819D-4F25-9370-9212277FA444}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{B21D2D62-4134-411C-9A41-9ADC56F0A253}\{43B3FB8B-C47D-49F6-B81B-A2E05B5A78E3}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{C59BC029-04C3-4792-8AFF-2BB2D987CABD}\{BCA96199-395C-4857-B77A-7BB8E0C91A25}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{D2DB9476-144A-4401-9BE2-B362621F2D92}\{40446F2C-FBD0-44D4-9D5C-9295E2780762}.qbd - will be deleted after restart
C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{E779AE99-D58D-4F97-8FD9-3FA851FCEE57}\{E73360F5-E661-4203-AC62-C61CB8859DB1}.qbd - will be deleted after restart
C:\Program Files\Netmarble\Netmarble\NetmarbleDownLoaderEx\nmDownload.exe - deleted
C:\Program Files\Netmarble\NetmarbleDownLoaderEx\nmDownload.exe - deleted
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{1AD87600-5BD7-485C-ABBE-E4D4DBC7EFA7}\{7DD980B3-9929-4EE7-9763-79F0369C2488}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{27887722-BDDD-43B2-B0C3-9FC207B1DDFD}\{DE4FE259-DE56-4CBC-9D7D-0B6009265799}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{3EB1B7C7-E04F-433E-BBFF-EF2D69A8E3B6}\{EC9C8855-10DA-4038-A282-8880E8DE9B36}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{6A594012-2AE5-4BC3-814D-78906974E42C}\{69537003-4493-4B47-99B5-9A7B77BD8AE2}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{0BD6D9D4-AD92-4BFE-9EF3-A02D672731C3}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{5427C5E7-FCAA-4B0E-A7AD-5BA8751CC0E5}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{FC2CA4B7-F15E-4B63-910B-FC827D58B231}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{048A7278-F3D3-4749-A797-07B743B19468}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{4BE44AA3-CB96-470E-B7CA-5DD2904A9C9A}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{9E62F163-819D-4F25-9370-9212277FA444}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{B21D2D62-4134-411C-9A41-9ADC56F0A253}\{43B3FB8B-C47D-49F6-B81B-A2E05B5A78E3}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{C59BC029-04C3-4792-8AFF-2BB2D987CABD}\{BCA96199-395C-4857-B77A-7BB8E0C91A25}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{D2DB9476-144A-4401-9BE2-B362621F2D92}\{40446F2C-FBD0-44D4-9D5C-9295E2780762}.qbd - cannot delete
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{E779AE99-D58D-4F97-8FD9-3FA851FCEE57}\{E73360F5-E661-4203-AC62-C61CB8859DB1}.qbd - cannot delete
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{1AD87600-5BD7-485C-ABBE-E4D4DBC7EFA7}\{7DD980B3-9929-4EE7-9763-79F0369C2488}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{27887722-BDDD-43B2-B0C3-9FC207B1DDFD}\{DE4FE259-DE56-4CBC-9D7D-0B6009265799}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{3EB1B7C7-E04F-433E-BBFF-EF2D69A8E3B6}\{EC9C8855-10DA-4038-A282-8880E8DE9B36}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{6A594012-2AE5-4BC3-814D-78906974E42C}\{69537003-4493-4B47-99B5-9A7B77BD8AE2}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{0BD6D9D4-AD92-4BFE-9EF3-A02D672731C3}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{5427C5E7-FCAA-4B0E-A7AD-5BA8751CC0E5}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{938EDCC7-9717-4410-88B4-E6E4FBD1F762}\{FC2CA4B7-F15E-4B63-910B-FC827D58B231}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{048A7278-F3D3-4749-A797-07B743B19468}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{4BE44AA3-CB96-470E-B7CA-5DD2904A9C9A}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{9D3967DA-68BD-4A6D-8CB7-FB3BFDF0A578}\{9E62F163-819D-4F25-9370-9212277FA444}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{B21D2D62-4134-411C-9A41-9ADC56F0A253}\{43B3FB8B-C47D-49F6-B81B-A2E05B5A78E3}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{C59BC029-04C3-4792-8AFF-2BB2D987CABD}\{BCA96199-395C-4857-B77A-7BB8E0C91A25}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{D2DB9476-144A-4401-9BE2-B362621F2D92}\{40446F2C-FBD0-44D4-9D5C-9295E2780762}.qbd - will be deleted after restart
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{E779AE99-D58D-4F97-8FD9-3FA851FCEE57}\{E73360F5-E661-4203-AC62-C61CB8859DB1}.qbd - will be deleted after restart
D:\Netmarble\NetmarbleDownLoaderEx\nmDownload.exe - deleted

=============================================================================
Total session statistics
=============================================================================
Scanned: 740129
Infected: 91
Modifications: 0
Suspicious: 3
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 46
Renamed: 0
Moved: 34
Ignored: 0
Scan speed: 120 Kb/s
Scan time: 9:30:51
=============================================================================

=============================================================================
Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310)
(c) Doctor Web, Ltd., 1992-2010
Log generated on: 2010-10-17, 00:04:21 [HE11BRINGER-PC][he11bringer]
Command line: "C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\c189b_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows Seven Ultimate x64/WOW (Build 7600)
=============================================================================
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\7523a657 - 1921 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\6845711b - 4795 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\c01d8d2a - 11234 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\fc2bf6ed - 10356 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\e170055f - 11383 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\72fa5332 - 8957 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\3b420c8c - 11015 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\6d58ee7e - 11168 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\f7b5120f - 7798 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\e2b8f257 - 7873 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\1dc341f6 - 6904 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\42fed111 - 6503 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\7ce1b717 - 9823 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\30a27e5c - 7572 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\32c69de8 - 6996 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\da4453b8 - 16360 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\41a92721 - 29168 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\776b9c9c - 34202 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\06dcbdfb - 28292 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\ef7251ba - 27164 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\53cb2f5b - 25131 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\96cafcf6 - 31464 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\73f3b17a - 18281 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\5f688fe8 - 18009 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\15aea486 - 24685 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\5be5e79b - 13651 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\89415ebb - 16025 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\e1dcb834 - 15644 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\cf65a3ee - 23265 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\fb59174b - 23135 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\b5982a00 - 20510 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\34c7f314 - 25475 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\d646d34b - 16298 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\55a162dd - 19357 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\d1aa7dd5 - 18381 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\f924abfd - 19562 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\9be0425e - 27102 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\ae5f5da8 - 21223 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\edfb548d - 24847 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\e9bc5d64 - 23251 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\b9a44945 - 14982 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\06be485f - 16817 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\172f9ad5 - 18725 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\cab2cdde - 18429 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\a879893e - 6225 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\ab33e39d - 142240 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\1ee559a9 - 66726 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\5da95f76 - 24512 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\235523dc - 82762 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\678b67f9 - 508543 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\4f158815 - 1349 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\2f6571a8 - 1959 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\e5adaad1 - 2033 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\f8fc9654 - 1812 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\9c57c51b - 1738 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\f0259a8d - 1885 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\6b4d37c5 - 2091 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\6c51cd76 - 1569 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\c688656d - 1834 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\d5e65f70 - 1748 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\f7d6720f - 1614 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\2b105d54 - 2297 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\acaac7cd - 2110 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\bc80c3f6 - 2007 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\aa80f3dc - 2370 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\ae8e4a2d - 2241 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\6f7be532 - 2596 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\00610be1 - 2024 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\9adcdeb0 - 1609 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\92697d14 - 1471 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\7eb75860 - 1445 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\93da8f5f - 1895 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\322c1e02 - 2312 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\a3e72537 - 3006 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\c69307f6 - 2146 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\4b175f29 - 1714 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\7847fc76 - 2095 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\b5e833a0 - 2715 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\1d751512 - 2545 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\467f828c - 2801 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\d6af5500 - 6197 virus records
[Virus database] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\22c74a1d - 28348 virus records
Total virus records: 1680317
[Self-checking] C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\c189b_xp.exe
Key file: C:\Users\he11bringer\AppData\Local\Temp\87BB01E8-69DF0E73-6BCF8671-9C429025\setup.key
License key number: 0012913379
Registered to: An unauthorized User
License key activates on: 2010-09-17
License key expires on: 2011-03-20
[Memory scanning] No viruses found

broni · 2010/10/16

I assume then, that Norton IS your current AV program, correct?
Can you connect if hardwired?
Click to expand...

.....

Art4l1fe · 2010/10/16

im sry i dont no what u mean by hardwired. norton cant even open it says ccVrTrst.dll is either not designed to run on windows or it contrains an error. Try installing the program again using the origiinal installation media or contact your system administrator or the software vendor for support. N when i run it on safe mode, it can only scan and thats all

broni · 2010/10/17

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Art4l1fe · 2010/10/17

OTL:

OTL logfile created on: 10/17/2010 1:23:05 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\he11bringer\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 64.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 87.12 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 221.16 Gb Total Space | 144.96 Gb Free Space | 65.55% Space Free | Partition Type: NTFS
Drive E: | 1.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 2.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HE11BRINGER-PC | User Name: he11bringer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 01:21:39 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\he11bringer\Desktop\OTL.exe
PRC - [2010/09/21 01:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2010/06/27 15:25:32 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/27 15:25:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/03 10:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/08/19 20:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/08/17 09:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/08/12 14:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/08/11 11:44:40 | 002,861,696 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
PRC - [2009/08/06 00:19:50 | 002,987,520 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe
PRC - [2009/08/05 23:26:16 | 001,026,048 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe
PRC - [2009/07/13 21:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/18 15:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/03/02 10:22:18 | 000,113,208 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
PRC - [2009/02/06 16:57:18 | 000,072,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/03/20 21:12:36 | 000,040,448 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 01:21:39 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\he11bringer\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/15 20:10:18 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/08 15:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009/09/03 17:59:50 | 000,359,040 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/02/27 09:26:38 | 001,461,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/02/27 07:56:50 | 000,830,224 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/06/15 20:10:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/20 16:26:48 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/06 16:57:18 | 000,072,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe -- (WBVGAservice)
SRV - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ProDefense.sys -- (ProDefense)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipswuio.sys -- (ipswuio)
DRV:64bit: - [2010/09/27 21:21:48 | 000,867,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/02 15:36:21 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/02 15:35:58 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/09/02 15:35:58 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/01/24 14:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/20 16:26:48 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/01/20 16:26:48 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/01/20 16:26:48 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2010/01/20 16:26:48 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2010/01/20 16:26:48 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2010/01/20 16:26:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/01/20 16:26:48 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/10/09 22:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/21 15:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/07/22 10:34:44 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2009/07/20 17:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/20 05:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:16:30 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 02:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2006/10/27 09:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2010/09/28 04:00:00 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101010.003\EX64.SYS -- (NAVEX15)
DRV - [2010/09/28 04:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101010.003\ENG64.SYS -- (NAVENG)
DRV - [2010/09/15 14:02:19 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101008.002\IDSviA64.sys -- (IDSVia64)
DRV - [2010/08/28 04:05:48 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/06/20 02:50:23 | 000,007,040 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ProDefense.sys -- (ProDefense)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007/08/03 20:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 04 15 88 D5 0C CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search "
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com "
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= "

FF - HKLM\software\mozilla\Firefox\Extensions\\{EA07E96C-0D48-4A24-82EB-1D8C2B66274A}: C:\Windows\system32\config\systemprofile\AppData\Local\{EA07E96C-0D48-4A24-82EB-1D8C2B66274A} [2010/07/28 17:02:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/11 23:21:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/29 10:11:14 | 000,000,000 | ---D | M]

[2010/06/15 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\he11bringer\AppData\Roaming\Mozilla\Extensions
[2010/10/17 00:48:54 | 000,000,000 | ---D | M] -- C:\Users\he11bringer\AppData\Roaming\Mozilla\Firefox\Profiles\e0shle3g.default\extensions
[2010/07/20 02:40:41 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\he11bringer\AppData\Roaming\Mozilla\Firefox\Profiles\e0shle3g.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/06/29 14:02:23 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\he11bringer\AppData\Roaming\Mozilla\Firefox\Profiles\e0shle3g.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2010/06/29 14:25:40 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\he11bringer\AppData\Roaming\Mozilla\Firefox\Profiles\e0shle3g.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/06/15 20:09:19 | 000,001,819 | ---- | M] () -- C:\Users\he11bringer\AppData\Roaming\Mozilla\Firefox\Profiles\e0shle3g.default\searchplugins\bing.xml
[2010/07/20 10:05:26 | 000,001,196 | ---- | M] () -- C:\Users\he11bringer\AppData\Roaming\Mozilla\Firefox\Profiles\e0shle3g.default\searchplugins\winamp-search.xml
[2010/10/08 11:46:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/15 19:22:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/11/11 03:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/04/01 12:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 12:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 12:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 12:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/16 01:50:19 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Turbo Gear] C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe ()
O4 - HKLM..\Run: [Turbo Gear Help] C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} http://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1_20091109.cab (NetmarbleAutoUpdater Class)
O16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} http://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab (NetmarbleSystemIDInfo Class)
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} http://download.netmarble.net/kdefense/kdfense8.cab (Kdfense8 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/07 14:25:04 | 000,000,050 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{2ab29324-b6a7-11df-8677-806e6f6e6963}\Shell - " " = AutoRun
O33 - MountPoints2\{2ab29324-b6a7-11df-8677-806e6f6e6963}\Shell\AutoRun\command - " " = E:\Setup.exe -- [2009/04/08 00:12:00 | 002,005,560 | R--- | M] (ASUSTek COMPUTER INC.)
O33 - MountPoints2\{5b4b1534-78b1-11df-ac12-806e6f6e6963}\Shell - " " = AutoRun
O33 - MountPoints2\{5b4b1534-78b1-11df-ac12-806e6f6e6963}\Shell\AutoRun\command - " " = E:\InstAll.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 01:21:38 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\he11bringer\Desktop\OTL.exe
[2010/10/16 01:22:29 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\DoctorWeb
[2010/10/12 12:24:57 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Roaming\Malwarebytes
[2010/10/12 12:24:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/12 12:24:43 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/12 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/12 12:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/12 12:23:31 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\Desktop\sb
[2010/10/11 16:24:35 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Roaming\Intel
[2010/10/11 16:24:34 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\Roaming
[2010/10/11 16:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2010/10/11 16:23:43 | 001,187,840 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2010/10/11 16:23:37 | 000,435,200 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2010/10/11 16:23:37 | 000,058,880 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll
[2010/10/11 16:23:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO
[2010/10/11 16:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2010/10/11 16:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/10/11 16:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/10/11 16:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010/10/11 16:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/10/11 16:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/10/11 11:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/10/11 02:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/11 02:14:54 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Local\Symantec
[2010/10/11 00:26:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/04 15:34:58 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Roaming\WTablet
[2010/09/28 00:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/09/28 00:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/09/28 00:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/09/28 00:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/28 00:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/09/28 00:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/09/28 00:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/09/28 00:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/09/28 00:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/09/27 21:25:57 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Local\Microsoft Help
[2010/09/27 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/09/27 21:25:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3029
[2010/09/27 21:24:24 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2010/09/27 21:24:24 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/09/27 21:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2010/09/27 21:21:48 | 000,867,064 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2010/09/27 21:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2010/09/14 21:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplay
[2010/09/14 04:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comical
[2010/09/14 03:59:48 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\Desktop\Scott Pilgrim 03 - Scott Pilgrim & The Infinite Sadness (2006) (Minutemen-DTs)
[2010/09/14 03:59:07 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\Desktop\scott 2
[2010/09/06 18:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/09/03 13:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/09/02 15:36:20 | 000,278,576 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symtdi.sys
[2010/09/02 15:36:20 | 000,056,880 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symndisv.sys
[2010/09/02 15:36:20 | 000,044,080 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symndis.sys
[2010/09/02 15:36:19 | 000,476,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.sys
[2010/09/02 15:36:19 | 000,402,992 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA64.sys
[2010/09/02 15:36:19 | 000,120,880 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symfw.sys
[2010/09/02 15:36:19 | 000,043,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symids.sys
[2010/09/02 15:36:19 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.sys
[2010/09/02 15:35:58 | 000,583,296 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\cchpx64.sys
[2010/09/02 15:35:58 | 000,334,384 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.sys
[2010/09/02 15:35:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029
[2010/09/02 11:44:39 | 000,359,040 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\FBAgent.exe
[2010/09/02 11:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2010/09/02 11:44:32 | 000,520,192 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\ASUS_Screensaver.scr
[2010/09/02 11:44:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ASUS_Screensaver dir
[2010/09/02 11:44:10 | 003,058,304 | ---- | C] (ASUS) -- C:\Windows\AsScrPro.exe
[2010/09/02 11:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2010/09/02 11:39:59 | 000,183,296 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe
[2010/09/02 11:38:59 | 000,035,384 | ---- | C] (ASUSTek Computer Inc) -- C:\Windows\SysNative\drivers\AsDsm.sys
[2010/09/02 11:37:40 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\SysNative\rixdicon.dll
[2010/09/02 11:37:40 | 000,067,584 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimmpx64.sys
[2010/09/02 11:37:40 | 000,057,856 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rixdpx64.sys
[2010/09/02 11:37:40 | 000,055,296 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimspx64.sys
[2010/09/02 11:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/09/02 11:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/09/02 11:36:25 | 000,274,480 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2010/09/02 11:36:24 | 000,261,416 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2010/09/02 11:36:24 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2010/09/02 11:36:24 | 000,204,072 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2010/09/02 11:36:24 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2010/09/02 11:36:24 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2010/09/02 11:36:24 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2010/09/02 11:35:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/09/02 11:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/09/02 11:35:10 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/09/02 11:35:10 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/09/02 11:35:09 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/09/02 11:35:09 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/09/02 11:35:07 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/09/02 11:35:07 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/09/02 11:35:05 | 000,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/09/02 11:35:03 | 000,294,400 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/09/02 11:35:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/09/02 11:34:29 | 000,000,000 | ---D | C] -- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
[2010/09/02 09:57:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/09/02 09:57:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/08/29 04:17:42 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Local\ElevatedDiagnostics
[2010/08/29 03:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/08/29 03:48:10 | 000,031,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys
[2010/08/29 03:48:03 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/08/29 03:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/29 03:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/29 03:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2010/08/29 03:47:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2010/08/29 03:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/08/29 03:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/08/29 03:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/08/27 21:28:08 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\Desktop\Norton Anti-Virus 2009 v16.0.0.125 (NAV & NIS)(Clean +Working Crack)
[2010/08/24 16:34:19 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Local\Diagnostics
[2010/08/16 01:51:40 | 000,000,000 | R--D | C] -- C:\Users\he11bringer\Documents\My Dropbox
[2010/08/16 01:50:17 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Roaming\Dropbox
[2010/08/15 10:05:20 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\Desktop\ref
[2010/08/12 03:24:31 | 005,470,720 | ---- | C] (Jeffrey Harris) -- C:\Users\he11bringer\Desktop\SharePod.exe
[2010/08/12 03:11:16 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\Documents\My Received Files
[2010/08/12 03:02:34 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Roaming\SharePod
[2010/08/11 23:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/11 23:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 23:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/05 05:22:45 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Local\Microsoft Games
[2010/07/29 17:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MachineLocal
[2010/07/29 02:50:13 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Local\Winamp Toolbar
[2010/07/28 01:32:11 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\Documents\StarCraft II
[2010/07/28 01:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/07/28 01:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010/07/28 01:30:08 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\Documents\4Videosoft Studio
[2010/07/28 01:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4Videosoft Studio
[2010/07/27 02:14:11 | 001,279,488 | ---- | C] (UMDGEN.COM) -- C:\Users\he11bringer\Desktop\UMDGen.exe
[2010/07/26 03:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/07/23 13:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/07/21 06:00:21 | 000,000,000 | ---D | C] -- C:\SPDISK
[2010/07/20 02:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/07/20 02:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Winamp Toolbar
[2010/07/20 02:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Toolbar
[2010/07/20 02:40:08 | 000,000,000 | ---D | C] -- C:\Users\he11bringer\AppData\Roaming\Winamp
[2010/07/20 02:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

Art4l1fe · 2010/10/17

CONTINUED:

[2010/10/17 01:21:39 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\he11bringer\Desktop\OTL.exe
[2010/10/17 00:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/16 23:57:35 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/16 23:57:35 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/16 23:57:35 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/16 23:56:02 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/16 23:56:02 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/16 23:48:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/16 23:48:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/16 23:48:01 | 536,109,055 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/16 07:24:02 | 003,016,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/16 01:50:19 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/16 00:30:52 | 001,157,444 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\Cat.DB
[2010/10/15 04:10:03 | 038,169,168 | ---- | M] () -- C:\Users\he11bringer\Desktop\queen.psd
[2010/10/12 12:24:47 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/12 02:36:05 | 013,628,092 | ---- | M] () -- C:\Users\he11bringer\Desktop\storyboardchar.psd
[2010/10/12 01:23:20 | 183,562,773 | ---- | M] () -- C:\Users\he11bringer\Desktop\How.I.Met.Your.Mother.S06E04.HDTV.XviD-LOL.avi[1].divx
[2010/10/12 01:18:17 | 008,674,359 | ---- | M] () -- C:\Users\he11bringer\Desktop\bgAAA.psd
[2010/10/11 23:19:20 | 366,747,080 | ---- | M] () -- C:\Users\he11bringer\Desktop\House.S07E04.HDTV.XviD-LOL.avi[1].divx
[2010/10/11 16:39:51 | 000,000,259 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010/10/11 16:29:58 | 000,001,393 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2010/10/11 16:27:47 | 000,036,864 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2010/10/11 00:26:37 | 230,333,000 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/09 02:15:50 | 192,057,986 | ---- | M] () -- C:\Users\he11bringer\Desktop\the.big.bang.theory.s04e03.HDTV.XviD-hibbs.avi[1].divx
[2010/10/06 23:01:21 | 028,940,333 | ---- | M] () -- C:\Users\he11bringer\Desktop\archon.psd
[2010/10/06 17:19:10 | 005,970,679 | ---- | M] () -- C:\Users\he11bringer\Desktop\resized pisces.rar
[2010/10/06 17:18:50 | 006,329,132 | ---- | M] () -- C:\Users\he11bringer\Desktop\resized pisces.jpg
[2010/10/06 17:18:50 | 006,329,132 | ---- | M] () -- C:\Users\he11bringer\Desktop\resized pisces - Copy.jpg
[2010/10/06 17:17:27 | 164,416,239 | ---- | M] () -- C:\Users\he11bringer\Desktop\resized pisces.psd
[2010/10/06 12:36:42 | 000,007,362 | ---- | M] () -- C:\Users\he11bringer\Desktop\SharePodSettings.xml
[2010/10/05 17:18:26 | 176,483,896 | ---- | M] () -- C:\Users\he11bringer\Desktop\pisces.psd
[2010/09/30 04:09:58 | 007,068,095 | ---- | M] () -- C:\Users\he11bringer\Desktop\beats.psd
[2010/09/29 17:07:43 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010/09/28 23:15:32 | 005,737,855 | ---- | M] () -- C:\Users\he11bringer\Desktop\gurrenlagann.psd
[2010/09/28 13:19:59 | 000,001,796 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2010/09/28 02:09:49 | 000,000,162 | -H-- | M] () -- C:\Users\he11bringer\Desktop\~$novanScript.docx
[2010/09/28 02:06:01 | 000,004,055 | ---- | M] () -- C:\Users\he11bringer\Desktop\DonovanScript.docx
[2010/09/27 21:24:33 | 000,000,958 | ---- | M] () -- C:\Users\he11bringer\Desktop\MagicDisc.lnk
[2010/09/27 21:21:48 | 000,867,064 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2010/09/27 21:19:13 | 000,001,804 | ---- | M] () -- C:\Users\he11bringer\Desktop\MagicISO.lnk
[2010/09/27 17:48:34 | 000,466,816 | ---- | M] () -- C:\Users\he11bringer\Desktop\dragonsmall.jpg
[2010/09/23 23:42:40 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/23 19:13:43 | 041,851,494 | ---- | M] () -- C:\Users\he11bringer\Desktop\starcraft2.psd
[2010/09/23 11:47:21 | 3255,801,761 | ---- | M] () -- C:\Users\he11bringer\Desktop\[BSS]_Tengen_Toppa_Gurren_Lagann_The_Movie_-_Lagann-hen_[8A75A457].mp4
[2010/09/23 08:17:44 | 000,801,533 | ---- | M] () -- C:\Users\he11bringer\Desktop\178cf67d73712a0840ed516ac55eaf80.jpg
[2010/09/23 01:35:59 | 004,885,195 | ---- | M] () -- C:\Users\he11bringer\Desktop\dragon.jpg
[2010/09/23 01:35:50 | 114,796,524 | ---- | M] () -- C:\Users\he11bringer\Desktop\dragon.psd
[2010/09/14 21:03:45 | 000,000,948 | ---- | M] () -- C:\Users\he11bringer\Desktop\CDisplay.lnk
[2010/09/13 23:44:13 | 102,469,987 | ---- | M] () -- C:\Users\he11bringer\Desktop\candy.psd
[2010/09/13 23:44:13 | 102,469,987 | ---- | M] () -- C:\Users\he11bringer\Desktop\candy - Copy.psd
[2010/09/13 23:44:01 | 072,484,077 | ---- | M] () -- C:\Users\he11bringer\Desktop\cat.psd
[2010/09/13 03:02:21 | 052,684,467 | ---- | M] () -- C:\Users\he11bringer\Desktop\lion.psd
[2010/09/08 02:46:13 | 098,206,661 | ---- | M] () -- C:\Users\he11bringer\Desktop\husky.psd
[2010/09/08 00:05:38 | 168,193,003 | ---- | M] () -- C:\Users\he11bringer\Desktop\simon.psd
[2010/09/06 22:23:41 | 000,504,038 | ---- | M] () -- C:\Users\he11bringer\Desktop\sqlite3.dll
[2010/09/03 12:50:51 | 000,001,582 | ---- | M] () -- C:\Users\he11bringer\Desktop\DivX Movies.lnk
[2010/09/03 12:48:38 | 000,002,390 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/09/02 15:36:21 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/09/02 15:36:21 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/09/02 15:36:21 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/02 15:35:58 | 000,583,296 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\cchpx64.sys
[2010/09/02 15:35:58 | 000,334,384 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.sys
[2010/09/02 15:35:56 | 000,009,412 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symnetv.cat
[2010/09/02 15:35:56 | 000,007,362 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.CAT
[2010/09/02 15:35:56 | 000,001,481 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNetV.inf
[2010/09/02 15:35:56 | 000,000,640 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.inf
[2010/09/02 15:35:56 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\isolate.ini
[2010/09/02 13:55:36 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2010/09/02 11:44:32 | 000,520,192 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\ASUS_Screensaver.scr
[2010/09/02 11:44:10 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
[2010/09/02 11:40:20 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\SmartLogon Manager.lnk
[2010/09/02 11:39:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk
[2010/09/02 11:39:26 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\ASUS MultiFrame.lnk
[2010/09/02 11:39:04 | 000,001,239 | ---- | M] () -- C:\Users\Public\Desktop\ASUS Data Security Manager.Lnk
[2010/09/02 11:38:59 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) -- C:\Windows\SysNative\drivers\AsDsm.sys
[2010/09/02 11:37:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_enecir_01009.Wdf
[2010/09/02 11:36:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/09/02 11:34:40 | 000,170,525 | ---- | M] () -- C:\Windows\AsCD_Item_13.jpg
[2010/09/01 02:49:21 | 083,338,649 | ---- | M] () -- C:\Users\he11bringer\Desktop\Scott Pilgrim 05 - Scott Pilgrim vs. the Universe (2009) (Minutemen-DTs).cbz
[2010/09/01 02:49:13 | 055,616,082 | ---- | M] () -- C:\Users\he11bringer\Desktop\Scott Pilgrim 01 - Scott Pilgrim's Precious Little Life (2004) (Minutemen-DTs).cbz
[2010/09/01 02:48:59 | 184,287,517 | ---- | M] () -- C:\Users\he11bringer\Desktop\Scott_Pilgrim_06_-_Scott_Pilgrim_s_Finest_Hour__2010___c2c___Minutemen-DTs_(2).cbz
[2010/09/01 02:15:44 | 089,407,980 | ---- | M] () -- C:\Users\he11bringer\Desktop\Scott Pilgrim 04 Scott Pilgrim Gets It Together (2007) (Minutemen-DTs).cbz
[2010/08/30 01:49:29 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/29 10:11:15 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/27 17:00:53 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/26 14:34:27 | 000,294,185 | ---- | M] () -- C:\Users\he11bringer\Desktop\sced.jpg
[2010/08/16 01:51:40 | 000,001,012 | ---- | M] () -- C:\Users\he11bringer\Desktop\Dropbox.lnk
[2010/08/11 23:23:34 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/11 23:21:11 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/07/30 16:03:30 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\LOCO.lnk
[2010/07/28 02:00:44 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/28 01:26:24 | 000,001,470 | ---- | M] () -- C:\Users\he11bringer\Desktop\4Videosoft MKV Video Converter.lnk
[2010/07/27 02:59:59 | 238,095,948 | ---- | M] () -- C:\Users\he11bringer\Desktop\cloudvseph.psd
[2010/07/27 02:24:29 | 854,474,752 | ---- | M] () -- C:\Users\he11bringer\Desktop\gas.iso
[2010/07/21 20:26:30 | 671,043,811 | ---- | M] () -- C:\Users\he11bringer\Desktop\Garra_Rufa.FINAL.mp4
[2010/07/20 02:40:43 | 000,001,008 | ---- | M] () -- C:\Users\he11bringer\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/15 01:25:00 | 038,169,168 | ---- | C] () -- C:\Users\he11bringer\Desktop\queen.psd
[2010/10/13 00:42:28 | 192,057,986 | ---- | C] () -- C:\Users\he11bringer\Desktop\the.big.bang.theory.s04e03.HDTV.XviD-hibbs.avi[1].divx
[2010/10/13 00:42:19 | 366,747,080 | ---- | C] () -- C:\Users\he11bringer\Desktop\House.S07E04.HDTV.XviD-LOL.avi[1].divx
[2010/10/13 00:42:10 | 183,562,773 | ---- | C] () -- C:\Users\he11bringer\Desktop\How.I.Met.Your.Mother.S06E04.HDTV.XviD-LOL.avi[1].divx
[2010/10/12 12:24:47 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 20:47:50 | 008,674,359 | ---- | C] () -- C:\Users\he11bringer\Desktop\bgAAA.psd
[2010/10/11 18:42:57 | 013,628,092 | ---- | C] () -- C:\Users\he11bringer\Desktop\storyboardchar.psd
[2010/10/11 16:26:22 | 000,000,259 | ---- | C] () -- C:\WirelessDiagLog.csv
[2010/10/11 16:23:43 | 000,129,627 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2010/10/11 16:23:43 | 000,041,756 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2010/10/11 02:31:32 | 006,329,132 | ---- | C] () -- C:\Users\he11bringer\Desktop\resized pisces - Copy.jpg
[2010/10/11 02:31:30 | 102,469,987 | ---- | C] () -- C:\Users\he11bringer\Desktop\candy - Copy.psd
[2010/10/11 00:26:37 | 230,333,000 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/06 19:46:57 | 028,940,333 | ---- | C] () -- C:\Users\he11bringer\Desktop\archon.psd
[2010/10/06 17:19:07 | 005,970,679 | ---- | C] () -- C:\Users\he11bringer\Desktop\resized pisces.rar
[2010/10/06 12:35:59 | 006,329,132 | ---- | C] () -- C:\Users\he11bringer\Desktop\resized pisces.jpg
[2010/10/05 17:16:30 | 164,416,239 | ---- | C] () -- C:\Users\he11bringer\Desktop\resized pisces.psd
[2010/10/04 16:52:47 | 176,483,896 | ---- | C] () -- C:\Users\he11bringer\Desktop\pisces.psd
[2010/09/29 23:42:33 | 007,068,095 | ---- | C] () -- C:\Users\he11bringer\Desktop\beats.psd
[2010/09/29 12:16:09 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe
[2010/09/28 02:09:49 | 000,000,162 | -H-- | C] () -- C:\Users\he11bringer\Desktop\~$novanScript.docx
[2010/09/28 00:41:52 | 000,004,055 | ---- | C] () -- C:\Users\he11bringer\Desktop\DonovanScript.docx
[2010/09/27 21:24:33 | 000,000,958 | ---- | C] () -- C:\Users\he11bringer\Desktop\MagicDisc.lnk
[2010/09/27 21:19:13 | 000,001,804 | ---- | C] () -- C:\Users\he11bringer\Desktop\MagicISO.lnk
[2010/09/27 18:00:55 | 671,043,811 | ---- | C] () -- C:\Users\he11bringer\Desktop\Garra_Rufa.FINAL.mp4
[2010/09/27 17:48:29 | 000,466,816 | ---- | C] () -- C:\Users\he11bringer\Desktop\dragonsmall.jpg
[2010/09/23 08:25:43 | 3255,801,761 | ---- | C] () -- C:\Users\he11bringer\Desktop\[BSS]_Tengen_Toppa_Gurren_Lagann_The_Movie_-_Lagann-hen_[8A75A457].mp4
[2010/09/23 08:17:44 | 000,801,533 | ---- | C] () -- C:\Users\he11bringer\Desktop\178cf67d73712a0840ed516ac55eaf80.jpg
[2010/09/16 22:17:04 | 004,885,195 | ---- | C] () -- C:\Users\he11bringer\Desktop\dragon.jpg
[2010/09/15 20:58:15 | 114,796,524 | ---- | C] () -- C:\Users\he11bringer\Desktop\dragon.psd
[2010/09/14 21:03:45 | 000,000,948 | ---- | C] () -- C:\Users\he11bringer\Desktop\CDisplay.lnk
[2010/09/14 03:58:52 | 055,616,082 | ---- | C] () -- C:\Users\he11bringer\Desktop\Scott Pilgrim 01 - Scott Pilgrim's Precious Little Life (2004) (Minutemen-DTs).cbz
[2010/09/14 03:58:46 | 089,407,980 | ---- | C] () -- C:\Users\he11bringer\Desktop\Scott Pilgrim 04 Scott Pilgrim Gets It Together (2007) (Minutemen-DTs).cbz
[2010/09/14 03:58:43 | 083,338,649 | ---- | C] () -- C:\Users\he11bringer\Desktop\Scott Pilgrim 05 - Scott Pilgrim vs. the Universe (2009) (Minutemen-DTs).cbz
[2010/09/14 03:58:42 | 184,287,517 | ---- | C] () -- C:\Users\he11bringer\Desktop\Scott_Pilgrim_06_-_Scott_Pilgrim_s_Finest_Hour__2010___c2c___Minutemen-DTs_(2).cbz
[2010/09/13 18:09:10 | 102,469,987 | ---- | C] () -- C:\Users\he11bringer\Desktop\candy.psd
[2010/09/13 03:41:37 | 072,484,077 | ---- | C] () -- C:\Users\he11bringer\Desktop\cat.psd
[2010/09/08 00:05:24 | 168,193,003 | ---- | C] () -- C:\Users\he11bringer\Desktop\simon.psd
[2010/09/07 22:42:49 | 052,684,467 | ---- | C] () -- C:\Users\he11bringer\Desktop\lion.psd
[2010/09/06 22:38:09 | 000,007,362 | ---- | C] () -- C:\Users\he11bringer\Desktop\SharePodSettings.xml
[2010/09/06 22:23:41 | 000,504,038 | ---- | C] () -- C:\Users\he11bringer\Desktop\sqlite3.dll
[2010/09/04 00:21:59 | 098,206,661 | ---- | C] () -- C:\Users\he11bringer\Desktop\husky.psd
[2010/09/03 12:49:07 | 001,157,444 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\Cat.DB
[2010/09/02 15:36:20 | 000,009,415 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNet.cat
[2010/09/02 15:36:20 | 000,001,480 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNet.inf
[2010/09/02 15:36:19 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.cat
[2010/09/02 15:36:19 | 000,007,401 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.cat
[2010/09/02 15:36:19 | 000,007,399 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA64.cat
[2010/09/02 15:36:19 | 000,007,345 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\ccHPx64.cat
[2010/09/02 15:36:19 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymEFA.inf
[2010/09/02 15:36:19 | 000,001,836 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\ccHPx64.inf
[2010/09/02 15:36:19 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtsp64.inf
[2010/09/02 15:36:19 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\srtspx64.inf
[2010/09/02 15:35:56 | 000,009,412 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\symnetv.cat
[2010/09/02 15:35:56 | 000,007,362 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.CAT
[2010/09/02 15:35:56 | 000,001,481 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SymNetV.inf
[2010/09/02 15:35:56 | 000,000,640 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\BHDrvx64.inf
[2010/09/02 15:35:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\isolate.ini
[2010/09/02 11:44:39 | 000,274,560 | ---- | C] () -- C:\Windows\SysNative\GetBootTime.dll
[2010/09/02 11:44:39 | 000,001,796 | ---- | C] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2010/09/02 11:44:39 | 000,001,393 | ---- | C] () -- C:\Windows\SysNative\ServiceFilter.ini
[2010/09/02 11:44:39 | 000,000,105 | ---- | C] () -- C:\Windows\SysNative\FastBoot.ini
[2010/09/02 11:44:39 | 000,000,080 | ---- | C] () -- C:\Windows\SysNative\Defrag.ini
[2010/09/02 11:44:39 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\RemoveFont.ini
[2010/09/02 11:44:39 | 000,000,015 | ---- | C] () -- C:\Windows\SysNative\BootTime.ini
[2010/09/02 11:40:20 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\SmartLogon Manager.lnk
[2010/09/02 11:39:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk
[2010/09/02 11:39:26 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\ASUS MultiFrame.lnk
[2010/09/02 11:39:04 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Data Security Manager.Lnk
[2010/09/02 11:37:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_enecir_01009.Wdf
[2010/09/02 11:36:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/09/02 11:35:14 | 000,000,520 | R--- | C] () -- C:\Windows\SysNative\drivers\SamSfPa.dat
[2010/09/02 11:34:40 | 000,170,525 | ---- | C] () -- C:\Windows\AsCD_Item_13.jpg
[2010/08/30 01:49:29 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/08/29 03:48:03 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/08/29 03:48:03 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/08/29 03:47:54 | 000,002,390 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/08/26 14:34:25 | 000,294,185 | ---- | C] () -- C:\Users\he11bringer\Desktop\sced.jpg
[2010/08/16 01:51:40 | 000,001,012 | ---- | C] () -- C:\Users\he11bringer\Desktop\Dropbox.lnk
[2010/08/11 23:23:34 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/11 23:21:11 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/02 01:49:34 | 041,851,494 | ---- | C] () -- C:\Users\he11bringer\Desktop\starcraft2.psd
[2010/07/30 19:45:38 | 005,737,855 | ---- | C] () -- C:\Users\he11bringer\Desktop\gurrenlagann.psd
[2010/07/30 16:03:30 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\LOCO.lnk
[2010/07/28 17:00:29 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/07/28 01:32:11 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/28 01:26:24 | 000,001,470 | ---- | C] () -- C:\Users\he11bringer\Desktop\4Videosoft MKV Video Converter.lnk
[2010/07/27 02:24:09 | 854,474,752 | ---- | C] () -- C:\Users\he11bringer\Desktop\gas.iso
[2010/07/26 03:09:58 | 1913,144,139 | ---- | C] () -- C:\Users\he11bringer\Desktop\[BSS]_Tengen_Toppa_Gurren_Lagann_The_Movie_-_Lagann-hen_[8A75A457].mkv
[2010/07/26 03:06:03 | 2201,987,685 | ---- | C] () -- C:\Users\he11bringer\Desktop\[BSS]_Tengen_Toppa_Gurren_Lagann_The_Movie_-_Guren-hen_[74C3E9D3].mkv
[2010/07/20 02:40:43 | 000,001,008 | ---- | C] () -- C:\Users\he11bringer\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/06/16 03:55:39 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/06/16 03:55:39 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/06/16 01:54:54 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/06/16 01:54:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/16 01:54:53 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/16 01:54:53 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/16 01:39:03 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/15 19:24:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/13 20:03:36 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\avicap32.dll
[2009/07/13 20:02:44 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\drprov.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

========== LOP Check ==========

[2010/10/11 11:26:51 | 000,000,000 | ---D | M] -- C:\Users\he11bringer\AppData\Roaming\Dropbox
[2010/07/18 21:56:42 | 000,000,000 | ---D | M] -- C:\Users\he11bringer\AppData\Roaming\NeopleLauncherDFO
[2010/08/12 03:02:34 | 000,000,000 | ---D | M] -- C:\Users\he11bringer\AppData\Roaming\SharePod
[2010/10/11 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\he11bringer\AppData\Roaming\uTorrent
[2010/07/09 02:06:53 | 000,000,000 | ---D | M] -- C:\Users\he11bringer\AppData\Roaming\XLink Kai
[2009/07/14 01:08:49 | 000,023,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/11/27 22:10:54 | 000,000,016 | ---- | M] () -- C:\app14.log
[2009/05/11 09:49:02 | 000,000,022 | ---- | M] () -- C:\app2.log
[2008/11/25 06:07:32 | 000,000,081 | ---- | M] () -- C:\app4.log
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/06/15 16:07:34 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/05/30 04:29:32 | 000,019,709 | ---- | M] () -- C:\devlist.txt
[2009/05/30 04:29:28 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2009/04/28 05:56:14 | 001,048,576 | RH-- | M] () -- C:\G71G.BIN
[2009/07/30 14:58:06 | 001,048,576 | RH-- | M] () -- C:\G71GX.BIN
[2009/04/28 21:52:26 | 000,000,020 | ---- | M] () -- C:\G71G_G71GX_VISTA.30
[2010/10/16 23:48:01 | 536,109,055 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/02 11:43:55 | 000,423,780 | ---- | M] () -- C:\if.log
[2009/05/30 04:25:46 | 022,020,096 | ---- | M] () -- C:\inject.log
[2009/05/30 04:25:47 | 020,454,595 | ---- | M] () -- C:\inject.log.txt
[2008/09/19 07:33:21 | 000,000,003 | ---- | M] () -- C:\K522.txt
[2008/08/08 03:22:19 | 000,000,030 | ---- | M] () -- C:\NERO.LOG
[2010/06/15 17:28:07 | 000,334,968 | RHS- | M] () -- C:\NLJWM
[2010/10/16 23:48:11 | 2146,471,935 | -HS- | M] () -- C:\pagefile.sys
[2009/05/29 15:02:18 | 000,000,105 | ---- | M] () -- C:\Pass.txt
[2009/03/18 21:37:23 | 000,003,240 | ---- | M] () -- C:\Patch.LOG
[2009/04/28 21:52:26 | 000,000,013 | ---- | M] () -- C:\RECOVERY.DAT
[2010/09/02 11:35:53 | 000,003,059 | ---- | M] () -- C:\RHDSetup.log
[2010/10/12 12:39:30 | 000,000,387 | ---- | M] () -- C:\rkill.log
[2010/09/02 11:39:26 | 000,000,090 | ---- | M] () -- C:\setup.log
[2008/09/19 07:43:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/05/29 13:31:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/05/26 18:16:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/06/14 11:44:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/06/14 17:07:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/06/14 17:35:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/06/14 17:52:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/09/19 07:43:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/05/29 13:31:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/05/26 18:16:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/06/14 11:44:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/06/14 17:07:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/06/14 17:35:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/06/14 17:52:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/30 03:32:47 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt
[2009/05/30 03:32:24 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
[2009/02/11 23:50:06 | 000,000,025 | ---- | M] () -- C:\V622.TXT
[2010/06/15 17:28:07 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/10/11 16:39:51 | 000,000,259 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010/08/27 17:00:53 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2010/09/02 11:34:40 | 000,170,525 | ---- | M] () -- C:\Windows\AsCD_Item_13.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/15 16:46:32 | 000,000,221 | -HS- | M] () -- C:\Users\he11bringer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/02/22 13:37:20 | 1207,438,732 | ---- | M] () -- C:\Users\he11bringer\Desktop\NetmarbleSDGOSetup.exe
[2010/10/17 01:21:39 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\he11bringer\Desktop\OTL.exe
[2010/07/17 11:41:44 | 005,470,720 | ---- | M] (Jeffrey Harris) -- C:\Users\he11bringer\Desktop\SharePod.exe
[2006/12/11 11:26:52 | 001,279,488 | ---- | M] (UMDGEN.COM) -- C:\Users\he11bringer\Desktop\UMDGen.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/06/19 01:38:40 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/06/19 01:38:40 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/06/19 01:31:04 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/06/19 01:31:04 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/02 10:32:13 | 000,000,402 | -HS- | M] () -- C:\Users\he11bringer\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Art4l1fe · 2010/10/17

EXTRAS:

OTL Extras logfile created on: 10/17/2010 1:23:05 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\he11bringer\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 64.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 87.12 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 221.16 Gb Total Space | 144.96 Gb Free Space | 65.55% Space Free | Partition Type: NTFS
Drive E: | 1.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 2.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HE11BRINGER-PC | User Name: he11bringer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2773B836-AC66-4178-A414-C5A0F9F5D805}" = XLink Kai
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{439F7BFD-4F1B-4CAE-834A-4136396C2738}" = ASUS Turbo Gear Enhanced VGA Driver
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{558B0625-03A7-491C-9693-FD1066005CBB}" = Turbo Gear Extreme
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3B6103A-C76F-45CF-898E-22E74BD33CFF}" = Direct Console 2.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"4Videosoft MKV Video Converter_is1" = 4Videosoft MKV Video Converter
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ASUS_Screensaver" = ASUS_Screensaver
"AviSynth" = AviSynth 2.5
"CDisplay_is1" = CDisplay 1.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comical_is1" = Comical 0.8
"DFO" = DFOLauncher
"DivX Setup.divx.com" = DivX Setup
"ffdshow_is1" = ffdshow v1.1.3452 [2010-05-24]
"Google Chrome" = Google Chrome
"kdefense" = K-Defense8 Control - Ã…°º¸µÃ¥ º¸¾Ãˆ
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Full)
"LOCO" = LOCO EU
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NAV" = Norton AntiVirus
"NetmarbleSDGO" = SD Gundam Capsule Fighter
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"Videora iPod Converter" = Videora iPod Converter 5.04
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/10/2010 3:24:42 PM | Computer Name = he11bringer-PC | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description = Certificate Services Client failed to invoke the Providers in response
to event 512. Error code 2147942593.

Error - 16/10/2010 11:24:30 PM | Computer Name = he11bringer-PC | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description = Certificate Services Client failed to load Provider pautoenr.dll.
Error code 193.

Error - 16/10/2010 11:24:30 PM | Computer Name = he11bringer-PC | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description = Certificate Services Client failed to invoke the Providers in response
to event 256. Error code 2147942593.

Error - 16/10/2010 11:24:43 PM | Computer Name = he11bringer-PC | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description = Certificate Services Client failed to load Provider pautoenr.dll.
Error code 193.

Error - 16/10/2010 11:24:43 PM | Computer Name = he11bringer-PC | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description = Certificate Services Client failed to invoke the Providers in response
to event 512. Error code 2147942593.

Error - 16/10/2010 11:48:59 PM | Computer Name = he11bringer-PC | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description = Certificate Services Client failed to load Provider pautoenr.dll.
Error code 193.

Error - 16/10/2010 11:48:59 PM | Computer Name = he11bringer-PC | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description = Certificate Services Client failed to invoke the Providers in response
to event 512. Error code 2147942593.

Error - 16/10/2010 11:48:59 PM | Computer Name = he11bringer-PC | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description = Certificate Services Client failed to load Provider pautoenr.dll.
Error code 193.

Error - 16/10/2010 11:48:59 PM | Computer Name = he11bringer-PC | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description = Certificate Services Client failed to invoke the Providers in response
to event 256. Error code 2147942593.

Error - 16/10/2010 11:49:19 PM | Computer Name = he11bringer-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FBAgent.exe, version: 1.0.2.0, time stamp:
0x4a9f9317 Faulting module name: FBAgent.exe, version: 1.0.2.0, time stamp: 0x4a9f9317
Exception
code: 0xc0000005 Fault offset: 0x0000000000012a5b Faulting process id: 0x66c Faulting
application start time: 0x01cb6dae271f53c1 Faulting application path: C:\Windows\system32\FBAgent.exe
Faulting
module path: C:\Windows\system32\FBAgent.exe Report Id: 84ea6b16-d9a1-11df-8997-0026182d91d6

[ System Events ]
Error - 16/10/2010 7:24:21 AM | Computer Name = he11bringer-PC | Source = Service Control Manager | ID = 7024
Description = The Norton AntiVirus service terminated with service-specific error
%%-1.

Error - 16/10/2010 7:24:25 AM | Computer Name = he11bringer-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 16/10/2010 7:26:16 AM | Computer Name = he11bringer-PC | Source = Service Control Manager | ID = 7034
Description = The AFBAgent service terminated unexpectedly. It has done this 1
time(s).

Error - 16/10/2010 11:47:48 PM | Computer Name = he11bringer-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 16/10/2010 11:48:25 PM | Computer Name = he11bringer-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002
Description = WLAN AutoConfig service has failed to start. Error Code: 3222070536

Error - 16/10/2010 11:48:25 PM | Computer Name = he11bringer-PC | Source = Service Control Manager | ID = 7023
Description = The WLAN AutoConfig service terminated with the following error: %%-1072896760

Error - 16/10/2010 11:48:26 PM | Computer Name = he11bringer-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Akamai
NetSession Interface service to connect.

Error - 16/10/2010 11:48:28 PM | Computer Name = he11bringer-PC | Source = Service Control Manager | ID = 7024
Description = The Norton AntiVirus service terminated with service-specific error
%%-1.

Error - 16/10/2010 11:48:51 PM | Computer Name = he11bringer-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 16/10/2010 11:49:20 PM | Computer Name = he11bringer-PC | Source = Service Control Manager | ID = 7034
Description = The AFBAgent service terminated unexpectedly. It has done this 1
time(s).

< End of report >

broni · 2010/10/17

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

==============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ProDefense.sys -- (ProDefense)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{2ab29324-b6a7-11df-8677-806e6f6e6963}\Shell - " " = AutoRun
O33 - MountPoints2\{2ab29324-b6a7-11df-8677-806e6f6e6963}\Shell\AutoRun\command - " " = E:\Setup.exe -- [2009/04/08 00:12:00 | 002,005,560 | R--- | M] (ASUSTek COMPUTER INC.)
O33 - MountPoints2\{5b4b1534-78b1-11df-ac12-806e6f6e6963}\Shell - " " = AutoRun
O33 - MountPoints2\{5b4b1534-78b1-11df-ac12-806e6f6e6963}\Shell\AutoRun\command - " " = E:\InstAll.exe -- File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 "DisableSR" =-


:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Art4l1fe · 2010/10/17

OTL:

All processes killed
========== OTL ==========
Service ProDefense stopped successfully!
Service ProDefense deleted successfully!
File C:\Windows\SysNative\drivers\ProDefense.sys not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ab29324-b6a7-11df-8677-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ab29324-b6a7-11df-8677-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ab29324-b6a7-11df-8677-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ab29324-b6a7-11df-8677-806e6f6e6963}\ not found.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b4b1534-78b1-11df-ac12-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b4b1534-78b1-11df-ac12-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b4b1534-78b1-11df-ac12-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b4b1534-78b1-11df-ac12-806e6f6e6963}\ not found.
File E:\InstAll.exe not found.
C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\\DisableSR deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: he11bringer
->Temp folder emptied: 685170042 bytes
->Temporary Internet Files folder emptied: 14549174 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55518639 bytes
->Google Chrome cache emptied: 336402616 bytes
->Flash cache emptied: 109306 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22752925 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 6855623843 bytes

Total Files Cleaned = 7,601.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: he11bringer
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10172010_043035

Files\Folders moved on Reboot...
File move failed. E:\Setup.exe scheduled to be moved on reboot.
C:\Users\he11bringer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Art4l1fe · 2010/10/17

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
Mozilla Firefox (3.6.6) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS)

``````````End of Log````````````

broni · 2010/10/17

Update your Firefox.

Art4l1fe · 2010/10/18

ESET:

C:\C\$WINDOWS.~Q\DATA\Windows\SysWOW64\ajimavar.ini Win32/Adware.Virtumonde.NEO application
C:\C\$WINDOWS.~Q\DATA\Windows\SysWOW64\anapibun.ini Win32/Adware.Virtumonde.NEO application
C:\C\$WINDOWS.~Q\DATA\Windows\SysWOW64\enudamur.ini Win32/Adware.Virtumonde.NEO application
C:\C\$WINDOWS.~Q\DATA\Windows\SysWOW64\ibakihew.ini Win32/Adware.Virtumonde.NEO application
C:\C\$WINDOWS.~Q\DATA\Windows\SysWOW64\ufuyofeh.ini Win32/Adware.Virtumonde.NEO application
C:\Users\he11bringer\Desktop\Norton Anti-Virus 2009 v16.0.0.125 (NAV & NIS)(Clean +Working Crack)\NAV2009_16.0.0.125_OEM902.exe a variant of Win32/Injector.NS trojan
C:\Users\he11bringer\Desktop\Norton Anti-Virus 2009 v16.0.0.125 (NAV & NIS)(Clean +Working Crack)\Norton 2009 v16.0.0.125 (NAV + NIS) - Crack only\Norton_TrialReset_1.5V.exe multiple threats
C:\Users\he11bringer\DoctorWeb\Quarantine\explorer.exe Win32/Filecoder.O trojan
C:\Users\he11bringer\DoctorWeb\Quarantine\nmchf__0.exe Win32/Filecoder.O trojan
C:\Users\he11bringer\Downloads\Norton Anti-Virus 2009 v16.0.0.125 (NAV & NIS)+crack.rar multiple threats
C:\Users\he11bringer\Downloads\Microsoft Office 2010 PRO Plus ACTIVATED\Office2010.iso probably a variant of Win32/Agent.RRG trojan
D:\BACKUP\Norton Anti-Virus 2009 v16.0.0.125 (NAV & NIS)+crack.rar multiple threats
D:\BACKUP\Microsoft Office 2010 PRO Plus ACTIVATED\Office2010.iso probably a variant of Win32/Agent.RRG trojan
D:\HE11BRINGER-PC\Backup Set 2010-10-17 190002\Backup Files 2010-10-17 190002\Backup files 3.zip Win32/Adware.Virtumonde.NEO application
D:\HE11BRINGER-PC\Backup Set 2010-10-17 190002\Backup Files 2010-10-17 190002\Backup files 61.zip multiple threats
D:\HE11BRINGER-PC\Backup Set 2010-10-17 190002\Backup Files 2010-10-17 190002\Backup files 62.zip Win32/Filecoder.O trojan
D:\Nero 9.2.6.0 + keymaker - anony014\Nero-9.2.6.0_update.exe Win32/Toolbar.AskSBar application

broni · 2010/10/18

You have to be more careful, what you download and from where!

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\C\$WINDOWS.~Q\DATA\Windows\SysWOW64\ajimavar.ini 
C:\C\$WINDOWS.~Q\DATA\Windows\SysWOW64\anapibun.ini 
C:\C\$WINDOWS.~Q\DATA\Windows\SysWOW64\enudamur.ini 
C:\C\$WINDOWS.~Q\DATA\Windows\SysWOW64\ibakihew.ini 
C:\C\$WINDOWS.~Q\DATA\Windows\SysWOW64\ufuyofeh.ini 
C:\Users\he11bringer\Desktop\Norton Anti-Virus 2009 v16.0.0.125 (NAV & NIS)(Clean +Working Crack)\NAV2009_16.0.0.125_OEM902.exe 
C:\Users\he11bringer\Desktop\Norton Anti-Virus 2009 v16.0.0.125 (NAV & NIS)(Clean +Working Crack)\Norton 2009 v16.0.0.125 (NAV + NIS) - Crack only\Norton_TrialReset_1.5V.exe 
C:\Users\he11bringer\DoctorWeb\Quarantine\explorer.exe 
C:\Users\he11bringer\DoctorWeb\Quarantine\nmchf__0.exe 
C:\Users\he11bringer\Downloads\Norton Anti-Virus 2009 v16.0.0.125 (NAV & NIS)+crack.rar 
C:\Users\he11bringer\Downloads\Microsoft Office 2010 PRO Plus ACTIVATED\Office2010.iso 
D:\BACKUP\Norton Anti-Virus 2009 v16.0.0.125 (NAV & NIS)+crack.rar 
D:\BACKUP\Microsoft Office 2010 PRO Plus ACTIVATED\Office2010.iso 
D:\HE11BRINGER-PC\Backup Set 2010-10-17 190002\Backup Files 2010-10-17 190002\Backup files 3.zip 
D:\HE11BRINGER-PC\Backup Set 2010-10-17 190002\Backup Files 2010-10-17 190002\Backup files 61.zip 
D:\HE11BRINGER-PC\Backup Set 2010-10-17 190002\Backup Files 2010-10-17 190002\Backup files 62.zip 
D:\Nero 9.2.6.0 + keymaker - anony014\Nero-9.2.6.0_update.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

Log in or Sign up

Solved Virus? No wireless connection and .dlls not working?

Art4l1fe Inactive Thread Starter

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

Art4l1fe Inactive Thread Starter

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Virus? No wireless connection and .dlls not working?

Art4l1fe Inactive Thread Starter

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

Art4l1fe Inactive Thread Starter

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Art4l1fe Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches