TechSpot

[Closed] Windows Security Center service could not be started

By signofzeta
Feb 12, 2012
Topic Status:
Not open for further replies.
  1. Ok, I posted the exact same thing in the "BSOD" section of the forums, and if you don't think the whole windows security couldn't start thing is a cause of a virus, then you can close the one in the "BSOD" section of the forums and keep this one open. Anyway, Here is what I have. I also want some lurking threats removed, if there are any.

    Malwarebytes:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.11.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.18005
    George :: GEORGEGAMINGPC [administrator]

    2/11/2012 4:27:20 PM
    mbam-log-2012-02-11 (16-27-20).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 207254
    Time elapsed: 11 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    Gmer

    GMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-12 08:41:23
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9250320AS rev.0303
    Running: gtoqqskx.exe; Driver: C:\Users\George\AppData\Local\Temp\axdyqpoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT 90493C5E ZwCreateSection
    SSDT 90493C68 ZwRequestWaitReplyPort
    SSDT 90493C63 ZwSetContextThread
    SSDT 90493C6D ZwSetSecurityObject
    SSDT 90493C72 ZwSystemDebugControl
    SSDT 90493BFF ZwTerminateProcess

    INT 0x51 ? 85B92BF8
    INT 0x52 ? 8749FBF8
    INT 0x62 ? 8749FBF8
    INT 0x72 ? 8749FBF8
    INT 0xB2 ? 85B92BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 215 830F4998 4 Bytes [5E, 3C, 49, 90] {POP ESI; CMP AL, 0x49; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 539 830F4CBC 4 Bytes [68, 3C, 49, 90]
    .text ntkrnlpa.exe!KeSetEvent + 56D 830F4CF0 4 Bytes [63, 3C, 49, 90] {ARPL [ECX+ECX*2], DI; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 5D1 830F4D54 4 Bytes [6D, 3C, 49, 90] {INSD ; CMP AL, 0x49; NOP }
    .text ntkrnlpa.exe!KeSetEvent + 619 830F4D9C 4 Bytes [72, 3C, 49, 90] {JB 0x3e; DEC ECX; NOP }
    .text ...
    ? System32\Drivers\spak.sys The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload 837CE41B 5 Bytes JMP 8749F1D8
    .text axf7xfon.SYS 8F575000 22 Bytes [82, C3, 01, 83, 6C, C2, 01, ...]
    .text axf7xfon.SYS 8F575017 84 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...]
    .text axf7xfon.SYS 8F57506C 52 Bytes [A0, EE, 08, 83, 98, EE, 0E, ...]
    .text axf7xfon.SYS 8F5750A1 29 Bytes [10, 0F, 83, 74, 06, 09, 83, ...]
    .text axf7xfon.SYS 8F5750BF 13 Bytes [83, 00, 00, 00, 00, 00, 00, ...] {ADD DWORD [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\Explorer.EXE[3116] SHELL32.dll!SHFileOperationW 762068E8 5 Bytes JMP 03651102 C:\Program Files\Unlocker\UnlockerHook.dll

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806966D6] \SystemRoot\System32\Drivers\spak.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80696042] \SystemRoot\System32\Drivers\spak.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80696800] \SystemRoot\System32\Drivers\spak.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806960C0] \SystemRoot\System32\Drivers\spak.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069613E] \SystemRoot\System32\Drivers\spak.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A5E9C] \SystemRoot\System32\Drivers\spak.sys
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortNotification] CC358B04
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortWritePortUchar] 838F59AF
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8F5980
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortStallExecution] 54771129
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortRequestCallback] [8B55CC00] \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation)
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortInitialize] B18D0502
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
    IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 865251F8
    Device \FileSystem\fastfat \FatCdrom 8B1FD1F8

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    Device \Driver\volmgr \Device\VolMgrControl 865221F8
    Device \Driver\usbohci \Device\USBPDO-0 877341F8
    Device \Driver\usbohci \Device\USBPDO-1 877341F8
    Device \Driver\usbehci \Device\USBPDO-2 8765F500
    Device \Driver\PCI_PNP6875 \Device\00000055 spak.sys
    Device \Driver\netbt \Device\NetBT_Tcpip_{F30F37EC-794C-4650-A5AB-1880BB88B0BA} 87B8D1F8
    Device \Driver\volmgr \Device\HarddiskVolume1 865221F8
    Device \Driver\volmgr \Device\HarddiskVolume2 865221F8
    Device \Driver\cdrom \Device\CdRom0 877351F8
    Device \Driver\sptd \Device\3005320884 spak.sys
    Device \Driver\volmgr \Device\HarddiskVolume3 865221F8
    Device \Driver\cdrom \Device\CdRom1 877351F8
    Device \Driver\cdrom \Device\CdRom2 877351F8
    Device \Driver\netbt \Device\NetBt_Wins_Export 87B8D1F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{A0BBAC67-483F-495C-AC61-DBB492CA07A9} 87B8D1F8
    Device \Driver\Smb \Device\NetbiosSmb 87E7C1F8
    Device \Driver\iScsiPrt \Device\RaidPort0 87751500
    Device \Driver\usbohci \Device\USBFDO-0 877341F8
    Device \Driver\usbohci \Device\USBFDO-1 877341F8
    Device \Driver\usbehci \Device\USBFDO-2 8765F500
    Device \Driver\axf7xfon \Device\Scsi\axf7xfon1 877C51F8
    Device \Driver\axf7xfon \Device\Scsi\axf7xfon1Port4Path0Target1Lun0 877C51F8
    Device \Driver\axf7xfon \Device\Scsi\axf7xfon1Port4Path0Target0Lun0 877C51F8
    Device \FileSystem\fastfat \Fat 8B1FD1F8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\cdfs \Cdfs A3F7D1F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d60c5c31d
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x43 0x1A 0xEB ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x49 0xFD 0xC3 0xA7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0xD0 0x71 0xC9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB6 0x4A 0xEA 0xBC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xF9 0x28 0xF0 0xD9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x5F 0x79 0xFD 0x56 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x43 0x1A 0xEB ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x49 0xFD 0xC3 0xA7 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0xD0 0x71 0xC9 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB6 0x4A 0xEA 0xBC ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xF9 0x28 0xF0 0xD9 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x5F 0x79 0xFD 0x56 ...

    ---- Files - GMER 1.0.15 ----

    File C:\ADSM_PData_0150 0 bytes
    File C:\ADSM_PData_0150\DB 0 bytes
    File C:\ADSM_PData_0150\DB\SI.db 624 bytes
    File C:\ADSM_PData_0150\DB\UL.db 16 bytes
    File C:\ADSM_PData_0150\DB\VL.db 16 bytes
    File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
    File C:\ADSM_PData_0150\DB\_avt 512 bytes
    File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
    File C:\ADSM_PData_0150\_avt 512 bytes
    File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
    File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
    File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
    File C:\Windows\$NtUninstallKB56683$\1151941440 0 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412 0 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\@ 2048 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\bckfg.tmp 863 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\cfg.ini 185 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\keywords 26 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\kwrd.dll 223744 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\L 0 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\L\qnbwvoto 75264 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\U 0 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\U\00000001.@ 2048 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\U\00000002.@ 224768 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\U\00000004.@ 1024 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\U\80000000.@ 11264 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\U\80000004.@ 12800 bytes
    File C:\Windows\$NtUninstallKB56683$\26205412\U\80000032.@ 77312 bytes

    ---- EOF - GMER 1.0.15 ----
     
  3. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    DDS

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
    Run by George at 9:13:12 on 2012-02-12
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1226 [GMT -6:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\seagate\Sync\FreeAgentService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\ATK Hotkey\Hcontrol.exe
    C:\Program Files\ATK Hotkey\MsgTranAgt.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Windows\System32\ACEngSvr.exe
    C:\Program Files\ATK Hotkey\ATKOSD.exe
    C:\Program Files\ATK Hotkey\KBFiltr.exe
    C:\Program Files\ATK Hotkey\WDC.exe
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\ATK Hotkey\HControlUser.exe
    C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
    C:\Program Files\ASUS\ATK Media\DMedia.exe
    C:\Windows\System32\ASUSTPE.exe
    C:\Windows\ASScrPro.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\seagate\FreeAgent Status\stxmenumgr.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
    BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12\imesc\IMSCMIG.EXE /INSTALL
    mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
    mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [HControlUser] "c:\program files\atk hotkey\HcontrolUser.exe"
    mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe
    mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
    mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
    mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
    mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MaxMenuMgr] "c:\seagate\freeagent status\StxMenuMgr.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    StartupFolder: c:\users\george\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{dc905847-d537-427f-bf91-47cc7accde58}\_DF3A81D17C478A2A6C60A5.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{A0BBAC67-483F-495C-AC61-DBB492CA07A9} : DhcpNameServer = 64.71.255.198
    TCP: Interfaces\{F30F37EC-794C-4650-A5AB-1880BB88B0BA} : DhcpNameServer = 10.0.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\GOEC62~1.DLL
    LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\george\appdata\roaming\mozilla\firefox\profiles\tkl96nqs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 64242
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
    FF - plugin: c:\users\george\appdata\roaming\mozilla\plugins\npicaN.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-4-7 15416]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-31 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-1-31 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-1-31 110032]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-1-31 463824]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-31 74640]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 FreeAgentGoNext Service;Seagate Service;c:\seagate\sync\FreeAgentService.exe [2009-9-25 189736]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-11-19 5120]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-8 48128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 135664]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragonageorigins\dragon age\bin_ship\daupdatersvc.service.exe --> d:\dragonageorigins\dragon age\bin_ship\DAUpdaterSvc.Service.exe [?]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-1 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-4-7 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 135664]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-01-31 14:10:07 -------- d-----w- c:\users\george\appdata\local\AskToolbar
    2012-01-31 14:04:14 -------- d-----w- c:\users\george\appdata\roaming\Avira
    2012-01-31 13:58:15 -------- d-----w- c:\program files\Ask.com
    2012-01-31 13:57:32 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-01-31 13:57:32 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-01-31 13:57:31 -------- d-----w- c:\programdata\Avira
    2012-01-31 13:57:31 -------- d-----w- c:\program files\Avira
    2012-01-17 13:43:20 -------- d-----w- c:\users\george\appdata\roaming\Kalaaf
    2012-01-17 13:43:20 -------- d-----w- c:\users\george\appdata\roaming\Appe
    .
    ==================== Find3M ====================
    .
    2012-02-11 15:21:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2012-02-09 09:56:42 189744 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2012-02-09 09:56:38 189744 ----a-w- c:\windows\system32\PnkBstrB.exe
    2012-02-04 01:13:20 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2012-01-02 10:23:32 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2008-07-02 02:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll
    .
    ============= FINISH: 9:14:21.03 ===============
     
  4. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    attach

    attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/7/2009 9:35:04 AM
    System Uptime: 2/11/2012 9:20:30 AM (24 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | F50SV
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU 1 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 11.079 GiB free.
    D: is FIXED (NTFS) - 105 GiB total, 13.952 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP850: 2/11/2012 5:21:18 PM - Scheduled Checkpoint
    RP851: 2/12/2012 5:27:09 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader X (10.0.1)
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    ASUS CopyProtect
    ASUS Data Security Manager
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS MultiFrame
    ASUS Power4Gear eXtreme
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Touch Pad Extra
    ASUS Virtual Camera
    Asus_Camera_ScreenSaver
    Atheros Client Installation Program
    ATK Generic Function Service
    ATK Hotkey
    ATK Media
    ATKOSD2
    Avira Free Antivirus
    Avira SearchFree Toolbar plus Web Protection Updater
    BitComet 1.12
    Brink
    Call of Duty Modern Warfare 2
    CDBurnerXP
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Citrix XenApp Web Plugin
    Company of Heroes
    CyberLink LabelPrint
    CyberLink Power2Go
    Dolby Control Center
    Doom 3
    Doom 3 (TM) Demo
    DOOM 3: Resurrection of Evil
    DOOM II: Hell on Earth
    DOSShell 1.4
    Dragon Age: Origins
    Explorer Suite III
    Express Gate
    Fallout 3
    Fallout Mod Manager 0.11.9
    Game Scanner
    Google Desktop
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    HeXen: Deathkings of the Dark Citadel
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java Auto Updater
    Java(TM) 6 Update 24
    Junk Mail filter update
    LightScribe System Software 1.14.17.1
    Logitech Gaming Software
    Magic Online
    Magic: The Gathering - Duels of the Planeswalkers Demo
    Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo
    Malwarebytes Anti-Malware version 1.60.1.1000
    Marvel(TM) - Ultimate Alliance
    MATLAB R2009b
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Chinese (Simplified)) 2007
    Microsoft Office Access MUI (Chinese (Traditional)) 2007
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (French) 2007
    Microsoft Office Access MUI (Spanish) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel 2007 Help ¸üР(KB963678)
    Microsoft Office Excel 2007 Help Actualización (KB963678)
    Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678)
    Microsoft Office Excel MUI (Chinese (Simplified)) 2007
    Microsoft Office Excel MUI (Chinese (Traditional)) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (French) 2007
    Microsoft Office Excel MUI (Spanish) 2007
    Microsoft Office IME (Chinese (Simplified)) 2007
    Microsoft Office IME (Chinese (Traditional)) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook 2007 Help ¸üР(KB963677)
    Microsoft Office Outlook 2007 Help Actualización (KB963677)
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
    Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (French) 2007
    Microsoft Office Outlook MUI (Spanish) 2007
    Microsoft Office Powerpoint 2007 Help ¸üР(KB963669)
    Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
    Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669)
    Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
    Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (French) 2007
    Microsoft Office PowerPoint MUI (Spanish) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (Basque) 2007
    Microsoft Office Proof (Catalan) 2007
    Microsoft Office Proof (Chinese (Simplified)) 2007
    Microsoft Office Proof (Chinese (Traditional)) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Galician) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (Chinese (Simplified)) 2007
    Microsoft Office Proofing (Chinese (Traditional)) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (French) 2007
    Microsoft Office Proofing (Spanish) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
    Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (French) 2007
    Microsoft Office Publisher MUI (Spanish) 2007
    Microsoft Office Shared MUI (Chinese (Simplified)) 2007
    Microsoft Office Shared MUI (Chinese (Traditional)) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (French) 2007
    Microsoft Office Shared MUI (Spanish) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007 Help ¸üР(KB963665)
    Microsoft Office Word 2007 Help Actualización (KB963665)
    Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665)
    Microsoft Office Word MUI (Chinese (Simplified)) 2007
    Microsoft Office Word MUI (Chinese (Traditional)) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (French) 2007
    Microsoft Office Word MUI (Spanish) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)
    Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
    Mise à jour Microsoft Office Word 2007 Help (KB963665)
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Card Reader
    NBA 2K11
    NBA 2K12
    NVIDIA Drivers
    NVIDIA PhysX
    Oblivion
    Oblivion - Horse Armor Pack
    Oblivion - Mehrunes Razor
    Oblivion - Orrery
    Oblivion - Spell Tomes
    Oblivion - The Fighter's Stronghold
    Oblivion - Thieves Den
    Oblivion - Vile Lair
    Oblivion - Wizard's Tower
    OpenOffice.org 3.1
    Picasa 2
    PunkBuster Services
    Python 2.5.2
    Qtracker
    Quake 4(TM) Demo
    Quake Live Mozilla Plugin
    QuickTime
    Realtek High Definition Audio Driver
    Return to Castle Wolfenstein
    Return to Castle Wolfenstein Multiplayer DEMO
    Samsung SCX-4x21 Series
    SanctionedMedia
    Seagate Manager Installer
    SecureW2 EAP Suite 1.1.3 for Windows
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skulltag
    Skype Toolbars
    Skype™ 5.0
    Steam
    Synaptics Pointing Device Driver
    TextPad 4.7
    The Ultimate DOOM
    Unlocker 1.9.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2553975)
    USB 2.0 1.3M UVC WebCam
    Vista Codec Package
    Warcraft II BNE
    Winamp
    WinDirStat 1.1.2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinFlash
    WinRAR archiver
    Wireless Console 2
    Wolfenstein
    Wolfenstein - Enemy Territory
    Wolfenstein 3D: Spear of Destiny
    Wolfenstein Demo
    Wolfenstein(TM) 1.1 Patch
    Wolfenstein(TM) 1.1 Patch
    Wolfenstein(TM) 1.2 Patch
    Wolfenstein(TM) 1.2 Patch
    Wolfenstein(TM) Demo
    wxPython 2.8.7.1 (ansi) for Python 2.5
    Xfire (remove only)
    YDKJ The 5th Dementia
    You Don't Know Jack - Sports 1.0
    You Don't Know Jack - Volume 2 1.0
    You Don't Know Jack - XL 1.0
    You Don't Know Jack 4 1.00
    YOU DON'T KNOW JACK Louder! Faster! Funnier!
    YOU DON'T KNOW JACK Offline
    YOU DON'T KNOW JACK Volume 3
    You Don't Know Jack®
    Yu-Gi-Oh! ONLINE 3
    .
    ==== End Of File ===========================
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You do have some malware. However, we will have to look further to determine the extent of it.

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =========================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===============================
    Please leave logs for Combofix and Eset scan in next reply.
    ==============================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
    =====================================
    I have deleted your other thread.
     
  6. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    ok, combofix didn't give me any logs, and it told me to restart the machine, which I did.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If it ran, there is a log.

    If you cannot find C:\Combofix.txt on your system, please update and run the program again.
     
  8. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    ok, I ran the program twice, and in both scenarios, it doesn't give me a log, nor does C:\ComboFix.txt exist.

    Combofix never told me to update the program, and when it started, it said it failed to get data from EnableLUA. And then it said that again. Then it created a system restore point, and backed up my registry. Then it started scanning.

    What happened is that it detected a Rootkit ZeroAccess, or whatever it was called, and when the scan was done, it rebooted the machine, because it had to deal with the rootkit, whether it was Zero Access or not, I don't know. When i went back in, it just rebooted normally, and ComboFix didn't run, nor did a txt file pop up.

    It could mean that there is another program that runs during startup, that is blocking the txt file from popping up.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run this instead:
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  10. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    OTL

    OTL

    OTL logfile created on: 2/12/2012 8:00:43 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\George\Desktop\downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.66% Memory free
    6.19 Gb Paging File | 5.32 Gb Available in Paging File | 85.96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 116.44 Gb Total Space | 9.68 Gb Free Space | 8.31% Space Free | Partition Type: NTFS
    Drive D: | 104.73 Gb Total Space | 13.79 Gb Free Space | 13.17% Space Free | Partition Type: NTFS

    Computer Name: GEORGEGAMINGPC | User Name: George | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\George\Desktop\downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    PRC - C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
    PRC - C:\seagate\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    PRC - C:\Program Files\Winamp\winampa.exe ()
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\ASScrPro.exe ()
    PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
    PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
    PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
    PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
    PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
    PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
    PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
    PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
    PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
    PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
    PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
    PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
    PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
    PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
    PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
    PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
    PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
    PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
    PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
    MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
    MOD - C:\Program Files\Winamp\winampa.exe ()
    MOD - C:\Windows\ASScrPro.exe ()
    MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
    MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
    MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
    MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
    MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
    MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
    MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (DAUpdaterSvc) -- File not found
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (FreeAgentGoNext Service) -- C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
    SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
    SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
    DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
    DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
    DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
    DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
    DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
    DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
    DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
    DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS"
    FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 64242
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 14:51:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 01:21:38 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6C028C61-1644-4D51-B6C5-E47F4688180E}: C:\Users\George\AppData\Local\{6C028C61-1644-4D51-B6C5-E47F4688180E}\

    [2009/06/07 17:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
    [2012/01/31 07:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions
    [2011/03/18 20:46:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/11/18 11:39:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2009/06/10 13:10:45 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    [2011/12/24 18:32:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2009/12/07 17:38:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\battlefieldheroespatcher@ea.com
    [2012/01/31 08:12:36 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\toolbar@ask.com
    [2011/12/24 18:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\trash
    [2011/11/10 13:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/25 22:52:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/12/30 14:51:53 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2008/11/11 01:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/05/08 01:21:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/10 13:51:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    Hosts file not found
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
    O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
    O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui File not found
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\seagate\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0BBAC67-483F-495C-AC61-DBB492CA07A9}: DhcpNameServer = 64.71.255.198
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F30F37EC-794C-4650-A5AB-1880BB88B0BA}: DhcpNameServer = 10.0.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\George\Pictures\black.jpg
    O24 - Desktop BackupWallPaper: C:\Users\George\Pictures\black.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/12 19:03:27 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/02/12 16:07:36 | 004,400,207 | R--- | C] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
    [2012/02/12 12:00:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/12 12:00:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/12 12:00:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/12 11:59:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/31 08:10:07 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\AskToolbar
    [2012/01/31 08:04:14 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Avira
    [2012/01/31 07:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2012/01/31 07:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
    [2012/01/31 07:57:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2012/01/31 07:57:32 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2012/01/31 07:57:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2012/01/31 07:57:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
    [2012/01/31 07:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2012/01/31 07:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2012/01/30 20:02:00 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Help
    [2012/01/17 07:43:20 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Kalaaf
    [2012/01/17 07:43:20 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Appe
    [2008/06/03 00:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/02/12 19:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/12 19:51:45 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/02/12 19:51:02 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
    [2012/02/12 19:50:59 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/02/12 19:50:58 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/12 19:50:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/12 19:50:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/12 19:50:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/12 19:50:11 | 3218,378,752 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/12 18:58:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/02/12 16:07:42 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
    [2012/02/12 12:59:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/02/12 08:49:25 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job
    [2012/02/11 17:36:28 | 000,000,680 | ---- | M] () -- C:\Users\George\AppData\Local\d3d9caps.dat
    [2012/02/11 16:26:38 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/09 03:56:42 | 000,189,744 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2012/02/05 23:40:23 | 000,131,584 | ---- | M] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/03 19:13:20 | 000,139,904 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2012/01/31 07:58:47 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2012/01/24 17:22:27 | 000,009,391 | ---- | M] () -- C:\Users\George\Documents\propassign2.ods

    ========== Files Created - No Company Name ==========

    [2012/02/12 19:50:11 | 3218,378,752 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/12 12:00:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/12 12:00:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/12 12:00:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/12 12:00:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/12 12:00:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/31 07:58:47 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2012/01/24 17:22:24 | 000,009,391 | ---- | C] () -- C:\Users\George\Documents\propassign2.ods
    [2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\Users\George\AppData\Local\bsc7o1i0dbmi
    [2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\ProgramData\bsc7o1i0dbmi
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011/03/04 17:44:11 | 000,000,000 | ---- | C] () -- C:\Users\George\AppData\Local\Hfefaf.bin
    [2011/03/04 17:43:13 | 000,000,120 | ---- | C] () -- C:\Users\George\AppData\Local\Xkidagayus.dat
    [2011/02/10 20:06:59 | 000,006,327 | ---- | C] () -- C:\Users\George\AppData\Roaming\56DE.800
    [2010/11/28 22:53:40 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
    [2010/06/24 18:59:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/05/26 06:12:58 | 000,000,313 | ---- | C] () -- C:\Windows\doom3.ini
    [2009/12/07 17:48:25 | 002,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
    [2009/11/19 04:01:46 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
    [2009/11/19 04:01:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
    [2009/11/19 04:01:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
    [2009/11/19 04:01:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
    [2009/11/19 04:01:34 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugw2l3.dll
    [2009/11/05 20:14:42 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
    [2009/10/13 00:04:45 | 000,000,906 | ---- | C] () -- C:\Windows\Rtcwplat.INI
    [2009/09/29 06:20:03 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
    [2009/09/23 23:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/09/16 23:44:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/16 23:44:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/14 15:10:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/08/08 20:11:33 | 000,000,310 | ---- | C] () -- C:\Windows\d3xp.ini
    [2009/07/29 17:15:19 | 000,000,868 | ---- | C] () -- C:\Windows\H2_Setup.INI
    [2009/06/16 23:52:49 | 000,020,759 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
    [2009/06/16 22:19:10 | 000,131,584 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/07 20:33:15 | 000,139,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2009/06/07 20:33:14 | 000,138,056 | ---- | C] () -- C:\Users\George\AppData\Roaming\PnkBstrK.sys
    [2009/06/07 20:32:58 | 000,189,744 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2009/06/07 20:32:39 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2009/06/07 18:08:12 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/06/07 18:06:24 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/06/07 18:05:22 | 000,017,637 | ---- | C] () -- C:\Windows\cfgall.ini
    [2009/06/07 18:03:32 | 000,000,802 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2009/05/30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/04/07 10:17:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
    [2009/04/07 10:11:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
    [2009/04/07 10:11:06 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
    [2009/04/07 09:01:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2008/08/10 20:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2008/07/01 20:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
    [2008/05/22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
    [2008/05/11 21:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
    [2008/04/14 08:39:33 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
    [2008/04/13 21:50:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2007/08/06 11:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
    [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:47:37 | 000,428,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:33:01 | 000,691,576 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,138,494 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/08 19:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

    ========== LOP Check ==========

    [2011/05/20 00:46:23 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\.doomseeker
    [2011/12/28 03:29:58 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\2K Sports
    [2009/08/23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Activision
    [2012/01/24 14:37:26 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Appe
    [2009/07/18 19:55:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Canneverbe_Limited
    [2009/07/18 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\DAEMON Tools Lite
    [2011/03/04 23:58:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\E35248A7D24B3A6B5942EEB1DF816866
    [2009/09/06 07:22:21 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\GameScannerData
    [2012/01/24 01:21:36 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Kalaaf
    [2010/03/16 20:20:45 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Leadertech
    [2009/09/22 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\OpenOffice.org
    [2009/06/12 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\TextPad
    [2011/04/13 01:43:22 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\USBSafelyRemove
    [2009/12/15 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\VistaCodecs
    [2011/02/26 10:06:20 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Wizards of the Coast
    [2011/05/30 17:10:07 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\YOUDONTKNOWJACK
    [2012/02/12 18:58:01 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/02/12 08:49:25 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2009/04/07 09:14:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2009/04/07 09:14:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
    [2009/04/07 09:14:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2009/04/07 09:14:22 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2009/04/07 09:14:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
    [2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
    [2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %systemroot%\*. /mp /s >

    < End of report >
     
  11. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    extras

    Extras

    OTL Extras logfile created on: 2/12/2012 8:00:43 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\George\Desktop\downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.66% Memory free
    6.19 Gb Paging File | 5.32 Gb Available in Paging File | 85.96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 116.44 Gb Total Space | 9.68 Gb Free Space | 8.31% Space Free | Partition Type: NTFS
    Drive D: | 104.73 Gb Total Space | 13.79 Gb Free Space | 13.17% Space Free | Partition Type: NTFS

    Computer Name: GEORGEGAMINGPC | User Name: George | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1C52FC6D-DDA0-449B-AEC5-F633C4B46949}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2715E5D6-45F5-4BBE-86D5-1F9A9984E440}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{33B5BEBA-12C7-4903-AE27-BB2D5FABFC34}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{3BEF2574-C28C-4BFD-9374-D61CB9CC40D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{3C1537BE-4688-480B-A9E8-B999B0A3DC96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{523AAD6D-387E-4A19-A118-8B35BAD158B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6449DF27-1FB3-4E56-98CE-9BA8732E5B87}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{73C8C21E-FDC3-4F52-970F-9B57D3EB678F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7B391E1E-0A9F-4EBC-9936-77F4780CFA3A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{7D6E5446-50F3-4E4D-930B-3D16159720E5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7D72E679-15B5-4ADF-8E38-2F058E4F93E2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{928C903F-704E-469C-80C1-8AE46936C437}" = rport=139 | protocol=6 | dir=out | app=system |
    "{951805EC-CBCD-436C-8F56-0807A5D0938D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A63DA011-90A4-4A18-B707-4A11FAF221FD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{AAD44075-0354-4B59-8A5C-1FDEC190A761}" = rport=138 | protocol=17 | dir=out | app=system |
    "{AAF14C3A-7576-4ABE-BFDE-9209D1B935FC}" = lport=137 | protocol=17 | dir=in | app=system |
    "{ABE38D0C-98F6-4AEA-82DD-D7FDB2D6A03B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B364C00B-A361-44D3-86F7-4FF4F37B0CAE}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B9979E35-E34A-4A9F-B64C-E54FD87CD377}" = lport=139 | protocol=6 | dir=in | app=system |
    "{BB1AEF5B-9611-4FB6-B961-66C723989F47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D2776AAA-D99D-40E7-9600-EAA3B69B0709}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{000685FE-EA87-4B99-8350-6672F7F27E85}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\hexen deathkings of the dark citadel\hexendk.bat |
    "{01776907-0AB1-406F-A904-FD74E5D3A16C}" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqwded.exe |
    "{0223F631-6E6B-401C-83D4-4B1768893AA3}" = protocol=6 | dir=in | app=d:\skulltag\doomseeker.exe |
    "{02B190D6-5AD3-4FED-BB41-F3593C18945C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\heretic shadow of the serpent riders\heretic.bat |
    "{04B4A29E-0955-4755-9135-F7889428A1BB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{09477CEA-5A47-441F-9AF8-A0F1D3C9A8FF}" = protocol=17 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mplite.exe |
    "{0AB1B388-8A00-4B51-99EF-D3E01056B544}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m1 - spear of destiny.bat |
    "{0AF7EF67-013F-4DA7-9458-54E25DA43F97}" = protocol=17 | dir=in | app=c:\games\wolfenstein\mp\wolf2mp.exe |
    "{0CD8E558-76BF-4FB1-9912-BEFB543AA75B}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2.bat |
    "{0DD81BE3-E19C-442C-A943-14C23F49D0C6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{113411AA-074E-4255-B959-6F7AA7255EF9}" = protocol=17 | dir=in | app=c:\program files\skulltag\skulltag.exe |
    "{1160D574-1955-4BA5-9449-CE374022D00E}" = protocol=6 | dir=in | app=c:\users\george\appdata\local\temp\7zs8552.tmp\symnrt.exe |
    "{12B98A7B-CC51-4D89-B293-4AD9B288C5A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{15721D59-C2A1-4FBB-9A1B-F9050B4B5065}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\ultimate doom\ultimate + mouse.bat |
    "{1BCEA41F-E73A-4153-96FE-94CD6E678F86}" = protocol=6 | dir=in | app=d:\nba2k11\nba2k11.exe |
    "{208A909C-4AF2-41E3-8B45-D5455F506D83}" = protocol=17 | dir=in | app=d:\wizards of the coast\magic online\renamer.exe |
    "{2123ACEC-B5D0-4874-8138-D89BF1C548B8}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\magic 2012 demo\magic_2012.exe |
    "{22864F72-EFEB-491E-A32E-0FC45761C956}" = protocol=6 | dir=in | app=c:\program files\skulltag\skulltag.exe |
    "{24AB5BB1-6FB3-44B0-B384-862C6EFC43BD}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m1 - spear of destiny.bat |
    "{252BC8B1-9495-42A2-8087-A70B578B630E}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
    "{26184C19-4422-42C9-BB67-EE4E75DCA211}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m3 - ultimate challenge.bat |
    "{28D1BFB1-F1D2-4415-8279-DC92B8CE7EE5}" = protocol=6 | dir=in | app=c:\games\wolfenstein\mp\wolf2mp.exe |
    "{2F2178D1-12B1-4FD6-86AD-C3B7F947FAE3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\heretic shadow of the serpent riders\heretic.bat |
    "{34B5337F-929B-4DD3-858A-7501698FEEDA}" = protocol=17 | dir=in | app=d:\skulltag\rcon_utility.exe |
    "{369E3C2F-B938-4297-88FA-AA39435457E3}" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqw.exe |
    "{36D4114C-5CAE-431D-BEFB-9B6BEA514931}" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqw.exe |
    "{36E69257-9DB6-4F83-B930-551EEC4C3455}" = protocol=6 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mp.exe |
    "{3B3469FF-E83E-4903-9B19-0C168D3E1876}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\ultimate doom\ultimate.bat |
    "{3DDF8654-51E3-4E8B-A19F-397685073C26}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{3F731AB9-1A15-4EE0-B4EE-4F042275F43B}" = protocol=17 | dir=in | app=c:\games\wolfenstein\mp\wolf2mplite.exe |
    "{4055C909-81C2-4F9F-A7FD-EDE4E98D7353}" = protocol=17 | dir=in | app=c:\program files\skulltag\rcon_utility.exe |
    "{446A5703-3069-42F4-B3E9-C86ACFD0B9F5}" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqwded.exe |
    "{4597D26C-E198-4DAA-848D-C5EA166EB8E9}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m2 - return to danger.bat |
    "{4FCE69AF-75BD-4342-8A1A-01BD794D1DCD}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\dotp demo\dotp.exe |
    "{54058D50-0E31-4105-BE17-6ACFB7F81B50}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2 + mouse.bat |
    "{5D673323-97E1-417F-AC52-68E81C582E7E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hexen\hexen.bat |
    "{5E9F1C3F-64D5-46BA-B369-D6F246661626}" = protocol=6 | dir=in | app=c:\program files\skulltag\rcon_utility.exe |
    "{62EBEA82-D4CC-4596-ACA8-A439E4E3073F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{64A49419-4BB8-43FA-AA21-0A2E62B1ECF7}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2 + mouse.bat |
    "{67273900-A25D-4939-8D58-DCBB2125A6AC}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\hexen deathkings of the dark citadel\hexendk.bat |
    "{675A5E52-8974-49A3-8C95-D7733CEDDEC9}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\dotp demo\dotp.exe |
    "{6A5EA69D-D515-44F5-9FDF-82B305B25D4B}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "{6E04EFE9-9188-40F8-93D6-5FF80434C490}" = protocol=6 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mplite.exe |
    "{70E77C02-AA0D-4522-86DE-BE06E8714F5E}" = protocol=6 | dir=in | app=c:\games\wolfenstein\mp\wolf2mplite.exe |
    "{76636E90-2644-4E9E-855F-0F481BDB9A2C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hexen\hexen.bat |
    "{7718183D-2C88-4A0D-A03F-8521766FBB76}" = protocol=6 | dir=in | app=d:\konami\yu-gi-oh! online 3\yo3.exe |
    "{7B6B767A-CEC3-4B76-9419-7A95A9432BC2}" = protocol=17 | dir=in | app=c:\program files\skulltag\idese.exe |
    "{7D85B3B3-1264-4417-8A86-86AEEDEAF4B0}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\master levels of doom\master.bat |
    "{7E495C3F-5851-4E38-9ADD-903C8DAC3D3B}" = protocol=17 | dir=in | app=c:\users\george\appdata\local\temp\7zs8552.tmp\symnrt.exe |
    "{7EF73771-639B-4635-A4E9-27A170618D1D}" = protocol=17 | dir=in | app=d:\skulltag\doomseeker.exe |
    "{810D0179-88D9-49DD-8CEE-70E63A8EC912}" = protocol=17 | dir=in | app=d:\dragonageorigins\dragon age\bin_ship\daupdatersvc.service.exe |
    "{82959583-A305-455B-8E18-4D77EB59CBAC}" = protocol=17 | dir=in | app=d:\dragonageorigins\dragon age\bin_ship\daorigins.exe |
    "{8568C7C9-92AA-4E92-B8FF-A45F67963803}" = protocol=6 | dir=in | app=d:\dragonageorigins\dragon age\bin_ship\daupdatersvc.service.exe |
    "{913B5E1C-9E40-4282-9FB1-73FE31BA0DAC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{94E41FCD-27A8-498A-A1DB-02DCDE19FDFC}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2.bat |
    "{975125B1-DCD2-46F9-8628-F4D7EAC71B26}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
    "{9BF6840C-BB36-4424-A867-ED0A5CF48934}" = protocol=17 | dir=in | app=d:\nba2k12\nba2k12.exe |
    "{9F0C9EC9-984D-4AF0-9280-DBEEDEB0C953}" = protocol=6 | dir=in | app=d:\wizards of the coast\magic online\renamer.exe |
    "{9FB00EC0-D87D-4657-ABC0-10F74614EDEE}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2.bat |
    "{A22E20BB-A2EA-40DD-AA9E-0185185EB370}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{A27337F0-8C66-41CD-989F-80EFE6BB99C2}" = protocol=6 | dir=in | app=d:\nba2k12\nba2k12.exe |
    "{A950A53C-83A0-4384-9A50-898A433E9D7D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{AF6AAC97-E91D-478E-A8DA-2033D3BCB338}" = protocol=6 | dir=in | app=d:\dragonageorigins\dragon age\bin_ship\daorigins.exe |
    "{B213DD36-EE45-4EF7-BE00-D2740CA46036}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{BB26310A-F91E-47CE-81F8-323020574515}" = protocol=6 | dir=in | app=d:\dragonageorigins\dragon age\daoriginslauncher.exe |
    "{C0B8D2A3-22B6-49B5-BEF3-DA76E5A31B70}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{C0D017BC-3646-4A0C-A4E9-644D9A3211CB}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m2 - return to danger.bat |
    "{C31993E7-5811-4C6A-B648-8B2D97FD3075}" = protocol=17 | dir=in | app=d:\nba2k11\nba2k11.exe |
    "{C584ABAF-C2CF-4330-B37A-A6856DFE7D99}" = protocol=17 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mp.exe |
    "{C5BBE8AC-5694-4B2C-ABD9-EBBD80D7C074}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\ultimate doom\ultimate + mouse.bat |
    "{CACDFB28-B598-45A9-A88E-164D38241DBC}" = protocol=6 | dir=in | app=c:\program files\skulltag\idese.exe |
    "{CCAA94D7-7A59-41D8-AEAC-CA24EAEC7F8B}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m3 - ultimate challenge.bat |
    "{CD643205-70B3-4002-89DD-9B2957120210}" = protocol=17 | dir=in | app=d:\skulltag\skulltag.exe |
    "{D3BE4C43-B145-4630-85FF-EF31428D4A01}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "{D73E67E9-7D9C-4630-BFF3-8122003E5F83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DABCA86D-DD05-4FF2-960F-127D509E965A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{DBC02AFF-8846-4140-993B-BDF17C83CD5E}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\ultimate doom\ultimate.bat |
    "{E5AE9367-DAB8-4FA3-B155-DE86FAE54050}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\magic 2012 demo\magic_2012.exe |
    "{E7346F7D-E524-4D2C-9FD8-D9FB8692D008}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{E8D864F9-55AD-48BF-85C0-A39F049C2978}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfsp.exe |
    "{EA454E6C-01FA-4ABE-9920-25C5AF60903B}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2.bat |
    "{EFB18910-4A4D-4AA9-941D-6C1B587CB67C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{F0BB3C6A-052C-45A5-8C00-8CFEFB21656D}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfsp.exe |
    "{F68DF5A2-31FA-48E9-B2FB-7457CDC6D0DA}" = protocol=17 | dir=in | app=d:\dragonageorigins\dragon age\daoriginslauncher.exe |
    "{F79A0C99-BA32-4A60-BBD8-08F05E5B686D}" = protocol=17 | dir=in | app=d:\konami\yu-gi-oh! online 3\yo3.exe |
    "{FD109E64-3608-489D-A361-7357EF0861E7}" = protocol=6 | dir=in | app=d:\skulltag\skulltag.exe |
    "{FD7288DD-AE1C-4CDF-A320-CD7E0B324409}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\master levels of doom\master.bat |
    "{FF2B20FD-5215-4520-A723-37C9A43CD72F}" = protocol=6 | dir=in | app=d:\skulltag\rcon_utility.exe |
    "TCP Query User{00D683F9-FE1E-44A6-AF02-AD0B7CD95341}D:\nba2k12\nba2k12.exe" = protocol=6 | dir=in | app=d:\nba2k12\nba2k12.exe |
    "TCP Query User{062F84E9-9E46-477C-BADD-291D4E51409C}C:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\games\nba2k10\nba2k10.exe |
    "TCP Query User{09ADFD79-A5AA-4797-8162-7AAB42CFC222}C:\users\george\desktop\idshit\quake\glquake.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\idshit\quake\glquake.exe |
    "TCP Query User{1F3AD01D-CF2E-43F8-B302-D5007C92E851}C:\users\george\desktop\idshit\quakeii\quake2.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\idshit\quakeii\quake2.exe |
    "TCP Query User{309069FB-340B-488E-83EB-A7EBDAB86165}D:\hexen ii\glh2.exe" = protocol=6 | dir=in | app=d:\hexen ii\glh2.exe |
    "TCP Query User{32134200-A217-49A8-A29E-5A0BF3F5ABE6}C:\users\george\desktop\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\downloads\mtgoiii_helper.exe |
    "TCP Query User{34629EC6-7430-4B5D-88B1-6AD75E352E4E}D:\mlb2k10\mlb2k10.exe" = protocol=6 | dir=in | app=d:\mlb2k10\mlb2k10.exe |
    "TCP Query User{3EFA445E-1D3B-4A06-A84D-CC2DDCE84827}C:\games\activision\wolfenstein\mp\wolf2mp.exe" = protocol=6 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mp.exe |
    "TCP Query User{40F24C01-D5D8-40A9-834A-E71CBB2D9BBD}C:\users\george\desktop\idshit\quake\glquake.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\idshit\quake\glquake.exe |
    "TCP Query User{4491A7CE-A668-4214-BB89-7630E587A2B6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{50990E6B-96DA-47B3-871B-33AB25EA2B7A}C:\games\dosbox-0.72\dosbox.exe" = protocol=6 | dir=in | app=c:\games\dosbox-0.72\dosbox.exe |
    "TCP Query User{5944C578-6887-4976-88D1-74D546FEFB82}C:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
    "TCP Query User{75CF8A23-A118-4127-937A-EF6B08C46358}C:\users\george\desktop\downloads\zerg_reveal_final_englishus2_xvid.avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\downloads\zerg_reveal_final_englishus2_xvid.avi-downloader.exe |
    "TCP Query User{7705D527-659B-42A5-9427-DA1B3410BA6A}D:\hexen ii\h2.exe" = protocol=6 | dir=in | app=d:\hexen ii\h2.exe |
    "TCP Query User{792B1EE1-9E36-411A-82B6-66DFF6D086C8}D:\ettest\et.exe" = protocol=6 | dir=in | app=d:\ettest\et.exe |
    "TCP Query User{79F8603D-F03F-4838-96FB-168B4E979676}D:\nba2k11\nba2k11.exe" = protocol=6 | dir=in | app=d:\nba2k11\nba2k11.exe |
    "TCP Query User{7E6460C1-E24A-4661-AA0B-24F0AE19565E}J:\cod6\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=j:\cod6\modern warfare 2\iw4mp.exe |
    "TCP Query User{82FA3BAF-B241-4EFE-899D-678B6F95D89A}C:\games\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\games\id software\quake 4\quake4.exe |
    "TCP Query User{85BFDA00-6DDF-4891-BA51-881FFCBEDD4A}D:\mlb2k10\mlb2k10.exe" = protocol=6 | dir=in | app=d:\mlb2k10\mlb2k10.exe |
    "TCP Query User{8A307CBB-7F54-4AD8-A0FA-0CFC19223CAE}C:\games\steam\steamapps\signofzeta\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\signofzeta\team fortress 2\hl2.exe |
    "TCP Query User{8E641C46-A7C7-4119-8352-E804A32CB902}C:\games\dosbox-0.72\dosbox.exe" = protocol=6 | dir=in | app=c:\games\dosbox-0.72\dosbox.exe |
    "TCP Query User{96C3B9BB-D7D6-4DF1-BEEF-64FE25D1A2C0}C:\games\qtracker\qtracker.exe" = protocol=6 | dir=in | app=c:\games\qtracker\qtracker.exe |
    "TCP Query User{9931F14C-263F-47BD-8C62-08EF9C3A2B3E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{9A732FF6-40BC-405D-86D5-EA2C86566351}C:\games\qtracker\qtracker.exe" = protocol=6 | dir=in | app=c:\games\qtracker\qtracker.exe |
    "TCP Query User{9FA372C9-DAD8-4638-B3D3-34D78824F68D}C:\games\id software\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=c:\games\id software\enemy territory - quake wars\etqw.exe |
    "TCP Query User{A5EA80BB-C7AD-4648-9F6F-CBFCF06B9199}C:\users\george\desktop\idshit\quakeii\quake2.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\idshit\quakeii\quake2.exe |
    "TCP Query User{A5EDD018-2366-4AF1-99A2-C4B46C6CD946}D:\hexen ii\glh2.exe" = protocol=6 | dir=in | app=d:\hexen ii\glh2.exe |
    "TCP Query User{A72D29C0-9DAD-4958-A0D3-0607FCADE457}D:\hexen ii\h2.exe" = protocol=6 | dir=in | app=d:\hexen ii\h2.exe |
    "TCP Query User{A77E5F80-BD35-48FD-9B72-CC835E491BAC}C:\games\id software\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=c:\games\id software\enemy territory - quake wars\etqw.exe |
    "TCP Query User{AE3F1EFC-E778-4279-9A77-4AB802D02AC2}D:\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=d:\id software\quake 4\quake4.exe |
    "TCP Query User{AE586299-ED41-4518-864E-53F34961DF4B}D:\id software\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=d:\id software\enemy territory - quake wars\etqw.exe |
    "TCP Query User{B26773D8-9067-454B-B9B9-913DCA79239A}C:\games\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\games\xfire\xfire.exe |
    "TCP Query User{CD04A516-9A12-4DE0-B2B6-0C5F82C50250}D:\doom 3\doom3.exe" = protocol=6 | dir=in | app=d:\doom 3\doom3.exe |
    "TCP Query User{CF42FFB3-510A-4EAB-95B2-6D9FEF9D5A8C}C:\games\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\games\wolfenstein - enemy territory\et.exe |
    "TCP Query User{CF9158E6-2364-4D79-8E2C-10249D74A255}C:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\games\nba2k10\nba2k10.exe |
    "TCP Query User{D96AE54B-1A4D-4052-AE93-CC850A5B3AA6}C:\users\george\desktop\idshit\quake\winquake.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\idshit\quake\winquake.exe |
    "TCP Query User{DF48CF8E-2701-4DE2-992E-B07B7DD5F67D}D:\id software\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=d:\id software\enemy territory - quake wars\etqw.exe |
    "TCP Query User{E605BED4-1A75-4D8B-A9AA-7A348192EAAB}C:\games\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\games\wolfenstein - enemy territory\et.exe |
    "TCP Query User{E74E60D0-3F75-441A-931F-0F2998D63D55}D:\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=d:\id software\quake 4\quake4.exe |
    "TCP Query User{F1020CD4-5EFC-4F52-A9C0-BDC6C88BEBB1}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "TCP Query User{FCC6AB71-540F-42AE-BDA6-F9479BBCE58F}C:\games\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\games\id software\quake 4\quake4.exe |
    "UDP Query User{07DAF760-F849-4863-8678-DB21DAE9EA0C}D:\id software\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=d:\id software\enemy territory - quake wars\etqw.exe |
    "UDP Query User{0D9B634E-4084-4E82-8CAD-5EACE2A0A7C5}D:\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=d:\id software\quake 4\quake4.exe |
    "UDP Query User{1D2C8246-6BE4-4523-BB54-203DE5815079}C:\games\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\games\id software\quake 4\quake4.exe |
    "UDP Query User{20F622D5-187D-4039-A06E-BBD6D5FD0AC8}D:\hexen ii\glh2.exe" = protocol=17 | dir=in | app=d:\hexen ii\glh2.exe |
    "UDP Query User{22460C3A-BDF4-4C27-8743-6294B70EC849}C:\games\qtracker\qtracker.exe" = protocol=17 | dir=in | app=c:\games\qtracker\qtracker.exe |
    "UDP Query User{22881079-30E4-4E8E-96D9-AAB92E46197C}C:\games\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\games\wolfenstein - enemy territory\et.exe |
    "UDP Query User{26976855-4CC5-4B02-B3D5-B178249D89C9}C:\games\id software\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=c:\games\id software\enemy territory - quake wars\etqw.exe |
    "UDP Query User{2B08316F-C828-41F1-B237-A66C19055501}C:\games\activision\wolfenstein\mp\wolf2mp.exe" = protocol=17 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mp.exe |
    "UDP Query User{2B370AAA-87C3-46E0-A0AF-ECBE14AD756B}C:\games\dosbox-0.72\dosbox.exe" = protocol=17 | dir=in | app=c:\games\dosbox-0.72\dosbox.exe |
    "UDP Query User{2B38668D-8A62-4A07-AF32-23D45D8B91D1}C:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
    "UDP Query User{2D7BDA37-0D7C-466D-B589-B3BBE734CF6C}D:\hexen ii\h2.exe" = protocol=17 | dir=in | app=d:\hexen ii\h2.exe |
    "UDP Query User{2FE09D1F-FF06-4EA0-902E-91DDE950AFB0}C:\games\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\games\xfire\xfire.exe |
    "UDP Query User{377BE283-43C5-49A1-B1C9-0520143D9D64}C:\games\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\games\id software\quake 4\quake4.exe |
    "UDP Query User{4015FC85-F597-4433-8941-74299802E4F7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{46178AE0-8CFF-4802-9418-F31B56283EEE}D:\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=d:\id software\quake 4\quake4.exe |
    "UDP Query User{5835CF64-0C0A-4F27-85F5-5100396E1FDF}C:\users\george\desktop\idshit\quake\glquake.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\idshit\quake\glquake.exe |
    "UDP Query User{5F185BC2-1AC2-4F45-8FF4-194F79E89AC4}D:\nba2k11\nba2k11.exe" = protocol=17 | dir=in | app=d:\nba2k11\nba2k11.exe |
    "UDP Query User{60A8861B-3C4A-4342-B29E-0AD74BE3707B}C:\games\qtracker\qtracker.exe" = protocol=17 | dir=in | app=c:\games\qtracker\qtracker.exe |
    "UDP Query User{6F2A0FD8-832B-40FD-8F75-71C867EAF0E1}D:\ettest\et.exe" = protocol=17 | dir=in | app=d:\ettest\et.exe |
    "UDP Query User{7CFB5BB4-B580-48D9-9A71-90DB812C3458}D:\id software\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=d:\id software\enemy territory - quake wars\etqw.exe |
    "UDP Query User{8226B16C-ECCD-49DE-A59B-DBF4FBDD9E86}C:\users\george\desktop\idshit\quake\winquake.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\idshit\quake\winquake.exe |
    "UDP Query User{90B74E90-85CA-4F39-8262-2E457128864B}D:\mlb2k10\mlb2k10.exe" = protocol=17 | dir=in | app=d:\mlb2k10\mlb2k10.exe |
    "UDP Query User{96FAE123-6341-49F5-8333-7E648F7794B4}D:\mlb2k10\mlb2k10.exe" = protocol=17 | dir=in | app=d:\mlb2k10\mlb2k10.exe |
    "UDP Query User{9EC55D56-3425-4F7B-9EB4-FCF53F12CADE}C:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\games\nba2k10\nba2k10.exe |
    "UDP Query User{A313CFB5-E253-45B5-A2B7-AEC240F53BC3}D:\hexen ii\h2.exe" = protocol=17 | dir=in | app=d:\hexen ii\h2.exe |
    "UDP Query User{A36E3382-79B9-4A19-B351-B5099A8FB617}C:\users\george\desktop\downloads\zerg_reveal_final_englishus2_xvid.avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\downloads\zerg_reveal_final_englishus2_xvid.avi-downloader.exe |
    "UDP Query User{A5B890A7-54A9-41E5-8195-DCF1956FE1A1}J:\cod6\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=j:\cod6\modern warfare 2\iw4mp.exe |
    "UDP Query User{AB79DB8D-73EC-4CB4-A105-AA9B5C241AB5}C:\users\george\desktop\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\downloads\mtgoiii_helper.exe |
    "UDP Query User{AFA8B614-A4F8-4858-878A-5CC27A94A94A}C:\users\george\desktop\idshit\quakeii\quake2.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\idshit\quakeii\quake2.exe |
    "UDP Query User{B2F7DCB6-4E5A-45BA-AA65-F18324CCEC7E}C:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\games\nba2k10\nba2k10.exe |
    "UDP Query User{B82B3A9C-C78F-43E9-A4D3-A39EB74094F4}C:\users\george\desktop\idshit\quake\glquake.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\idshit\quake\glquake.exe |
    "UDP Query User{BBCE773A-2A1A-4ED9-B654-F166B3DB7DDF}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "UDP Query User{BFF60B0B-9DDB-4771-87C7-E584C9E2D601}C:\games\dosbox-0.72\dosbox.exe" = protocol=17 | dir=in | app=c:\games\dosbox-0.72\dosbox.exe |
    "UDP Query User{C53DFB45-670B-43A7-BA25-AA8137FFBA4E}C:\games\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\games\wolfenstein - enemy territory\et.exe |
    "UDP Query User{CCE2EC6C-FD65-4561-95A9-AC2DBC2ADC08}D:\hexen ii\glh2.exe" = protocol=17 | dir=in | app=d:\hexen ii\glh2.exe |
    "UDP Query User{CD351BF9-D7C7-493A-8638-82D4846F759E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{D4CCDCA0-C960-4564-B32A-5328B4054367}D:\nba2k12\nba2k12.exe" = protocol=17 | dir=in | app=d:\nba2k12\nba2k12.exe |
    "UDP Query User{D8B4389E-2F96-4713-81CB-45AF186CDB9F}D:\doom 3\doom3.exe" = protocol=17 | dir=in | app=d:\doom 3\doom3.exe |
    "UDP Query User{DF243BF6-7ABF-4358-A5A0-EC5482877173}C:\games\id software\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=c:\games\id software\enemy territory - quake wars\etqw.exe |
    "UDP Query User{E7FD5DB0-D8DA-497C-A6D7-148A094E3BD7}C:\users\george\desktop\idshit\quakeii\quake2.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\idshit\quakeii\quake2.exe |
    "UDP Query User{F065198F-DECA-49E2-8E4A-33716D51994E}C:\games\steam\steamapps\signofzeta\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\signofzeta\team fortress 2\hl2.exe |
     
     
  12. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    extras

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{0F3C61B5-3051-4DE6-8A6A-45100BCC1F41}" = Dolby Control Center
    "{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
    "{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1E3A9C30-6399-4293-AEAD-3C6A4D6F927C}" = Express Gate
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22439E2F-1CF7-4F8B-992A-3AA3C0553929}" = Yu-Gi-Oh! ONLINE 3
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
    "{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
    "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein Demo
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76CDF9C3-2863-4EB3-88AB-11BBFC346CE4}" = Game Scanner
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
    "{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
    "{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-0804-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Simplified)) 2007
    "{90120000-0015-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
    "{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
    "{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0804-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Simplified)) 2007
    "{90120000-0016-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
    "{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
    "{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0804-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
    "{90120000-0018-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
    "{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
    "{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0804-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
    "{90120000-0019-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
    "{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
    "{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
    "{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0804-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
    "{90120000-001A-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
    "{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
    "{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0804-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Simplified)) 2007
    "{90120000-001B-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
    "{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
    "{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{33FA7680-10ED-444E-BC72-214064317283}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007
    "{90120000-001F-0804-0000-0000000FF1CE}_PROHYBRIDR_{82E853AD-6911-4EA9-9EB0-2F9BE7747878}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
    "{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{5E6C6E79-40BE-491B-9ABF-C665667E1B07}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
    "{90120000-0028-0804-0000-0000000FF1CE}_PROHYBRIDR_{4029CB10-E410-41AD-BB3F-052C95243407}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-002C-0804-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Simplified)) 2007
    "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
    "{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
    "{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0804-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Simplified)) 2007
    "{90120000-006E-0804-0000-0000000FF1CE}_PROHYBRIDR_{A844CE03-EE56-4609-808D-946E33AA9236}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch
    "{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel(TM) - Ultimate Alliance
    "{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
    "{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
    "{BAB004F0-F04C-49DD-8118-AE4A7697C469}" = Quake 4(TM) Demo
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE75C837-4BA9-4CF8-B912-C3ED5BD0EAAC}" = You Don't Know Jack®
    "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
    "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
    "{DC905847-D537-427F-BF91-47CC7ACCDE58}" = ASUS FancyStart
    "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
    "{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
    "{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
    "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
    "{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
    "{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "BitComet" = BitComet 1.12
    "Brink_is1" = Brink
    "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
    "Doom 3 (TM) Demo" = Doom 3 (TM) Demo
    "DOSShell" = DOSShell 1.4
    "Explorer Suite_is1" = Explorer Suite III
    "Fallout Mod Manager_is1" = Fallout Mod Manager 0.11.9
    "Google Desktop" = Google Desktop
    "InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
    "InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein(TM) Demo
    "InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch
    "InstallShield_{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel(TM) - Ultimate Alliance
    "InstallShield_{BAB004F0-F04C-49DD-8118-AE4A7697C469}" = Quake 4(TM) Demo
    "InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
    "InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
    "InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "MatlabR2009b" = MATLAB R2009b
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Picasa2" = Picasa 2
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PunkBusterSvc" = PunkBuster Services
    "Qtracker" = Qtracker
    "Return to Castle Wolfenstein Multiplayer DEMO" = Return to Castle Wolfenstein Multiplayer DEMO
    "Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series
    "SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "Skulltag" = Skulltag
    "Steam App 2280" = The Ultimate DOOM
    "Steam App 2300" = DOOM II: Hell on Earth
    "Steam App 2370" = HeXen: Deathkings of the Dark Citadel
    "Steam App 49460" = Magic: The Gathering - Duels of the Planeswalkers Demo
    "Steam App 49480" = Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo
    "Steam App 9000" = Wolfenstein 3D: Spear of Destiny
    "Steam App 9010" = Return to Castle Wolfenstein
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Unlocker" = Unlocker 1.9.0
    "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
    "USB Mass Storage Filter Driver" = Multimedia Card Reader
    "Warcraft II BNE" = Warcraft II BNE
    "Winamp" = Winamp
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
    "wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5
    "Xfire" = Xfire (remove only)
    "YDKJ LFF" = YOU DON'T KNOW JACK Louder! Faster! Funnier!
    "YDKJ Offline" = YOU DON'T KNOW JACK Offline
    "YDKJ The 5th Dementia" = YDKJ The 5th Dementia
    "You Don't Know Jack - Sports" = You Don't Know Jack - Sports 1.0
    "You Don't Know Jack - Volume 2" = You Don't Know Jack - Volume 2 1.0
    "You Don't Know Jack - XL" = You Don't Know Jack - XL 1.0
    "You Don't Know Jack 4" = You Don't Know Jack 4 1.00
    "YOU DON'T KNOW JACK Volume 3" = YOU DON'T KNOW JACK Volume 3

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
    "Smad" = SanctionedMedia
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/24/2012 4:31:06 PM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/26/2012 3:20:44 PM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/27/2012 10:31:00 AM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/27/2012 5:27:04 PM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/28/2012 1:33:46 PM | Computer Name = GeorgeGamingPC | Source = Application Error | ID = 1000
    Description = Faulting application WolfMP.exe, version 0.0.0.0, time stamp 0x3dbd5b83,
    faulting module Steam.dll_unloaded, version 0.0.0.0, time stamp 0x4edec8a1, exception
    code 0xc0000005, fault offset 0x301f36f2, process id 0x1304, application start time
    0x01ccdde2f4f13690.

    Error - 1/29/2012 2:03:14 PM | Computer Name = GeorgeGamingPC | Source = EventSystem | ID = 4609
    Description =

    Error - 1/29/2012 2:03:39 PM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/29/2012 5:29:45 PM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/31/2012 9:47:02 AM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/31/2012 9:50:47 AM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 7/23/2009 9:59:41 PM | Computer Name = GeorgeGamingPC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/26/2009 8:01:03 AM | Computer Name = GeorgeGamingPC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 7/26/2009 8:01:33 AM | Computer Name = GeorgeGamingPC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 7/28/2009 10:02:42 PM | Computer Name = GeorgeGamingPC | Source = HTTP | ID = 15016
    Description =

    Error - 7/28/2009 10:05:48 PM | Computer Name = GeorgeGamingPC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
    Description =

    Error - 7/29/2009 12:11:38 PM | Computer Name = GeorgeGamingPC | Source = HTTP | ID = 15016
    Description =

    Error - 7/29/2009 12:12:24 PM | Computer Name = GeorgeGamingPC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
    Description =

    Error - 7/30/2009 2:15:26 AM | Computer Name = GeorgeGamingPC | Source = bowser | ID = 8003
    Description =

    Error - 7/30/2009 2:46:31 AM | Computer Name = GeorgeGamingPC | Source = bowser | ID = 8003
    Description =

    Error - 7/30/2009 3:22:29 AM | Computer Name = GeorgeGamingPC | Source = bowser | ID = 8003
    Description =


    < End of report >
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    OTL Custom Scan Fixes

    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

      Code:
      :OTL
      [2008/11/11 01:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
      O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
      O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
      O4 - HKLM..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui File not found
      O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
      O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
      O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
      O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      [2012/01/31 08:10:07 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\AskToolbar
      [2012/01/31 07:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    =======================================
    Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    Adobe Reader> Current is vX(10.xx)> Adobe Reader Update
    Java(TM) > Current is v6u30> Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system.
    =========================================
    Combofix is on the system
    If you can't find the log:

    1. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    2.See which one of the following runs. You do not need to download all three versions:
    This is a slight variation on the RKill:
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, add the following:

    3. Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
    (Directions courtesy bleeping computer)

    4. With both RKill and exehelper on board:
    Go right to the renamed (Combofix) and double click on friday.exe to run
    If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

    If successful, please leave RKill, Exehelper and Combofix logs.
     
  14. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    I am running the OTL fix now, but a pop up message says that it couldn't create a hosts file, with an OK button on it, which I clicked anyway, and now it is stuck at resetting hosts file. Is this normal, I mean, does it take this long?
     
  15. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    OTL is still resetting HOSTS file even after 10 hours. I think there is something wrong.
     
  16. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    Still stuck at "resetting HOSTS file" do not interrupt...
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, the host file is missing and I had a command in the OTL fix to 'reset the host file'. Close the OTL Fix you have running and redo with host command removed as follows:

    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      [2008/11/11 01:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
      O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
      O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
      O4 - HKLM..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui File not found
      O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
      O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
      O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
      O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      [2012/01/31 08:10:07 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\AskToolbar
      [2012/01/31 07:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    ===================================================
    There is a proxy running:>To disable the proxy:
    Internet Explorer
    1. Under "Tools" in the browser tool bar select "Internet Options".
    2. In the "Internet Options" window that pops up, click the "Connections" tab at the top.
    3. Click "LAN Settings" near the bottom of the "Connections" section.
    4. If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
    5. Click "OK" to close the "Local Area Network (LAN) Settings" window.
    6. Click "OK" to close the "Internet Options" window.
    7. You have completed removing the proxy settings for Internet Explorer.
    Firefox
    1. Under "Tools" in the browser tool bar select "Options".
    2. In the "Options" window that pops up, click the "Advanced" tab at the top.
    3. Click the "Network" subtab, and then click the "Settings" button in the "Connections" area.
    4. If "No proxy" isn't selected, click it to mark "No proxy" as your preference
    ====================================================
    You have several entries for the AskBar. Users usually get it from a bundle in a program or it's pre-checked on a download screen. I've put the entries I've seen in OTL, but you will also need to uninstall it.

    You can easily uninstall the Toolbar using the instructions below for Windows Vista:

    1. Close all open Web browsers
    2. From the "Start" menu in Windows, select "Control Panel"
    3. Under the "Programs" icon, select "Uninstall a program"
    4. Select the program with the Ask logo and the text "Ask Toolbar" (or our partner’s brand for a custom Toolbar)
    5. Click "Uninstall" and then "Continue" to remove the Toolbar

    If you reopen your Web browser and still see the Toolbar, you may need to restart your computer for the uninstall process to be completed.

    Please use Windows Explorer to access Computer> Local Drive (C)> Programs> Find the program folder and do a right click> Delete
    ================================
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result. Save log and include in next reply.
    • A reboot is required after disinfection.
    ========================================
    Please uninstall the Combofix on the system and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    --------------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Allow update if asked.
    Continue on if advised of rootkit and/or asks for reboot
    ------
    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode. If it won't run, go one to #2.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    3.See which one of the following runs. You do not need to download all three versions:
    This is a slight variation on the RKill:
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, add the following:

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
    (Directions courtesy bleeping computer)

    4. With both RKill and exehelper on board:
    Go right to the renamed (Combofix) and double click on friday.exe to run
    If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

    If successful, please leave RKill, Exehelper and Combofix logs.
     
  18. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    OTL

    OTL logfile created on: 2/17/2012 3:04:24 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\George\Desktop\downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.70% Memory free
    6.19 Gb Paging File | 5.06 Gb Available in Paging File | 81.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 116.44 Gb Total Space | 10.70 Gb Free Space | 9.19% Space Free | Partition Type: NTFS
    Drive D: | 104.73 Gb Total Space | 13.46 Gb Free Space | 12.85% Space Free | Partition Type: NTFS

    Computer Name: GEORGEGAMINGPC | User Name: George | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\George\Desktop\downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    PRC - C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
    PRC - C:\seagate\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    PRC - C:\Program Files\Winamp\winampa.exe ()
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\ASScrPro.exe ()
    PRC - C:\Program Files\ASUS\SmartLogon\smartlogon.exe (ASUS)
    PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
    PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
    PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
    PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
    PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
    PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
    PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
    PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
    PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
    PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
    PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
    PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
    PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
    PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
    PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
    PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
    PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
    PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
    MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
    MOD - C:\Program Files\Winamp\winampa.exe ()
    MOD - C:\Windows\ASScrPro.exe ()
    MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
    MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
    MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
    MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
    MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
    MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
    MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (DAUpdaterSvc) -- File not found
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (FreeAgentGoNext Service) -- C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
    SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
    SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
    DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
    DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
    DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
    DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
    DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
    DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
    DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
    DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS"
    FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 64242
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 14:51:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/16 20:16:16 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6C028C61-1644-4D51-B6C5-E47F4688180E}: C:\Users\George\AppData\Local\{6C028C61-1644-4D51-B6C5-E47F4688180E}\

    [2009/06/07 17:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
    [2012/01/31 07:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions
    [2011/03/18 20:46:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/11/18 11:39:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2009/06/10 13:10:45 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    [2011/12/24 18:32:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2009/12/07 17:38:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\battlefieldheroespatcher@ea.com
    [2012/01/31 08:12:36 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\toolbar@ask.com
    [2011/12/24 18:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\trash
    [2011/11/10 13:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/25 22:52:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/12/30 14:51:53 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/05/08 01:21:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/10 13:51:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    Hosts file not found
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
    O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
    O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\seagate\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0BBAC67-483F-495C-AC61-DBB492CA07A9}: DhcpNameServer = 64.71.255.198
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F30F37EC-794C-4650-A5AB-1880BB88B0BA}: DhcpNameServer = 10.0.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\George\Pictures\black.jpg
    O24 - Desktop BackupWallPaper: C:\Users\George\Pictures\black.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/16 20:16:13 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/02/12 19:03:27 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/02/12 16:07:36 | 004,400,207 | R--- | C] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
    [2012/02/12 12:00:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/12 12:00:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/12 12:00:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/12 11:59:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/31 08:04:14 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Avira
    [2012/01/31 07:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2012/01/31 07:57:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2012/01/31 07:57:32 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2012/01/31 07:57:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2012/01/31 07:57:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
    [2012/01/31 07:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2012/01/31 07:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2012/01/30 20:02:00 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Help
    [2008/06/03 00:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/02/17 14:59:36 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/02/17 14:57:25 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/02/17 14:57:25 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
    [2012/02/17 14:57:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/17 14:57:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/17 14:57:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/17 14:56:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/17 14:56:51 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/17 14:55:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/02/17 13:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/16 20:10:22 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job
    [2012/02/16 20:09:08 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2012/02/12 16:07:42 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
    [2012/02/12 12:59:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/02/11 17:36:28 | 000,000,680 | ---- | M] () -- C:\Users\George\AppData\Local\d3d9caps.dat
    [2012/02/11 16:26:38 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/09 03:56:42 | 000,189,744 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2012/02/05 23:40:23 | 000,131,584 | ---- | M] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/03 19:13:20 | 000,139,904 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2012/01/31 07:58:47 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2012/01/24 17:22:27 | 000,009,391 | ---- | M] () -- C:\Users\George\Documents\propassign2.ods

    ========== Files Created - No Company Name ==========

    [2012/02/12 19:50:11 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/12 12:00:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/12 12:00:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/12 12:00:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/12 12:00:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/12 12:00:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/31 07:58:47 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2012/01/24 17:22:24 | 000,009,391 | ---- | C] () -- C:\Users\George\Documents\propassign2.ods
    [2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\Users\George\AppData\Local\bsc7o1i0dbmi
    [2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\ProgramData\bsc7o1i0dbmi
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011/03/04 17:44:11 | 000,000,000 | ---- | C] () -- C:\Users\George\AppData\Local\Hfefaf.bin
    [2011/03/04 17:43:13 | 000,000,120 | ---- | C] () -- C:\Users\George\AppData\Local\Xkidagayus.dat
    [2011/02/10 20:06:59 | 000,006,327 | ---- | C] () -- C:\Users\George\AppData\Roaming\56DE.800
    [2010/11/28 22:53:40 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
    [2010/06/24 18:59:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/05/26 06:12:58 | 000,000,313 | ---- | C] () -- C:\Windows\doom3.ini
    [2009/12/07 17:48:25 | 002,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
    [2009/11/19 04:01:46 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
    [2009/11/19 04:01:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
    [2009/11/19 04:01:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
    [2009/11/19 04:01:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
    [2009/11/19 04:01:34 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugw2l3.dll
    [2009/11/05 20:14:42 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
    [2009/10/13 00:04:45 | 000,000,906 | ---- | C] () -- C:\Windows\Rtcwplat.INI
    [2009/09/29 06:20:03 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
    [2009/09/23 23:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/09/16 23:44:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/16 23:44:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/14 15:10:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/08/08 20:11:33 | 000,000,310 | ---- | C] () -- C:\Windows\d3xp.ini
    [2009/07/29 17:15:19 | 000,000,868 | ---- | C] () -- C:\Windows\H2_Setup.INI
    [2009/06/16 23:52:49 | 000,020,759 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
    [2009/06/16 22:19:10 | 000,131,584 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/07 20:33:15 | 000,139,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2009/06/07 20:33:14 | 000,138,056 | ---- | C] () -- C:\Users\George\AppData\Roaming\PnkBstrK.sys
    [2009/06/07 20:32:58 | 000,189,744 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2009/06/07 20:32:39 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2009/06/07 18:08:12 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/06/07 18:06:24 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/06/07 18:05:22 | 000,017,637 | ---- | C] () -- C:\Windows\cfgall.ini
    [2009/06/07 18:03:32 | 000,000,802 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2009/05/30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/04/07 10:17:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
    [2009/04/07 10:11:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
    [2009/04/07 10:11:06 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
    [2009/04/07 09:01:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2008/08/10 20:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2008/07/01 20:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
    [2008/05/22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
    [2008/05/11 21:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
    [2008/04/14 08:39:33 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
    [2008/04/13 21:50:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2007/08/06 11:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
    [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:47:37 | 000,428,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:33:01 | 000,691,576 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,138,494 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/08 19:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

    ========== LOP Check ==========

    [2011/05/20 00:46:23 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\.doomseeker
    [2011/12/28 03:29:58 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\2K Sports
    [2009/08/23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Activision
    [2012/01/24 14:37:26 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Appe
    [2009/07/18 19:55:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Canneverbe_Limited
    [2009/07/18 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\DAEMON Tools Lite
    [2011/03/04 23:58:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\E35248A7D24B3A6B5942EEB1DF816866
    [2009/09/06 07:22:21 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\GameScannerData
    [2012/01/24 01:21:36 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Kalaaf
    [2010/03/16 20:20:45 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Leadertech
    [2009/09/22 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\OpenOffice.org
    [2009/06/12 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\TextPad
    [2011/04/13 01:43:22 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\USBSafelyRemove
    [2009/12/15 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\VistaCodecs
    [2011/02/26 10:06:20 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Wizards of the Coast
    [2011/05/30 17:10:07 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\YOUDONTKNOWJACK
    [2012/02/17 14:55:36 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/02/16 20:10:22 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job

    ========== Purity Check ==========



    < End of report >
     
  19. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    I couldn't find any program that is related to the Ask thing. It isn't even listed in add/remove programs, in my case, it is called "programs and features"

    I haven't gone to the TDSkiller step yet..

    So should I skip the remove Ask thing, and go straight to TDSkiller?
     
  20. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    Ok, I managed to get rid of the askbar, now every time I try to run a TDSkiller I do a scan, it detected something, and I told it to "copy to quarantine", which is one of the 3 options, others being skip and delete. When I do that, the program goes back to the initial "start scan" screen, and it doesn't give me a log.

    Ok, nevermind, what I did is I clicked on the "report" button, and it gave me this.

    TDSkiller report

    01:26:57.0395 1904 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
    01:26:57.0786 1904 ============================================================
    01:26:57.0786 1904 Current date / time: 2012/02/18 01:26:57.0786
    01:26:57.0786 1904 SystemInfo:
    01:26:57.0786 1904
    01:26:57.0786 1904 OS Version: 6.0.6002 ServicePack: 2.0
    01:26:57.0786 1904 Product type: Workstation
    01:26:57.0786 1904 ComputerName: GEORGEGAMINGPC
    01:26:57.0786 1904 UserName: George
    01:26:57.0786 1904 Windows directory: C:\Windows
    01:26:57.0786 1904 System windows directory: C:\Windows
    01:26:57.0786 1904 Processor architecture: Intel x86
    01:26:57.0787 1904 Number of processors: 2
    01:26:57.0787 1904 Page size: 0x1000
    01:26:57.0787 1904 Boot type: Normal boot
    01:26:57.0787 1904 ============================================================
    01:26:59.0759 1904 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    01:26:59.0761 1904 \Device\Harddisk0\DR0:
    01:26:59.0762 1904 MBR used
    01:26:59.0762 1904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0xE8E0360
    01:26:59.0791 1904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10051119, BlocksNum 0xD173468
    01:26:59.0927 1904 Initialize success
    01:26:59.0927 1904 ============================================================
    01:27:10.0008 4048 ============================================================
    01:27:10.0008 4048 Scan started
    01:27:10.0008 4048 Mode: Manual;
    01:27:10.0008 4048 ============================================================
    01:27:11.0048 4048 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    01:27:11.0051 4048 ACPI - ok
    01:27:11.0135 4048 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    01:27:11.0139 4048 adp94xx - ok
    01:27:11.0208 4048 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    01:27:11.0212 4048 adpahci - ok
    01:27:11.0239 4048 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    01:27:11.0241 4048 adpu160m - ok
    01:27:11.0278 4048 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    01:27:11.0281 4048 adpu320 - ok
    01:27:11.0448 4048 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    01:27:11.0451 4048 AFD - ok
    01:27:11.0527 4048 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    01:27:11.0529 4048 agp440 - ok
    01:27:11.0601 4048 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    01:27:11.0604 4048 aic78xx - ok
    01:27:11.0654 4048 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    01:27:11.0655 4048 aliide - ok
    01:27:11.0677 4048 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    01:27:11.0679 4048 amdagp - ok
    01:27:11.0703 4048 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    01:27:11.0705 4048 amdide - ok
    01:27:11.0759 4048 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    01:27:11.0761 4048 AmdK7 - ok
    01:27:11.0791 4048 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    01:27:11.0794 4048 AmdK8 - ok
    01:27:11.0911 4048 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    01:27:11.0913 4048 arc - ok
    01:27:11.0994 4048 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    01:27:11.0996 4048 arcsas - ok
    01:27:12.0124 4048 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
    01:27:12.0126 4048 AsDsm - ok
    01:27:12.0244 4048 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
    01:27:12.0244 4048 ASMMAP - ok
    01:27:12.0409 4048 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    01:27:12.0410 4048 AsyncMac - ok
    01:27:12.0458 4048 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    01:27:12.0459 4048 atapi - ok
    01:27:12.0572 4048 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
    01:27:12.0579 4048 athr - ok
    01:27:12.0677 4048 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
    01:27:12.0680 4048 avgntflt - ok
    01:27:12.0777 4048 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
    01:27:12.0780 4048 avipbb - ok
    01:27:12.0816 4048 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
    01:27:12.0818 4048 avkmgr - ok
    01:27:12.0905 4048 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    01:27:12.0907 4048 Beep - ok
    01:27:12.0970 4048 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    01:27:12.0971 4048 blbdrive - ok
    01:27:13.0042 4048 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    01:27:13.0044 4048 bowser - ok
    01:27:13.0076 4048 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    01:27:13.0079 4048 BrFiltLo - ok
    01:27:13.0110 4048 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    01:27:13.0112 4048 BrFiltUp - ok
    01:27:13.0171 4048 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    01:27:13.0175 4048 Brserid - ok
    01:27:13.0223 4048 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    01:27:13.0227 4048 BrSerWdm - ok
    01:27:13.0249 4048 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    01:27:13.0252 4048 BrUsbMdm - ok
    01:27:13.0287 4048 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    01:27:13.0290 4048 BrUsbSer - ok
    01:27:13.0341 4048 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
    01:27:13.0344 4048 BthEnum - ok
    01:27:13.0404 4048 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    01:27:13.0407 4048 BTHMODEM - ok
    01:27:13.0474 4048 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    01:27:13.0477 4048 BthPan - ok
    01:27:13.0518 4048 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
    01:27:13.0522 4048 BTHPORT - ok
    01:27:13.0549 4048 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
    01:27:13.0552 4048 BTHUSB - ok
    01:27:13.0634 4048 catchme - ok
    01:27:13.0738 4048 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    01:27:13.0741 4048 cdfs - ok
    01:27:13.0828 4048 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    01:27:13.0831 4048 cdrom - ok
    01:27:13.0872 4048 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    01:27:13.0874 4048 circlass - ok
    01:27:13.0931 4048 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    01:27:13.0940 4048 CLFS - ok
    01:27:14.0108 4048 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    01:27:14.0111 4048 CmBatt - ok
    01:27:14.0149 4048 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    01:27:14.0152 4048 cmdide - ok
    01:27:14.0190 4048 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    01:27:14.0193 4048 Compbatt - ok
    01:27:14.0213 4048 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    01:27:14.0216 4048 crcdisk - ok
    01:27:14.0238 4048 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    01:27:14.0241 4048 Crusoe - ok
    01:27:14.0408 4048 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    01:27:14.0411 4048 DfsC - ok
    01:27:14.0507 4048 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
    01:27:14.0509 4048 DgiVecp - ok
    01:27:14.0606 4048 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    01:27:14.0609 4048 disk - ok
    01:27:14.0762 4048 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    01:27:14.0765 4048 drmkaud - ok
    01:27:14.0824 4048 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    01:27:14.0831 4048 DXGKrnl - ok
    01:27:14.0894 4048 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    01:27:14.0897 4048 E1G60 - ok
    01:27:14.0985 4048 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    01:27:14.0988 4048 Ecache - ok
    01:27:15.0212 4048 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    01:27:15.0217 4048 elxstor - ok
    01:27:15.0245 4048 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    01:27:15.0249 4048 ErrDev - ok
    01:27:15.0371 4048 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    01:27:15.0375 4048 exfat - ok
    01:27:15.0413 4048 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    01:27:15.0417 4048 fastfat - ok
    01:27:15.0520 4048 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    01:27:15.0524 4048 fdc - ok
    01:27:15.0591 4048 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    01:27:15.0595 4048 FileInfo - ok
    01:27:15.0633 4048 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    01:27:15.0636 4048 Filetrace - ok
    01:27:15.0662 4048 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    01:27:15.0665 4048 flpydisk - ok
    01:27:15.0756 4048 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    01:27:15.0761 4048 FltMgr - ok
    01:27:15.0928 4048 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
    01:27:15.0931 4048 fssfltr - ok
    01:27:16.0053 4048 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    01:27:16.0056 4048 Fs_Rec - ok
    01:27:16.0085 4048 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    01:27:16.0088 4048 gagp30kx - ok
    01:27:16.0288 4048 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
    01:27:16.0291 4048 hamachi - ok
    01:27:16.0366 4048 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    01:27:16.0370 4048 HdAudAddService - ok
    01:27:16.0426 4048 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    01:27:16.0433 4048 HDAudBus - ok
    01:27:16.0466 4048 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    01:27:16.0469 4048 HidBth - ok
    01:27:16.0498 4048 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    01:27:16.0502 4048 HidIr - ok
    01:27:16.0557 4048 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    01:27:16.0560 4048 HidUsb - ok
    01:27:16.0603 4048 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    01:27:16.0607 4048 HpCISSs - ok
    01:27:16.0674 4048 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    01:27:16.0681 4048 HTTP - ok
    01:27:16.0735 4048 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    01:27:16.0739 4048 i2omp - ok
    01:27:16.0824 4048 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    01:27:16.0827 4048 i8042prt - ok
    01:27:16.0872 4048 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    01:27:16.0877 4048 iaStorV - ok
    01:27:16.0945 4048 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    01:27:16.0950 4048 iirsp - ok
    01:27:17.0163 4048 IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
    01:27:17.0184 4048 IntcAzAudAddService - ok
    01:27:17.0270 4048 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    01:27:17.0275 4048 intelide - ok
    01:27:17.0331 4048 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    01:27:17.0334 4048 intelppm - ok
    01:27:17.0372 4048 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    01:27:17.0376 4048 IpFilterDriver - ok
    01:27:17.0396 4048 IpInIp - ok
    01:27:17.0435 4048 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    01:27:17.0439 4048 IPMIDRV - ok
    01:27:17.0472 4048 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    01:27:17.0476 4048 IPNAT - ok
    01:27:17.0499 4048 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    01:27:17.0502 4048 IRENUM - ok
    01:27:17.0522 4048 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    01:27:17.0527 4048 isapnp - ok
    01:27:17.0582 4048 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    01:27:17.0587 4048 iScsiPrt - ok
    01:27:17.0622 4048 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    01:27:17.0626 4048 iteatapi - ok
    01:27:17.0650 4048 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    01:27:17.0653 4048 iteraid - ok
    01:27:17.0698 4048 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    01:27:17.0703 4048 kbdclass - ok
    01:27:17.0725 4048 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    01:27:17.0729 4048 kbdhid - ok
    01:27:17.0793 4048 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
    01:27:17.0799 4048 kbfiltr - ok
    01:27:17.0853 4048 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    01:27:17.0861 4048 KSecDD - ok
    01:27:17.0927 4048 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    01:27:17.0932 4048 lltdio - ok
    01:27:17.0973 4048 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    01:27:17.0977 4048 LSI_FC - ok
    01:27:18.0001 4048 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    01:27:18.0005 4048 LSI_SAS - ok
    01:27:18.0033 4048 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    01:27:18.0038 4048 LSI_SCSI - ok
    01:27:18.0060 4048 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    01:27:18.0064 4048 luafv - ok
    01:27:18.0113 4048 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
    01:27:18.0117 4048 lullaby - ok
    01:27:18.0144 4048 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    01:27:18.0147 4048 megasas - ok
    01:27:18.0221 4048 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    01:27:18.0228 4048 MegaSR - ok
    01:27:18.0263 4048 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    01:27:18.0266 4048 Modem - ok
    01:27:18.0313 4048 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    01:27:18.0317 4048 monitor - ok
    01:27:18.0338 4048 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    01:27:18.0342 4048 mouclass - ok
    01:27:18.0404 4048 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    01:27:18.0408 4048 mouhid - ok
    01:27:18.0457 4048 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    01:27:18.0461 4048 MountMgr - ok
    01:27:18.0533 4048 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    01:27:18.0538 4048 mpio - ok
    01:27:18.0574 4048 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    01:27:18.0579 4048 mpsdrv - ok
    01:27:18.0604 4048 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    01:27:18.0609 4048 Mraid35x - ok
    01:27:18.0651 4048 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    01:27:18.0656 4048 MRxDAV - ok
    01:27:18.0695 4048 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    01:27:18.0700 4048 mrxsmb - ok
    01:27:18.0735 4048 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    01:27:18.0741 4048 mrxsmb10 - ok
    01:27:18.0781 4048 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    01:27:18.0786 4048 mrxsmb20 - ok
    01:27:18.0885 4048 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    01:27:18.0889 4048 msahci - ok
    01:27:18.0919 4048 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    01:27:18.0925 4048 msdsm - ok
    01:27:19.0002 4048 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    01:27:19.0006 4048 Msfs - ok
    01:27:19.0094 4048 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    01:27:19.0099 4048 msisadrv - ok
    01:27:19.0183 4048 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    01:27:19.0188 4048 MSKSSRV - ok
    01:27:19.0244 4048 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    01:27:19.0249 4048 MSPCLOCK - ok
    01:27:19.0270 4048 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    01:27:19.0275 4048 MSPQM - ok
    01:27:19.0322 4048 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    01:27:19.0328 4048 MsRPC - ok
    01:27:19.0364 4048 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    01:27:19.0370 4048 mssmbios - ok
    01:27:19.0409 4048 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    01:27:19.0414 4048 MSTEE - ok
    01:27:19.0459 4048 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
    01:27:19.0461 4048 MTsensor - ok
    01:27:19.0499 4048 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    01:27:19.0505 4048 Mup - ok
    01:27:19.0602 4048 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    01:27:19.0610 4048 NativeWifiP - ok
    01:27:19.0671 4048 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    01:27:19.0681 4048 NDIS - ok
    01:27:19.0749 4048 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    01:27:19.0756 4048 NdisTapi - ok
    01:27:19.0779 4048 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    01:27:19.0786 4048 Ndisuio - ok
    01:27:19.0821 4048 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    01:27:19.0828 4048 NdisWan - ok
    01:27:19.0849 4048 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    01:27:19.0854 4048 NDProxy - ok
    01:27:19.0924 4048 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    01:27:19.0928 4048 NetBIOS - ok
    01:27:19.0959 4048 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    01:27:19.0966 4048 netbt - ok
    01:27:20.0058 4048 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    01:27:20.0063 4048 nfrd960 - ok
    01:27:20.0147 4048 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    01:27:20.0151 4048 Npfs - ok
    01:27:20.0176 4048 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    01:27:20.0182 4048 nsiproxy - ok
    01:27:20.0242 4048 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    01:27:20.0255 4048 Ntfs - ok
    01:27:20.0287 4048 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    01:27:20.0292 4048 ntrigdigi - ok
    01:27:20.0333 4048 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    01:27:20.0338 4048 Null - ok
    01:27:20.0600 4048 nvlddmkm (5ce5b23855262acabaecce156f48dd88) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    01:27:20.0680 4048 nvlddmkm - ok
    01:27:20.0731 4048 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    01:27:20.0738 4048 nvraid - ok
    01:27:20.0759 4048 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    01:27:20.0764 4048 nvstor - ok
    01:27:20.0865 4048 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    01:27:20.0871 4048 nv_agp - ok
    01:27:20.0888 4048 NwlnkFlt - ok
    01:27:20.0906 4048 NwlnkFwd - ok
    01:27:20.0978 4048 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    01:27:20.0985 4048 ohci1394 - ok
    01:27:21.0063 4048 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    01:27:21.0070 4048 Parport - ok
    01:27:21.0118 4048 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    01:27:21.0125 4048 partmgr - ok
    01:27:21.0160 4048 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    01:27:21.0166 4048 Parvdm - ok
    01:27:21.0221 4048 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    01:27:21.0229 4048 pci - ok
    01:27:21.0285 4048 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    01:27:21.0294 4048 pciide - ok
    01:27:21.0335 4048 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    01:27:21.0343 4048 pcmcia - ok
    01:27:21.0441 4048 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    01:27:21.0455 4048 PEAUTH - ok
    01:27:21.0601 4048 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    01:27:21.0607 4048 PptpMiniport - ok
    01:27:21.0647 4048 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    01:27:21.0652 4048 Processor - ok
    01:27:21.0711 4048 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    01:27:21.0716 4048 PSched - ok
    01:27:21.0741 4048 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    01:27:21.0746 4048 PxHelp20 - ok
    01:27:21.0837 4048 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    01:27:21.0849 4048 ql2300 - ok
    01:27:21.0885 4048 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    01:27:21.0892 4048 ql40xx - ok
    01:27:21.0927 4048 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    01:27:21.0932 4048 QWAVEdrv - ok
    01:27:21.0958 4048 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    01:27:21.0963 4048 RasAcd - ok
    01:27:21.0997 4048 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    01:27:22.0003 4048 Rasl2tp - ok
    01:27:22.0061 4048 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    01:27:22.0066 4048 RasPppoe - ok
    01:27:22.0102 4048 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    01:27:22.0108 4048 RasSstp - ok
    01:27:22.0146 4048 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    01:27:22.0153 4048 rdbss - ok
    01:27:22.0188 4048 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    01:27:22.0195 4048 RDPCDD - ok
    01:27:22.0229 4048 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    01:27:22.0236 4048 rdpdr - ok
    01:27:22.0252 4048 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    01:27:22.0260 4048 RDPENCDD - ok
    01:27:22.0304 4048 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    01:27:22.0312 4048 RDPWD - ok
    01:27:22.0427 4048 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
    01:27:22.0433 4048 RFCOMM - ok
    01:27:22.0484 4048 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    01:27:22.0491 4048 rspndr - ok
    01:27:22.0539 4048 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    01:27:22.0545 4048 sbp2port - ok
    01:27:22.0650 4048 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    01:27:22.0657 4048 sdbus - ok
    01:27:22.0708 4048 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    01:27:22.0714 4048 secdrv - ok
    01:27:22.0763 4048 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    01:27:22.0768 4048 Serenum - ok
    01:27:22.0816 4048 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    01:27:22.0823 4048 Serial - ok
    01:27:22.0859 4048 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    01:27:22.0865 4048 sermouse - ok
    01:27:22.0902 4048 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    01:27:22.0909 4048 sffdisk - ok
    01:27:22.0934 4048 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    01:27:22.0940 4048 sffp_mmc - ok
    01:27:22.0968 4048 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    01:27:22.0975 4048 sffp_sd - ok
    01:27:23.0032 4048 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
    01:27:23.0037 4048 sfloppy - ok
    01:27:23.0077 4048 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    01:27:23.0083 4048 sisagp - ok
    01:27:23.0124 4048 SiSGbeLH (42c5de6854f32e6fd399ac8f69fd5fa8) C:\Windows\system32\DRIVERS\SiSGB6.sys
    01:27:23.0130 4048 SiSGbeLH - ok
    01:27:23.0162 4048 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    01:27:23.0168 4048 SiSRaid2 - ok
    01:27:23.0201 4048 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    01:27:23.0207 4048 SiSRaid4 - ok
    01:27:23.0258 4048 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    01:27:23.0265 4048 Smb - ok
    01:27:23.0358 4048 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
    01:27:23.0371 4048 smserial - ok
    01:27:23.0512 4048 SNP2UVC (060f51141b20b8156804446a04ab8b2a) C:\Windows\system32\DRIVERS\snp2uvc.sys
    01:27:23.0530 4048 SNP2UVC - ok
    01:27:23.0566 4048 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    01:27:23.0573 4048 spldr - ok
    01:27:23.0647 4048 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
    01:27:23.0647 4048 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    01:27:23.0655 4048 sptd ( LockedFile.Multi.Generic ) - warning
    01:27:23.0655 4048 sptd - detected LockedFile.Multi.Generic (1)
    01:27:23.0736 4048 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    01:27:23.0743 4048 srv - ok
    01:27:23.0794 4048 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    01:27:23.0803 4048 srv2 - ok
    01:27:23.0837 4048 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    01:27:23.0844 4048 srvnet - ok
    01:27:23.0888 4048 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    01:27:23.0895 4048 ssmdrv - ok
    01:27:23.0937 4048 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
    01:27:23.0943 4048 SSPORT - ok
    01:27:24.0081 4048 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    01:27:24.0090 4048 swenum - ok
    01:27:24.0133 4048 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    01:27:24.0141 4048 Symc8xx - ok
    01:27:24.0195 4048 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    01:27:24.0204 4048 Sym_hi - ok
    01:27:24.0240 4048 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    01:27:24.0249 4048 Sym_u3 - ok
    01:27:24.0372 4048 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
    01:27:24.0380 4048 SynTP - ok
    01:27:24.0456 4048 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    01:27:24.0469 4048 Tcpip - ok
    01:27:24.0511 4048 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    01:27:24.0524 4048 Tcpip6 - ok
    01:27:24.0561 4048 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    01:27:24.0568 4048 tcpipreg - ok
    01:27:24.0607 4048 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    01:27:24.0614 4048 TDPIPE - ok
    01:27:24.0651 4048 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    01:27:24.0658 4048 TDTCP - ok
    01:27:24.0691 4048 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    01:27:24.0698 4048 tdx - ok
    01:27:24.0734 4048 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    01:27:24.0741 4048 TermDD - ok
    01:27:24.0817 4048 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    01:27:24.0824 4048 tssecsrv - ok
    01:27:24.0862 4048 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    01:27:24.0869 4048 tunmp - ok
    01:27:24.0900 4048 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    01:27:24.0908 4048 tunnel - ok
    01:27:24.0936 4048 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    01:27:24.0943 4048 uagp35 - ok
    01:27:24.0984 4048 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    01:27:24.0992 4048 udfs - ok
    01:27:25.0061 4048 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    01:27:25.0069 4048 uliagpkx - ok
    01:27:25.0103 4048 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    01:27:25.0111 4048 uliahci - ok
    01:27:25.0133 4048 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    01:27:25.0140 4048 UlSata - ok
    01:27:25.0178 4048 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    01:27:25.0185 4048 ulsata2 - ok
    01:27:25.0215 4048 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    01:27:25.0222 4048 umbus - ok
    01:27:25.0460 4048 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
    01:27:25.0461 4048 UnlockerDriver5 - ok
    01:27:25.0651 4048 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    01:27:25.0659 4048 usbaudio - ok
    01:27:25.0698 4048 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    01:27:25.0706 4048 usbccgp - ok
    01:27:25.0744 4048 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    01:27:25.0751 4048 usbcir - ok
    01:27:25.0833 4048 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    01:27:25.0840 4048 usbehci - ok
    01:27:25.0878 4048 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    01:27:25.0888 4048 usbhub - ok
    01:27:25.0912 4048 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    01:27:25.0920 4048 usbohci - ok
    01:27:25.0964 4048 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    01:27:25.0972 4048 usbprint - ok
    01:27:26.0103 4048 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    01:27:26.0110 4048 usbscan - ok
    01:27:26.0162 4048 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    01:27:26.0170 4048 USBSTOR - ok
    01:27:26.0218 4048 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    01:27:26.0226 4048 usbuhci - ok
    01:27:26.0248 4048 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    01:27:26.0256 4048 usbvideo - ok
    01:27:26.0289 4048 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    01:27:26.0296 4048 vga - ok
    01:27:26.0312 4048 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    01:27:26.0321 4048 VgaSave - ok
    01:27:26.0346 4048 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    01:27:26.0354 4048 viaagp - ok
    01:27:26.0379 4048 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    01:27:26.0386 4048 ViaC7 - ok
    01:27:26.0410 4048 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    01:27:26.0418 4048 viaide - ok
    01:27:26.0461 4048 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    01:27:26.0468 4048 volmgr - ok
    01:27:26.0513 4048 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    01:27:26.0524 4048 volmgrx - ok
    01:27:26.0557 4048 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    01:27:26.0568 4048 volsnap - ok
    01:27:26.0610 4048 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    01:27:26.0619 4048 vsmraid - ok
    01:27:26.0655 4048 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    01:27:26.0665 4048 WacomPen - ok
    01:27:26.0700 4048 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    01:27:26.0709 4048 Wanarp - ok
    01:27:26.0735 4048 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    01:27:26.0746 4048 Wanarpv6 - ok
    01:27:26.0797 4048 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    01:27:26.0806 4048 Wd - ok
    01:27:26.0853 4048 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    01:27:26.0866 4048 Wdf01000 - ok
    01:27:27.0093 4048 WmFilter (cffe18db8140b00335221907a694dd01) C:\Windows\system32\drivers\WmFilter.sys
    01:27:27.0102 4048 WmFilter - ok
    01:27:27.0161 4048 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    01:27:27.0170 4048 WmiAcpi - ok
    01:27:27.0231 4048 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    01:27:27.0240 4048 ws2ifsl - ok
    01:27:27.0357 4048 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    01:27:27.0367 4048 WUDFRd - ok
    01:27:27.0426 4048 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
    01:27:27.0439 4048 xnacc - ok
    01:27:27.0571 4048 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
    01:27:27.0581 4048 xusb21 - ok
    01:27:27.0634 4048 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
    01:27:27.0644 4048 yukonwlh - ok
    01:27:27.0673 4048 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
    01:27:27.0783 4048 \Device\Harddisk0\DR0 - ok
    01:27:27.0793 4048 Boot (0x1200) (58d05d33716f8103d6c9c0e84086a8b6) \Device\Harddisk0\DR0\Partition0
    01:27:27.0796 4048 \Device\Harddisk0\DR0\Partition0 - ok
    01:27:27.0838 4048 Boot (0x1200) (12aa7348563a13b65716e39d09fc4495) \Device\Harddisk0\DR0\Partition1
    01:27:27.0840 4048 \Device\Harddisk0\DR0\Partition1 - ok
    01:27:27.0841 4048 ============================================================
    01:27:27.0841 4048 Scan finished
    01:27:27.0841 4048 ============================================================
    01:27:27.0856 3032 Detected object count: 1
    01:27:27.0856 3032 Actual detected object count: 1
    01:27:45.0551 3032 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
    01:27:45.0553 3032 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
     
  21. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    During the Combofix, it said something about a ZeroAccess rootkit, then the computer had to reboot. After rebooting, it never gave me a log, so basically it did exactly the same thing as before. So no combofix log. It isn't in C:\ either.

    So what should I do next?
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Let see if this will help run things better:

    The malware also changes your Windows HOSTS file. We will need to replace the default version for your operating system. (Note:if you or your company has added custom entries to your HOSTS file then you will need to add them again after restoring the default HOSTS file.)

    The malware, in order to protect itself,may change the permissions of the HOSTS file so you can't edit or delete it. To fix these permissions please download the following batch file and save it to your desktop:

    Step 1: Restoring Permissions
    • Please download Hostsperm.bat and save it to our desktop.
    • Double-click on the hostsperm.bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run.
    • Once it starts you will see a small black window that opens, then goes away. This is normal.
    You should now be able to access your HOSTS file.

    Step 2: Show Hidden Files and Folders in Windows Vista:
    • Click on the Start button and select Computer
    • Select Folder Options> View tab
    • Check Show hidden files and folders
    • uncheckHide protected operating system files(Recommended)> Confirm Yes/b]
      [*] Then, uncheck the box next to Hide extensions for known filetypes
      [*] Click Apply then click OK


    Step 3: Delete the hosts file
    • Using Windows Explorer> navigate to Computer> Local Drive> Windows> System 32> Drivers
    • Navigate to C:\Windows\System32\drivers\etc and do a right click> Delete and delete the hosts file.
    • Once it is deleted, go to next Step.

    Step 4: Replacing the Hosts file for your operating system:
    • Download the following HOSTS file that corresponds to Vista HERE
    • Save it in the C:\Windows\System32\Drivers\etc folder.


    Note: If the contents of the HOSTS file opens in your browser when you click on a link, then right-click on the ink and select Save Target As for in Internet Explorer, or Save Link As if in Firefox, to download the file.

    Now reboot your computer.
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Do a right click on this file> Properties> Uncheck the Read Only attribute:

    R--- | C] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe

    Now try to run the scan and recover the log
    ======================================
    This is the file that runs the Security Center- it's missing. We'll see if there is copy on the system to replace it:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2


    For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
      :filefind
      winrnr.*
      
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  24. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 107

    I'm not at the system look part yet, but I ran combofix again, it it still said that it detected a ZeroAccess rootkit, and because it detected a rootkit, the scan may take a while longer, then it told me to reboot, and when I did, and windows started up again, I didn't get the combo fix log, and it isn't in C:/ either. So basically the same thing happened... again.
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Follow the Host file directions, then run System Look.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.