Inactive Iexplore.exe running in processes while internet explorer not running

Status
Not open for further replies.
Z

zekezagura

Posts: 13   +0
iexplore.exe has been running in processes taking up a lot of CPU while internet explorer is not and internet explorer sometimes opens up by itself at a random web site.

Malware
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8243

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/25/2011 9:51:42 PM
mbam-log-2011-11-25 (21-51-42).txt

Scan type: Quick scan
Objects scanned: 184210
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Zeke\downloads\WSOP-USA.exe (PUP.Casino) -> Quarantined and deleted successfully.
 
dds

So yah didnt add gmer cause it is HUGE! here is dds file

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Zeke at 23:08:54 on 2011-11-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1803 [GMT -5:00]
.
AV: Trend Micro AntiVirus *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Prevx 3.0 *Enabled/Updated* {85194EF3-9578-0A22-9A51-A9FE4DD90287}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Trend Micro AntiVirus *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Prevx 3.0 *Enabled/Updated* {3E78AF17-B342-05AC-A0E1-928C365E483A}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\SysWOW64\conime.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Google Update] "C:\Users\Zeke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
mRun: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
TCP: Interfaces\{8AFFF85F-01E5-44A8-BB60-FEB924CAE264} : DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSA: Notification Packages = scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
mRun-x64: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110830
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110830&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Zeke\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Zeke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Zeke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-3-31 14904]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-11-23 6746280]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-31 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-5 135664]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-25 366152]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-5 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-2-24 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2011-2-20 900360]
S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-26 02:43:40 -------- d-----w- C:\Users\Zeke\AppData\Roaming\Malwarebytes
2011-11-26 02:43:21 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-26 02:43:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-26 02:29:20 -------- d-----w- C:\ProgramData\AVAST Software
2011-11-26 02:29:20 -------- d-----w- C:\Program Files\AVAST Software
2011-11-24 20:36:59 466432 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2011-11-24 20:35:53 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-24 20:35:53 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-11-24 19:14:21 -------- d-----w- C:\ProgramData\VS
2011-11-24 03:16:13 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-11-24 03:16:13 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
2011-11-24 03:16:13 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
2011-11-24 03:16:12 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
2011-11-24 03:16:12 -------- d-----w- C:\Program Files\Prevx
2011-11-24 03:15:44 -------- d-----w- C:\ProgramData\PrevxCSI
2011-11-23 00:14:33 -------- d-----w- C:\Program Files\CCleaner
2011-11-23 00:08:45 -------- d-----w- C:\ProgramData\STOPzilla!
2011-11-23 00:08:45 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2011-11-23 00:08:45 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2011-11-22 22:49:53 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2011-11-22 15:39:08 547880 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2011-11-22 15:39:08 482344 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2011-11-22 15:39:08 30248 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2011-11-22 15:39:08 24616 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2011-11-22 15:39:08 134184 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2011-11-22 15:39:06 740392 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2011-11-22 15:39:06 68648 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2011-11-22 15:39:06 457768 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2011-11-22 15:39:06 392232 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2011-11-22 15:39:06 232488 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2011-11-22 15:39:06 105512 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2011-11-22 15:39:06 101416 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2011-11-15 23:05:37 -------- d-----w- C:\Program Files\iPod
2011-11-15 23:05:33 -------- d-----w- C:\Program Files\iTunes
2011-11-14 21:33:23 -------- d-----w- C:\Windows\Hewlett-Packard
2011-11-13 17:06:34 633816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-11-13 17:06:34 555992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-11-13 17:06:34 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-11-13 17:06:34 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-11-11 20:38:57 995383 ----a-w- C:\Windows\SysWow64\temp.001
2011-11-11 20:38:57 295000 ----a-w- C:\Windows\SysWow64\temp.000
2011-11-11 20:38:55 -------- d-----w- C:\Program Files (x86)\ClubWPT
2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-11-10 22:49:59 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-11-10 00:16:18 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-10 00:16:18 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-10 00:16:17 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-10 00:16:16 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-10 00:16:16 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-10 00:16:16 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-11-09 02:36:40 -------- d-----w- C:\AmericasCardroom.net
2011-11-08 01:00:37 -------- d-----w- C:\Users\Zeke\AppData\Roaming\Microsoft Corporation
2011-11-04 18:28:19 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-11-04 18:28:19 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-11-24 20:37:08 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2011-11-24 20:37:08 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-24 20:37:04 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-11-24 20:37:03 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-11-24 20:37:03 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2011-11-24 20:37:03 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2011-11-24 20:37:00 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2011-11-13 00:05:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-26 16:21:26 74768 ----a-r- C:\Windows\SysWow64\drivers\SZKG64.sys
2011-09-26 16:21:26 74768 ----a-r- C:\Windows\SysWow64\drivers\is3srv64.sys
2011-09-22 02:33:36 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-14 01:09:07 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 03:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 03:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 03:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2008-07-02 02:28:38 61440 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
.
============= FINISH: 23:18:11.17 ===============
 
attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/31/2009 12:21:40 AM
System Uptime: 11/25/2011 10:39:47 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G50VT
Processor: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz | Socket 478 | 2133/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 102.333 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
????????????
7-Zip 9.22beta
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AmericasCardroom.net
Apple Application Support
Apple Software Update
ASUS CopyProtect
ASUS Data Security Manager
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
BitZipper 2010
BufferChm
Cisco Connect
ClubWPT
Cockatrice
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Crystal Reports for Visual Studio
CyberLink LabelPrint
CyberLink Power2Go
D1600
DAEMON Tools Pro
DeviceDiscovery
Direct Console 2.0
DivX Setup
DJ_SF_06_D1600_SW_Min
EasyBits GO
Express Gate
Galapago
Geek Squad 24 Hour Computer Support
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hitman: Blood Money
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
ITECIR
Java Auto Updater
Java(TM) 6 Update 27
League of Legends
LightScribe System Software 1.14.17.1
LoJack Factory Installer
Magic Online
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft Works
Minitab 15 English
Mozilla Firefox 9.0 (x86 en-US)
myPhotoMovie (remove only)
NB Probe
nFringe 1.1 (1.1.34.193)
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA System Update
Pando Media Booster
Peggle Deluxe
Picasa 2
Poker Night at the Inventory
PokerStars
PokerStars.net
Post Apocalyptic Mayhem
PSPad editor
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RegZooka
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Star Wars: The Old Republic
StarCraft II
StartNow Toolbar
Status
Steam
STOPzilla
System Requirements Lab
System Requirements Lab CYRI
Toolbox
TrayApp
UnCodeX
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WCF RIA Services V1.0 SP1
WebReg
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
WinFlash
WinFtp Client 1.5
WinZip 15.5
Wireless Console 2
.
==== Event Viewer Messages From Past Week ========
.
11/25/2011 10:42:53 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
11/25/2011 10:42:53 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
11/25/2011 10:40:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
11/25/2011 10:40:21 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{8AFFF85F-01E5-44A8-BB60-FEB924CAE264} because another computer on the network has the same name. The server could not start.
11/25/2011 10:40:21 PM, Error: netbt [4321] - The name "ZEKE-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
11/25/2011 10:40:21 PM, Error: netbt [4321] - The name "ZEKE-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
11/25/2011 10:39:12 PM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/24/2011 4:33:49 PM, Error: EventLog [6008] - The previous system shutdown at 4:32:26 PM on 11/24/2011 was unexpected.
11/23/2011 6:46:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/23/2011 6:46:14 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/23/2011 4:43:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.113 for the Network Card with network address 00215D937FCA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/23/2011 4:04:54 PM, Error: netbt [4321] - The name "ZEKE-PC :20" could not be registered on the interface with IP address 192.168.1.113. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
11/23/2011 4:04:54 PM, Error: netbt [4321] - The name "ZEKE-PC :0" could not be registered on the interface with IP address 192.168.1.113. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
11/23/2011 4:04:44 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.21 for the Network Card with network address 00215D937FCA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/22/2011 10:44:32 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
11/19/2011 4:20:51 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Vista64.
11/19/2011 3:36:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
11/19/2011 3:35:14 PM, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 3:35:14 PM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 3:35:14 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/19/2011 3:35:14 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/19/2011 3:35:14 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 3:33:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.21 for the Network Card with network address 00215D937FCA has been denied by the DHCP server 172.18.40.253 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

You're running three AV programs, Trend Micro, AVG and Prevx.
TWO of them have to go.
If one of them is AVG make sure to use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

Upload GMER log here: http://www.filedropper.com/
Post download link (copy URL: link):
p4465520.gif
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
log

ComboFix 11-11-26.04 - Zeke 11/26/2011 20:55:24.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2420 [GMT -5:00]
Running from: c:\users\Zeke\Desktop\ComboFix.exe
AV: Prevx 3.0 *Enabled/Updated* {85194EF3-9578-0A22-9A51-A9FE4DD90287}
SP: Prevx 3.0 *Enabled/Updated* {3E78AF17-B342-05AC-A0E1-928C365E483A}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
c:\users\Zeke\AppData\Roaming\Install.dat
c:\users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\searchplugins\bing-zugo.xml
c:\windows\SysWow64\drivers\dfg.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 02:43 . 2011-11-27 02:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF46A644-4DC3-456E-94A4-B57549AA37A2}\offreg.dll
2011-11-27 02:39 . 2011-11-27 02:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-27 02:39 . 2011-11-27 02:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 17:20 . 2011-11-26 17:20 -------- d-----w- c:\users\Zeke\AppData\Local\SWTOR
2011-11-26 16:56 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF46A644-4DC3-456E-94A4-B57549AA37A2}\mpengine.dll
2011-11-26 15:41 . 2011-11-26 15:41 -------- d-----w- C:\a108254b35ec78337912
2011-11-26 06:19 . 2011-11-26 06:19 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-11-26 02:43 . 2011-11-26 02:43 -------- d-----w- c:\users\Zeke\AppData\Roaming\Malwarebytes
2011-11-26 02:43 . 2011-11-26 02:43 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 02:43 . 2011-11-26 02:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-26 02:29 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-26 02:29 . 2011-11-26 02:40 -------- d-----w- c:\programdata\AVAST Software
2011-11-26 02:29 . 2011-11-26 02:29 -------- d-----w- c:\program files\AVAST Software
2011-11-24 20:36 . 2011-11-24 20:36 466432 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe
2011-11-24 20:35 . 2011-11-24 20:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-24 20:35 . 2011-11-24 20:35 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-24 19:14 . 2011-11-24 19:14 -------- d-----w- c:\programdata\VS
2011-11-24 03:16 . 2011-11-24 03:16 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-11-24 03:16 . 2011-11-24 03:16 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll
2011-11-24 03:16 . 2011-11-24 03:16 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-11-24 03:16 . 2011-11-24 03:16 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-11-24 03:16 . 2011-11-24 03:16 -------- d-----w- c:\program files\Prevx
2011-11-24 03:15 . 2011-11-27 02:17 -------- d-----w- c:\programdata\PrevxCSI
2011-11-23 00:14 . 2011-11-23 00:14 -------- d-----w- c:\program files\CCleaner
2011-11-23 00:08 . 2011-11-26 02:49 -------- d-----w- c:\programdata\STOPzilla!
2011-11-23 00:08 . 2011-11-23 00:08 -------- d-----w- c:\program files (x86)\STOPzilla!
2011-11-23 00:08 . 2011-11-23 00:08 -------- d-----w- c:\program files (x86)\Common Files\iS3
2011-11-22 22:49 . 2011-11-22 22:49 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2011-11-22 22:49 . 2011-11-22 22:49 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-11-22 15:39 . 2011-11-22 15:39 547880 ----a-r- c:\windows\SysWow64\SZComp5.dll
2011-11-22 15:39 . 2011-11-22 15:39 482344 ----a-r- c:\windows\SysWow64\SZBase5.dll
2011-11-22 15:39 . 2011-11-22 15:39 30248 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
2011-11-22 15:39 . 2011-11-22 15:39 24616 ----a-r- c:\windows\SysWow64\SZIO5.dll
2011-11-22 15:39 . 2011-11-22 15:39 134184 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
2011-11-22 15:39 . 2011-11-22 15:39 740392 ----a-r- c:\windows\SysWow64\IS3Base5.dll
2011-11-22 15:39 . 2011-11-22 15:39 68648 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
2011-11-22 15:39 . 2011-11-22 15:39 457768 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
2011-11-22 15:39 . 2011-11-22 15:39 392232 ----a-r- c:\windows\SysWow64\IS3UI5.dll
2011-11-22 15:39 . 2011-11-22 15:39 232488 ----a-r- c:\windows\SysWow64\IS3Win325.dll
2011-11-22 15:39 . 2011-11-22 15:39 105512 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
2011-11-22 15:39 . 2011-11-22 15:39 101416 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
2011-11-22 02:55 . 2011-11-22 02:55 -------- d-----w- c:\users\Zeke\AppData\Roaming\HPAppData
2011-11-15 23:05 . 2011-11-15 23:05 -------- d-----w- c:\program files\iPod
2011-11-15 23:05 . 2011-11-15 23:06 -------- d-----w- c:\program files\iTunes
2011-11-14 21:33 . 2011-11-14 21:33 -------- d-----w- c:\windows\Hewlett-Packard
2011-11-13 17:06 . 2011-11-26 03:00 633816 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-11-13 17:06 . 2011-11-26 03:00 555992 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-11-13 17:06 . 2011-11-26 03:00 486360 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-11-13 17:06 . 2011-11-26 03:00 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-11-13 00:05 . 2011-11-13 00:05 -------- d-----w- c:\windows\system32\Macromed
2011-11-11 20:38 . 2002-03-25 15:31 295000 ----a-w- c:\windows\SysWow64\temp.000
2011-11-11 20:38 . 2002-03-25 15:30 995383 ----a-w- c:\windows\SysWow64\temp.001
2011-11-11 20:38 . 2011-11-11 20:39 -------- d-----w- c:\program files (x86)\ClubWPT
2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-11-10 22:49 . 2011-11-10 22:49 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-11-10 22:49 . 2011-11-10 22:49 -------- d-----w- c:\program files (x86)\QuickTime
2011-11-10 00:16 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-10 00:16 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-10 00:16 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 00:16 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 00:16 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-10 00:16 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 02:36 . 2011-11-25 07:02 -------- d-----w- C:\AmericasCardroom.net
2011-11-08 01:00 . 2011-11-08 01:00 -------- d-----w- c:\users\Zeke\AppData\Roaming\Microsoft Corporation
2011-11-04 18:28 . 2011-08-13 05:11 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-04 18:28 . 2011-08-13 04:43 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 15:44 . 2011-07-11 22:32 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-11-24 19:55 . 2011-07-11 22:32 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-11-13 00:05 . 2011-05-13 12:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-09-26 16:21 . 2011-09-26 16:21 74768 ----a-r- c:\windows\SysWow64\drivers\SZKG64.sys
2011-09-26 16:21 . 2011-09-26 16:21 74768 ----a-r- c:\windows\SysWow64\drivers\is3srv64.sys
2011-09-22 02:33 . 2011-09-22 02:33 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-14 01:09 . 2011-02-20 22:18 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-09-06 13:56 . 2011-10-12 23:08 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-02 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2008-08-20 2705976]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-03 8105984]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 27648]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-11-24 6746280]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 06:07]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 06:07]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3066804163-2422679958-3097153674-1000Core.job
- c:\users\Zeke\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 23:26]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3066804163-2422679958-3097153674-1000UA.job
- c:\users\Zeke\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"RtHDVCpl"="RAVCpl64.exe" [2008-06-13 6342688]
"combofix"="c:\combofix\CF32335.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110830
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110830&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-RegZooka - c:\program files (x86)\RegZooka\uninstall.exe
AddRemove-????????????_is1 - c:\program files (x86)\?????????\????????????\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-26 22:07:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 03:07
.
Pre-Run: 108,707,586,048 bytes free
Post-Run: 110,229,159,936 bytes free
.
- - End Of File - - D50064DF5C507ADCEDD8808C67088057
 
Looks good.

How is computer doing?

Uninstall STOPzilla as well. It's a company with rather shady reutation.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL

So my computer is running much better however iexplore.exe still seems to appear in processes every so often though not taking near the amount of cpu as it was, from 70-95% down to around 0-5%, it is still there though :(

OTL logfile created on: 11/26/2011 11:45:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zeke\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.91% Memory free
8.17 Gb Paging File | 6.27 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 102.62 Gb Free Space | 35.84% Space Free | Partition Type: NTFS

Computer Name: ZEKE-PC | User Name: Zeke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 23:44:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zeke\Desktop\OTL.exe
PRC - [2011/05/21 01:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/17 03:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/03/17 03:15:04 | 000,842,048 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2008/09/02 19:11:04 | 008,105,984 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/06/18 00:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/04/01 01:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/03/29 14:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2006/11/02 10:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/18 21:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 11:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/08/14 15:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2007/06/15 12:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007/06/01 19:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/23 22:16:12 | 006,746,280 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV:64bit: - [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 14:24:54 | 000,125,496 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2011/11/20 23:50:45 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 14:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/05/21 01:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 12:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/13 22:59:52 | 000,100,920 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/23 22:16:13 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2011/11/23 22:16:13 | 000,036,384 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan)
DRV:64bit: - [2011/11/23 22:16:12 | 000,024,024 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/30 22:25:06 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/09/12 00:48:25 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/08/28 10:57:23 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/06/24 15:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 01:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/29 12:21:00 | 000,016,440 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/05/02 00:59:47 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/01 04:59:19 | 001,878,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/01/20 21:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2007/12/18 19:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/12/06 05:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/08/10 22:19:44 | 000,034,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2007/08/02 23:26:47 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007/07/27 21:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 22:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 13:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/27 08:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 64 6A C4 EC AA CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z192&install_date=20110830"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110830&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Zeke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Zeke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zeke\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zeke\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/06 23:00:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/06 23:00:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/21 22:33:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/25 22:00:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:49:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/21 22:33:25 | 000,000,000 | ---D | M]

[2011/02/22 17:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Extensions
[2011/11/05 13:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\extensions
[2011/02/24 08:09:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/29 20:37:57 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Zeke\AppData\Roaming\Mozilla\Firefox\Profiles\oeqlkdpx.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/11/05 12:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/08 14:52:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/09/14 18:24:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/25 22:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\USERS\ZEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OEQLKDPX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ZEKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OEQLKDPX.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011/11/25 22:00:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/11/03 06:13:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/09 03:12:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/03 06:13:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/26 21:44:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AFFF85F-01E5-44A8-BB60-FEB924CAE264}: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zeke\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zeke\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 23:44:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Zeke\Desktop\OTL.exe
[2011/11/26 23:09:22 | 000,000,000 | ---D | C] -- C:\Users\Zeke\Desktop\New Folder
[2011/11/26 22:08:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/26 21:44:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/26 20:47:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/26 20:47:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/26 20:47:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/26 20:46:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/26 20:46:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/26 20:39:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/26 20:35:17 | 004,309,325 | R--- | C] (Swearware) -- C:\Users\Zeke\Desktop\ComboFix.exe
[2011/11/26 12:20:15 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Local\SWTOR
[2011/11/26 12:20:14 | 000,000,000 | ---D | C] -- C:\Users\Zeke\Documents\HeroBlade Logs
[2011/11/26 11:56:10 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Zeke\Desktop\aswMBR.exe
[2011/11/26 10:41:06 | 000,000,000 | ---D | C] -- C:\a108254b35ec78337912
[2011/11/26 01:19:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/11/25 22:43:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Zeke\Desktop\dds.scr
[2011/11/25 21:43:40 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Roaming\Malwarebytes
[2011/11/25 21:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/25 21:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 21:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/25 21:29:52 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/25 21:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/25 21:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/24 14:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
[2011/11/24 14:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2011/11/24 14:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2011/11/23 22:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0
[2011/11/23 22:16:13 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2011/11/23 22:16:13 | 000,062,976 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
[2011/11/23 22:16:13 | 000,036,384 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2011/11/23 22:16:12 | 000,024,024 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2011/11/23 22:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/11/23 22:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2011/11/22 19:23:55 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Zeke\Desktop\TDSSKiller.exe
[2011/11/22 19:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/22 19:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/22 17:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/11/22 17:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/11/22 17:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/11/21 21:55:17 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Roaming\HPAppData
[2011/11/20 19:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/11/15 18:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/15 18:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/15 18:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/14 16:33:23 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/11/12 19:05:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/11 15:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClubWPT
[2011/11/10 17:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/10 17:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/08 21:36:40 | 000,000,000 | ---D | C] -- C:\AmericasCardroom.net
[2011/11/07 20:00:37 | 000,000,000 | ---D | C] -- C:\Users\Zeke\AppData\Roaming\Microsoft Corporation
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/26 23:44:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zeke\Desktop\OTL.exe
[2011/11/26 23:43:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 23:43:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 23:34:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/26 23:02:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3066804163-2422679958-3097153674-1000UA.job
[2011/11/26 21:44:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/26 21:43:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/26 21:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 21:43:30 | 4294,168,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/26 20:35:22 | 004,309,325 | R--- | M] (Swearware) -- C:\Users\Zeke\Desktop\ComboFix.exe
[2011/11/26 12:20:19 | 000,007,916 | ---- | M] () -- C:\Users\Zeke\AppData\Local\d3d9caps.dat
[2011/11/26 12:20:00 | 000,000,512 | ---- | M] () -- C:\Users\Zeke\Desktop\MBR.dat
[2011/11/26 11:56:19 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Zeke\Desktop\aswMBR.exe
[2011/11/26 01:19:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/11/26 00:02:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3066804163-2422679958-3097153674-1000Core.job
[2011/11/25 22:43:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Zeke\Desktop\dds.scr
[2011/11/25 21:43:22 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 21:29:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/24 15:37:40 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011/11/24 15:37:40 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011/11/24 15:37:40 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011/11/24 15:37:40 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011/11/24 15:36:56 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/24 15:36:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/23 22:16:13 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2011/11/23 22:16:13 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
[2011/11/23 22:16:13 | 000,036,384 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2011/11/23 22:16:12 | 000,024,024 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2011/11/22 20:30:20 | 000,000,901 | ---- | M] () -- C:\Users\Zeke\Desktop\StarCraft II - Shortcut.lnk
[2011/11/22 19:14:34 | 000,000,777 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/22 17:50:06 | 000,001,287 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/11/22 12:06:52 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Zeke\Desktop\TDSSKiller.exe
[2011/11/21 10:03:18 | 000,002,044 | ---- | M] () -- C:\Users\Zeke\Desktop\Google Chrome.lnk
[2011/11/15 18:06:04 | 000,001,701 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/15 17:58:46 | 000,848,174 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/15 17:58:46 | 000,706,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/15 17:58:46 | 000,143,492 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/11 15:38:56 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\ClubWPT.lnk
[2011/11/10 17:49:48 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/08 21:36:47 | 000,001,551 | ---- | M] () -- C:\Users\Zeke\Desktop\AmericasCardroom.net.lnk
[2011/11/05 12:53:42 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 20:47:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/26 20:47:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/26 20:47:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/26 20:47:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/26 20:47:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/26 12:20:00 | 000,000,512 | ---- | C] () -- C:\Users\Zeke\Desktop\MBR.dat
[2011/11/26 01:19:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/11/25 21:43:22 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 21:29:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/11/24 15:36:56 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/24 15:36:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/22 20:30:20 | 000,000,901 | ---- | C] () -- C:\Users\Zeke\Desktop\StarCraft II - Shortcut.lnk
[2011/11/22 19:14:34 | 000,000,777 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/22 17:50:06 | 000,001,287 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/11/15 18:06:04 | 000,001,701 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/11 15:38:56 | 000,001,661 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClubWPT.lnk
[2011/11/11 15:38:56 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\ClubWPT.lnk
[2011/11/10 17:49:48 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/08 21:36:47 | 000,001,551 | ---- | C] () -- C:\Users\Zeke\Desktop\AmericasCardroom.net.lnk
[2011/11/05 12:53:42 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/11 22:47:21 | 000,000,732 | ---- | C] () -- C:\Users\Zeke\AppData\Local\d3d9caps64.dat
[2011/08/29 20:38:48 | 000,000,050 | ---- | C] () -- C:\Windows\WinFTP.INI
[2011/08/29 13:55:56 | 000,000,600 | ---- | C] () -- C:\Users\Zeke\AppData\Local\PUTTY.RND
[2011/08/21 22:41:58 | 000,168,351 | ---- | C] () -- C:\Windows\hphins33.dat.temp
[2011/08/21 22:41:58 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat.temp
[2011/08/21 22:25:14 | 000,169,553 | ---- | C] () -- C:\Windows\hphins33.dat
[2011/07/12 18:24:11 | 000,022,016 | ---- | C] () -- C:\Users\Zeke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/11 16:57:39 | 000,843,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/08 21:12:35 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/17 00:29:03 | 000,000,065 | ---- | C] () -- C:\Windows\minitab.ini
[2011/03/08 14:53:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/25 15:22:23 | 000,007,916 | ---- | C] () -- C:\Users\Zeke\AppData\Local\d3d9caps.dat
[2011/02/24 15:00:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/02/24 14:59:34 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/02/24 14:59:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/02/20 17:18:12 | 000,110,376 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/01/29 16:30:08 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2009/03/31 00:12:50 | 000,110,376 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/30 23:40:01 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/30 23:17:55 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009/03/30 23:15:28 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2008/09/19 06:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/07/01 21:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========
 
OTL cont.

[2011/06/18 19:53:30 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\BitZipper
[2011/11/22 19:15:52 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\DAEMON Tools Pro
[2011/06/30 16:00:29 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\go
[2011/09/02 15:13:24 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\LolClient
[2011/09/06 16:38:27 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\RIFT
[2011/07/10 15:58:38 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\SystemRequirementsLab
[2011/09/13 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\TuneUp Software
[2011/02/20 19:52:37 | 000,000,000 | ---D | M] -- C:\Users\Zeke\AppData\Roaming\Wizards of the Coast
[2011/11/26 21:42:26 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/11/27 21:10:54 | 000,000,016 | ---- | M] () -- C:\app14.log
[2008/11/25 05:07:32 | 000,000,081 | ---- | M] () -- C:\app4.log
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/09/18 09:01:40 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/26 22:07:48 | 000,024,626 | ---- | M] () -- C:\ComboFix.txt
[2009/03/31 00:29:01 | 000,018,708 | ---- | M] () -- C:\devlist.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2009/03/31 00:29:01 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2008/10/16 21:45:45 | 001,048,576 | RH-- | M] () -- C:\G50V.BIN
[2008/10/20 03:26:02 | 000,000,014 | ---- | M] () -- C:\G50VT_VISTA.30
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/11/26 21:43:30 | 4294,168,576 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/31 00:14:09 | 021,168,128 | ---- | M] () -- C:\inject.log
[2009/03/31 00:14:10 | 020,246,834 | ---- | M] () -- C:\inject.log.txt
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/09/19 06:33:21 | 000,000,003 | ---- | M] () -- C:\K522.txt
[2008/08/08 02:22:19 | 000,000,030 | ---- | M] () -- C:\NERO.LOG
[2011/11/26 21:43:19 | 312,782,847 | -HS- | M] () -- C:\pagefile.sys
[2009/03/30 11:00:38 | 000,000,105 | ---- | M] () -- C:\Pass.txt
[2009/02/22 21:38:44 | 000,003,188 | ---- | M] () -- C:\Patch.LOG
[2008/10/08 23:52:50 | 000,000,019 | ---- | M] () -- C:\PCcillin.TXT
[2008/10/20 03:26:02 | 000,000,007 | ---- | M] () -- C:\RECOVERY.DAT
[2009/03/31 00:10:09 | 000,000,607 | ---- | M] () -- C:\RHDSetup.log
[2011/11/21 22:06:32 | 000,000,460 | ---- | M] () -- C:\rkill.log
[2009/03/31 00:26:23 | 000,000,163 | ---- | M] () -- C:\setup.log
[2011/11/11 15:39:00 | 000,000,089 | ---- | M] () -- C:\SoftUpdate.log
[2008/09/19 06:43:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/30 09:30:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/09/19 06:43:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/30 09:30:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/03/30 23:14:19 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt
[2009/03/30 23:13:55 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
[2011/11/22 19:06:27 | 000,074,246 | ---- | M] () -- C:\TDSSKiller.2.6.20.0_22.11.2011_19.04.51_log.txt
[2011/11/22 19:24:36 | 000,074,308 | ---- | M] () -- C:\TDSSKiller.2.6.20.0_22.11.2011_19.24.09_log.txt
[2011/11/25 19:46:27 | 000,075,216 | ---- | M] () -- C:\TDSSKiller.2.6.20.0_25.11.2011_19.46.03_log.txt
[2009/02/11 22:50:06 | 000,000,025 | ---- | M] () -- C:\V622.TXT
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/06/05 13:24:55 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2009/03/30 23:54:50 | 000,088,694 | ---- | M] () -- C:\Windows\AsCD_Stage114.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/11/26 11:56:19 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Zeke\Desktop\aswMBR.exe
[2011/11/26 20:35:22 | 004,309,325 | R--- | M] (Swearware) -- C:\Users\Zeke\Desktop\ComboFix.exe
[2011/11/26 23:44:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zeke\Desktop\OTL.exe
[2011/08/28 16:15:26 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Zeke\Desktop\putty.exe
[2011/11/22 12:06:52 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Zeke\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >
[2007/06/12 12:34:50 | 000,035,822 | ---- | M] () -- C:\Program Files (x86)\Common Files\ASPG_icon.ico
[2008/05/22 11:35:54 | 000,051,962 | ---- | M] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2008/07/01 21:28:38 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/17 00:29:09 | 000,000,402 | -HS- | M] () -- C:\Users\Zeke\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/08/21 22:55:54 | 000,001,126 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/05/31 17:25:06 | 000,110,376 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2011/05/01 01:49:57 | 000,000,929 | ---- | M] ()(C:\Users\Zeke\Desktop\????????????.lnk) -- C:\Users\Zeke\Desktop\車輪の国、悠久の少年少女.lnk
[2011/05/01 01:49:57 | 000,000,929 | ---- | C] ()(C:\Users\Zeke\Desktop\????????????.lnk) -- C:\Users\Zeke\Desktop\車輪の国、悠久の少年少女.lnk
[2011/05/01 01:47:16 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????????) -- C:\Program Files (x86)\あかべぇそふとつぅ
[2011/05/01 01:47:16 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????????) -- C:\Program Files (x86)\あかべぇそふとつぅ
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\あかべぇそふとつぅ
(C:\Program Files (x86)\?????????) -- C:\Program Files (x86)\あかべぇそふとつぅ

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1

< End of report >
 
Extras

OTL Extras logfile created on: 11/26/2011 11:45:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zeke\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.91% Memory free
8.17 Gb Paging File | 6.27 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 102.62 Gb Free Space | 35.84% Space Free | Partition Type: NTFS

Computer Name: ZEKE-PC | User Name: Zeke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = D7 3C 23 52 CB 23 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6C540116-85A3-44C2-886B-A133A9F723F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E745CB8-D94D-448B-9A6A-B1F212A072FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A3527C6B-0553-46B5-931D-239A8D80CC68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00851D1F-7A42-4D9A-96E8-A7006F22276F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{07E90BA1-489D-4253-8A33-4F6EC1FDACDE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0986C642-7E01-44FA-8D49-4AC9DCB5830C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{162360C2-7881-45E7-998D-C4FBFB92D3DA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{16C1B8CB-BCDB-4798-8211-8753FFB17AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1A0B6E2F-92EA-45D2-8479-0DE27D424407}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{27E3502F-1BB5-4F7F-9A5A-C8CC264E815D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C6C6B8F-4A30-4FE2-8D6E-7D465E3D384F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{318E36EC-B709-41B9-918D-DEA99A5F6070}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{414D621B-9601-47A1-BC08-207F2A5FD0E5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4FF98DFB-CB58-4461-B5F3-F54FE572A191}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5369A470-7C79-4158-814F-9ACD1EDE0067}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{54F624C7-0209-4BDA-A1EE-A18D06C834B6}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{5553EAA7-3535-4024-9F22-0CBB0DB1ECAF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{58537C8B-619E-4532-875E-6ABF40AF2DFE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{6185EA95-4186-4F3F-BE15-53CE348066D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{68491107-308C-4F66-9F02-076A305ABFCA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{70EB202F-9B08-440F-A335-4F7A7AE170B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{76F86F72-EB6B-49CA-BBF3-5C5A95CA68DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{78C9FC06-995A-45EC-A967-98956CEF0FC6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7DBD1F39-5874-490B-99D2-F3F3B09549C5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{88DCB273-F9CD-419B-94F2-E685019A2FAB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{90FDD92C-8496-47A5-9E46-BC06E0D110CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{A1A7EF43-502A-4720-9448-EDD496860BBE}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{A89D246B-8A4F-4E66-AE4B-D45EDB693323}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{ADF4E6D6-C0B1-4EC4-8CCA-9798ED0BF032}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{B0F26889-B784-4A5D-8D74-D5848AD319B6}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{B153DC57-349A-4D13-B11A-42ABE78EBD8F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{BA582FA6-96BF-42FB-9582-DCC22F99ACC3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{BE42EF48-EF65-4D72-B08F-92256035B83B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C3FF6D31-2BF0-42A3-A0E9-223B58AF2D40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C75CA9C2-7B6C-4422-9E68-596B98F6B820}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{C8CBFE82-EAAB-4E37-A63F-1BADC5C892E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C9EB88CC-4484-430E-BEF2-D2994F79EDDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{D1D43FDC-7306-4A60-B04D-8C2C1097F6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{D32636C5-074C-43B1-AEC8-07C49CFCC4A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{D346D51A-A361-4616-804E-0FD603B621C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\post apocalyptic mayhem\pammaingame.exe |
"{D65CDFEF-DB6B-4183-BD35-BCCC34DA56CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E24EF638-DBAD-4681-9254-EBFA5410244B}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{E501132F-2588-4D34-ABAD-DABCF5719E77}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E6C6B49F-FBD8-44FE-BD30-DEC34CA8BEAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{F60D5492-EEFB-4420-A367-A4EC2E584DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\post apocalyptic mayhem\pammaingame.exe |
"{FB9805AA-002C-4358-BFB1-E04C4968449E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{FF808269-4E31-4586-BFAD-C6114ABE3756}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{1EF8447C-53D9-4231-9F4E-E2105F3AB07A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{1F814492-5B35-4F4E-B18D-F37B4222AD18}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{4DF69C4D-2368-46FB-BCA5-9400968A121E}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{5CC60946-9FF0-46BF-ADE6-5D3564E67986}C:\udk\udk-2011-09\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-09\binaries\win64\udk.exe |
"TCP Query User{76BEBD8D-1217-44DD-A837-E45398D6769E}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{93A46A8F-D857-428D-9BE2-37F958AA45C1}C:\users\zeke\downloads\mtgoiii_helper (1).exe" = protocol=6 | dir=in | app=c:\users\zeke\downloads\mtgoiii_helper (1).exe |
"TCP Query User{A6907680-40D4-4993-A8D5-A306E104A7D0}C:\udk\udk-2011-09\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-09\binaries\win32\udk.exe |
"TCP Query User{B80212CF-9BBD-458A-9EBB-DCE79D064FE5}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{B8938770-E0F9-479E-9CB6-FE087FE12AFD}C:\users\zeke\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\zeke\downloads\starcraft_2_na_en-us.exe |
"TCP Query User{DDAB4DE7-D6B2-4FD6-9C2B-FE1C15FCA2B5}C:\users\zeke\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\zeke\downloads\mtgoiii_helper.exe |
"UDP Query User{3E241BBB-7925-4ED1-A0B6-C7F10B9428DB}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{77C2000E-9B34-49CB-B8C5-4B0AA0F326A4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{7A6E2E16-8E41-4457-812B-C2D025E1ADA1}C:\users\zeke\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\zeke\downloads\mtgoiii_helper.exe |
"UDP Query User{80F4AFC6-D280-4A90-BC00-E5754734F310}C:\udk\udk-2011-09\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-09\binaries\win32\udk.exe |
"UDP Query User{9123F22A-C634-4421-B7B6-10E5B60A1CF9}C:\users\zeke\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\zeke\downloads\starcraft_2_na_en-us.exe |
"UDP Query User{93E24765-9A85-4B64-920D-F8AAE8C0E0EB}C:\udk\udk-2011-09\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-09\binaries\win64\udk.exe |
"UDP Query User{9A649CB1-A982-4398-932B-CC04FC1093AD}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{E7390416-1BEE-4C59-9A07-BB74898B4D64}C:\users\zeke\downloads\mtgoiii_helper (1).exe" = protocol=17 | dir=in | app=c:\users\zeke\downloads\mtgoiii_helper (1).exe |
"UDP Query User{F7428FBB-FAAA-41DD-936D-A68FB70D4C1C}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{F7478FC7-4B9E-4120-9282-034B85FC0420}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear eXtreme
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UDK-07d0d7d7-ccc2-42ac-b653-5fd22df729ad" = Sanctum Demo
"UDK-1fcfd887-3dea-4549-88fc-637ce191f6ec" = Unreal Development Kit: 2011-09
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 27
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112596253}" = Galapago
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C018B886-B05B-4B13-B750-AC5956465548}" = nFringe 1.1 (1.1.34.193)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E616A5EE-B7F4-4807-800B-79EB4EB2182B}" = Direct Console 2.0
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}" = Geek Squad 24 Hour Computer Support
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDD6ED8B-DB77-43BC-B0B2-608A1F27AABC}}_is1" = UnCodeX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"AVCPhotoStudio_Wrapper" = myPhotoMovie (remove only)
"BitZipper_is1" = BitZipper 2010
"Cisco Connect" = Cisco Connect
"ClubWPT" = ClubWPT
"Cockatrice" = Cockatrice
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Setup.divx.com" = DivX Setup
"E6AC23B5-9FFE-4CB9-8F68-46CB19197C29" = AmericasCardroom.net
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 9.0 (x86 en-US)" = Mozilla Firefox 9.0 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Peggle Deluxe" = Peggle Deluxe
"Picasa2" = Picasa 2
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PSPad editor_is1" = PSPad editor
"RegZooka" = RegZooka
"StarCraft II" = StarCraft II
"StartNow Toolbar" = StartNow Toolbar
"Steam App 31280" = Poker Night at the Inventory
"Steam App 6860" = Hitman: Blood Money
"Steam App 91900" = Post Apocalyptic Mayhem
"SystemRequirementsLab" = System Requirements Lab
"WinFtp Client_is1" = WinFtp Client 1.5
"車輪の国、悠久の少年少女_is1" = 車輪の国、悠久の少年少女

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
MBR.dat is a copy of your MBR. It's not the log I need.
Re-read my instruction and redo steps to create correct log
 
Sorry about that

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-26 11:57:56
-----------------------------
11:57:56.103 OS Version: Windows x64 6.0.6002 Service Pack 2
11:57:56.103 Number of processors: 2 586 0x1706
11:57:56.104 ComputerName: ZEKE-PC UserName: Zeke
11:57:59.373 Initialize success
11:58:54.321 AVAST engine defs: 11112600
11:59:03.741 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:59:03.743 Disk 0 Vendor: ST932042 SD14 Size: 305245MB BusType: 3
11:59:03.759 Disk 0 MBR read successfully
11:59:03.761 Disk 0 MBR scan
11:59:03.764 Disk 0 MBR:Alureon-I [Rtk]
11:59:03.767 Disk 0 TDL4@MBR code has been found
11:59:03.769 Disk 0 MBR hidden
11:59:03.773 Disk 0 MBR [TDL4] **ROOTKIT**
11:59:03.775 Disk 0 trace - called modules:
11:59:03.782 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8006dc2254]<<
11:59:03.784 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f6f790]
11:59:03.787 3 CLASSPNP.SYS[fffffa6000fcfc33] -> nt!IofCallDriver -> [0xfffffa80040d4040]
11:59:03.790 5 acpi.sys[fffffa60008fcfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004aae050]
11:59:03.795 \Driver\iaStor[0xfffffa80040ce9b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006dc2254
11:59:05.859 AVAST engine scan C:\Windows
11:59:13.765 AVAST engine scan C:\Windows\system32
12:02:01.474 AVAST engine scan C:\Windows\system32\drivers
12:02:32.040 AVAST engine scan C:\Users\Zeke
12:14:19.032 AVAST engine scan C:\ProgramData
12:18:34.900 Scan finished successfully
12:20:00.815 Disk 0 MBR has been saved successfully to "C:\Users\Zeke\Desktop\MBR.dat"
12:20:00.820 The log file has been saved successfully to "C:\Users\Zeke\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-27 01:48:13
-----------------------------
01:48:13.157 OS Version: Windows x64 6.0.6002 Service Pack 2
01:48:13.157 Number of processors: 2 586 0x1706
01:48:13.158 ComputerName: ZEKE-PC UserName: Zeke
01:48:22.531 Initialize success
01:49:27.170 AVAST engine defs: 11112601
01:52:35.190 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:52:35.192 Disk 0 Vendor: ST932042 SD14 Size: 305245MB BusType: 3
01:52:35.231 Disk 0 MBR read successfully
01:52:35.234 Disk 0 MBR scan
01:52:35.237 Disk 0 MBR:Alureon-I [Rtk]
01:52:35.240 Disk 0 TDL4@MBR code has been found
01:52:35.242 Disk 0 MBR hidden
01:52:35.245 Disk 0 MBR [TDL4] **ROOTKIT**
01:52:35.248 Disk 0 trace - called modules:
01:52:35.257 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8006d87254]<<
01:52:35.261 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f79790]
01:52:35.264 3 CLASSPNP.SYS[fffffa6000fccc33] -> nt!IofCallDriver -> [0xfffffa80040d5bf0]
01:52:35.267 5 acpi.sys[fffffa60008fdfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a75050]
01:52:35.302 \Driver\iaStor[0xfffffa80040c99b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006d87254
01:52:43.762 AVAST engine scan C:\Windows
01:53:12.787 AVAST engine scan C:\Windows\system32
01:56:21.704 AVAST engine scan C:\Windows\system32\drivers
01:57:11.853 AVAST engine scan C:\Users\Zeke
02:09:31.336 AVAST engine scan C:\ProgramData
02:14:19.864 Scan finished successfully
02:20:20.133 Disk 0 MBR has been saved successfully to "C:\Users\Zeke\Desktop\MBR.dat"
02:20:20.167 The log file has been saved successfully to "C:\Users\Zeke\Desktop\aswMBR.txt"
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
tds

No infections were found here is the log

12:05:50.0085 2316 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
12:05:51.0603 2316 ============================================================
12:05:51.0603 2316 Current date / time: 2011/11/27 12:05:51.0603
12:05:51.0603 2316 SystemInfo:
12:05:51.0603 2316
12:05:51.0603 2316 OS Version: 6.0.6002 ServicePack: 2.0
12:05:51.0603 2316 Product type: Workstation
12:05:51.0604 2316 ComputerName: ZEKE-PC
12:05:51.0604 2316 UserName: Zeke
12:05:51.0604 2316 Windows directory: C:\Windows
12:05:51.0604 2316 System windows directory: C:\Windows
12:05:51.0604 2316 Running under WOW64
12:05:51.0604 2316 Processor architecture: Intel x64
12:05:51.0604 2316 Number of processors: 2
12:05:51.0604 2316 Page size: 0x1000
12:05:51.0604 2316 Boot type: Normal boot
12:05:51.0604 2316 ============================================================
12:05:52.0290 2316 Initialize success
12:05:53.0729 4684 ============================================================
12:05:53.0729 4684 Scan started
12:05:53.0729 4684 Mode: Manual;
12:05:53.0729 4684 ============================================================
12:05:56.0930 4684 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
12:05:56.0946 4684 ACPI - ok
12:05:57.0052 4684 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
12:05:57.0059 4684 adp94xx - ok
12:05:57.0104 4684 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
12:05:57.0110 4684 adpahci - ok
12:05:57.0138 4684 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
12:05:57.0143 4684 adpu160m - ok
12:05:57.0179 4684 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
12:05:57.0183 4684 adpu320 - ok
12:05:57.0263 4684 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
12:05:57.0298 4684 AFD - ok
12:05:57.0344 4684 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
12:05:57.0348 4684 agp440 - ok
12:05:57.0409 4684 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
12:05:57.0414 4684 aic78xx - ok
12:05:57.0456 4684 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
12:05:57.0458 4684 aliide - ok
12:05:57.0471 4684 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
12:05:57.0474 4684 amdide - ok
12:05:57.0502 4684 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
12:05:57.0505 4684 AmdK8 - ok
12:05:57.0569 4684 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
12:05:57.0573 4684 arc - ok
12:05:57.0614 4684 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
12:05:57.0617 4684 arcsas - ok
12:05:57.0653 4684 AsDsm (7c00a16745957b42ae47b8a47e33a2c3) C:\Windows\system32\drivers\AsDsm.sys
12:05:57.0655 4684 AsDsm - ok
12:05:57.0699 4684 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
12:05:57.0700 4684 ASMMAP64 - ok
12:05:57.0794 4684 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
12:05:57.0799 4684 AsyncMac - ok
12:05:57.0855 4684 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
12:05:57.0857 4684 atapi - ok
12:05:57.0907 4684 Beep - ok
12:05:58.0017 4684 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
12:05:58.0020 4684 blbdrive - ok
12:05:58.0092 4684 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
12:05:58.0097 4684 bowser - ok
12:05:58.0115 4684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
12:05:58.0118 4684 BrFiltLo - ok
12:05:58.0134 4684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
12:05:58.0137 4684 BrFiltUp - ok
12:05:58.0165 4684 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
12:05:58.0168 4684 Brserid - ok
12:05:58.0207 4684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
12:05:58.0211 4684 BrSerWdm - ok
12:05:58.0234 4684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
12:05:58.0236 4684 BrUsbMdm - ok
12:05:58.0252 4684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
12:05:58.0255 4684 BrUsbSer - ok
12:05:58.0269 4684 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
12:05:58.0272 4684 BTHMODEM - ok
12:05:58.0391 4684 catchme - ok
12:05:58.0418 4684 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
12:05:58.0422 4684 cdfs - ok
12:05:58.0536 4684 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
12:05:58.0541 4684 cdrom - ok
12:05:58.0614 4684 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
12:05:58.0617 4684 circlass - ok
12:05:58.0691 4684 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
12:05:58.0706 4684 CLFS - ok
12:05:58.0771 4684 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
12:05:58.0777 4684 CmBatt - ok
12:05:58.0809 4684 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
12:05:58.0812 4684 cmdide - ok
12:05:58.0844 4684 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
12:05:58.0846 4684 Compbatt - ok
12:05:58.0884 4684 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
12:05:58.0886 4684 crcdisk - ok
12:05:58.0983 4684 dfg - ok
12:05:59.0016 4684 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
12:05:59.0019 4684 DfsC - ok
12:05:59.0084 4684 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
12:05:59.0087 4684 disk - ok
12:05:59.0133 4684 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
12:05:59.0138 4684 Dot4 - ok
12:05:59.0177 4684 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:05:59.0181 4684 Dot4Print - ok
12:05:59.0217 4684 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
12:05:59.0221 4684 dot4usb - ok
12:05:59.0308 4684 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
12:05:59.0311 4684 drmkaud - ok
12:05:59.0347 4684 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:05:59.0350 4684 dtsoftbus01 - ok
12:05:59.0421 4684 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
12:05:59.0428 4684 DXGKrnl - ok
12:05:59.0481 4684 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
12:05:59.0485 4684 E1G60 - ok
12:05:59.0592 4684 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
12:05:59.0598 4684 Ecache - ok
12:05:59.0638 4684 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
12:05:59.0645 4684 elxstor - ok
12:05:59.0693 4684 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
12:05:59.0697 4684 ErrDev - ok
12:05:59.0784 4684 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
12:05:59.0789 4684 exfat - ok
12:05:59.0818 4684 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
12:05:59.0860 4684 fastfat - ok
12:05:59.0894 4684 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
12:05:59.0898 4684 fdc - ok
12:05:59.0913 4684 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
12:05:59.0916 4684 FileInfo - ok
12:05:59.0960 4684 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
12:05:59.0964 4684 Filetrace - ok
12:05:59.0990 4684 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:05:59.0993 4684 flpydisk - ok
12:06:00.0036 4684 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
12:06:00.0069 4684 FltMgr - ok
12:06:00.0152 4684 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
12:06:00.0157 4684 Fs_Rec - ok
12:06:00.0240 4684 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
12:06:00.0244 4684 gagp30kx - ok
12:06:00.0304 4684 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:06:00.0307 4684 GEARAspiWDM - ok
12:06:00.0500 4684 ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
12:06:00.0500 4684 ghaio - ok
12:06:00.0580 4684 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
12:06:00.0586 4684 HdAudAddService - ok
12:06:00.0740 4684 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:06:00.0783 4684 HDAudBus - ok
12:06:00.0806 4684 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
12:06:00.0811 4684 HidBth - ok
12:06:00.0833 4684 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
12:06:00.0838 4684 HidIr - ok
12:06:00.0895 4684 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
12:06:00.0899 4684 HidUsb - ok
12:06:00.0944 4684 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
12:06:00.0948 4684 HpCISSs - ok
12:06:01.0033 4684 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
12:06:01.0065 4684 HTTP - ok
12:06:01.0090 4684 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
12:06:01.0100 4684 i2omp - ok
12:06:01.0144 4684 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
12:06:01.0149 4684 i8042prt - ok
12:06:01.0182 4684 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys
12:06:01.0186 4684 iaStor - ok
12:06:01.0246 4684 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
12:06:01.0273 4684 iaStorV - ok
12:06:01.0300 4684 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
12:06:01.0304 4684 iirsp - ok
12:06:01.0455 4684 IntcAzAudAddService (29c63bc0fbe776cde25c8293fb1e0f91) C:\Windows\system32\drivers\RTKVHD64.sys
12:06:01.0469 4684 IntcAzAudAddService - ok
12:06:01.0514 4684 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
12:06:01.0518 4684 intelide - ok
12:06:01.0559 4684 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
12:06:01.0561 4684 intelppm - ok
12:06:01.0609 4684 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:06:01.0614 4684 IpFilterDriver - ok
12:06:01.0640 4684 IpInIp - ok
12:06:01.0686 4684 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
12:06:01.0691 4684 IPMIDRV - ok
12:06:01.0714 4684 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
12:06:01.0719 4684 IPNAT - ok
12:06:01.0776 4684 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
12:06:01.0781 4684 IRENUM - ok
12:06:01.0816 4684 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
12:06:01.0820 4684 isapnp - ok
12:06:01.0878 4684 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
12:06:01.0883 4684 iScsiPrt - ok
12:06:01.0903 4684 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
12:06:01.0906 4684 iteatapi - ok
12:06:01.0976 4684 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
12:06:01.0983 4684 itecir - ok
12:06:02.0010 4684 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
12:06:02.0014 4684 iteraid - ok
12:06:02.0035 4684 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
12:06:02.0037 4684 kbdclass - ok
12:06:02.0084 4684 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
12:06:02.0087 4684 kbdhid - ok
12:06:02.0165 4684 kbfiltr (4c9b832435061634dfbeb980ad67bfff) C:\Windows\system32\DRIVERS\kbfiltr.sys
12:06:02.0168 4684 kbfiltr - ok
12:06:02.0400 4684 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
12:06:02.0443 4684 KSecDD - ok
12:06:02.0548 4684 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
12:06:02.0553 4684 ksthunk - ok
12:06:02.0642 4684 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
12:06:02.0646 4684 lltdio - ok
12:06:02.0694 4684 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
12:06:02.0701 4684 LSI_FC - ok
12:06:02.0753 4684 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
12:06:02.0758 4684 LSI_SAS - ok
12:06:02.0801 4684 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
12:06:02.0807 4684 LSI_SCSI - ok
12:06:02.0848 4684 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
12:06:02.0854 4684 luafv - ok
12:06:02.0901 4684 lullaby (5fbb81e1ba7d07301787a489962f4b9e) C:\Windows\system32\DRIVERS\lullaby.sys
12:06:02.0904 4684 lullaby - ok
12:06:02.0912 4684 MBAMProtector - ok
12:06:02.0977 4684 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
12:06:02.0982 4684 megasas - ok
12:06:03.0135 4684 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
12:06:03.0171 4684 MegaSR - ok
12:06:03.0202 4684 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
12:06:03.0209 4684 Modem - ok
12:06:03.0304 4684 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
12:06:03.0307 4684 monitor - ok
12:06:03.0437 4684 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
12:06:03.0441 4684 mouclass - ok
12:06:03.0527 4684 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
12:06:03.0535 4684 mouhid - ok
12:06:03.0581 4684 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
12:06:03.0586 4684 MountMgr - ok
12:06:03.0664 4684 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
12:06:03.0670 4684 mpio - ok
12:06:03.0699 4684 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
12:06:03.0704 4684 mpsdrv - ok
12:06:03.0766 4684 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
12:06:03.0771 4684 Mraid35x - ok
12:06:03.0810 4684 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
12:06:03.0815 4684 MRxDAV - ok
12:06:03.0850 4684 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:06:03.0855 4684 mrxsmb - ok
12:06:03.0892 4684 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:06:03.0934 4684 mrxsmb10 - ok
12:06:03.0956 4684 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:06:03.0960 4684 mrxsmb20 - ok
12:06:04.0036 4684 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
12:06:04.0039 4684 msahci - ok
12:06:04.0071 4684 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
12:06:04.0077 4684 msdsm - ok
12:06:04.0095 4684 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
12:06:04.0101 4684 Msfs - ok
12:06:04.0155 4684 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
12:06:04.0159 4684 msisadrv - ok
12:06:04.0218 4684 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
12:06:04.0223 4684 MSKSSRV - ok
12:06:04.0253 4684 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
12:06:04.0259 4684 MSPCLOCK - ok
12:06:04.0287 4684 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
12:06:04.0294 4684 MSPQM - ok
12:06:04.0407 4684 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
12:06:04.0449 4684 MsRPC - ok
12:06:04.0470 4684 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
12:06:04.0474 4684 mssmbios - ok
12:06:04.0557 4684 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
12:06:04.0563 4684 MSTEE - ok
12:06:04.0625 4684 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
12:06:04.0626 4684 MTsensor - ok
12:06:04.0703 4684 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
12:06:04.0709 4684 Mup - ok
12:06:04.0795 4684 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
12:06:04.0803 4684 NativeWifiP - ok
12:06:05.0015 4684 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
12:06:05.0076 4684 NDIS - ok
12:06:05.0134 4684 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
12:06:05.0139 4684 NdisTapi - ok
12:06:05.0158 4684 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
12:06:05.0164 4684 Ndisuio - ok
12:06:05.0230 4684 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
12:06:05.0269 4684 NdisWan - ok
12:06:05.0288 4684 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
12:06:05.0294 4684 NDProxy - ok
12:06:05.0359 4684 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
12:06:05.0365 4684 NetBIOS - ok
12:06:05.0415 4684 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
12:06:05.0422 4684 netbt - ok
12:06:05.0846 4684 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
12:06:05.0958 4684 NETw5v64 - ok
12:06:06.0010 4684 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
12:06:06.0016 4684 nfrd960 - ok
12:06:06.0109 4684 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
12:06:06.0115 4684 Npfs - ok
12:06:06.0145 4684 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
12:06:06.0151 4684 nsiproxy - ok
12:06:06.0508 4684 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
12:06:06.0550 4684 Ntfs - ok
12:06:06.0618 4684 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
12:06:06.0624 4684 Null - ok
12:06:06.0744 4684 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
12:06:06.0749 4684 NVHDA - ok
12:06:08.0172 4684 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:06:08.0260 4684 nvlddmkm - ok
12:06:08.0445 4684 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
12:06:08.0449 4684 nvoclk64 - ok
12:06:08.0537 4684 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
12:06:08.0543 4684 nvraid - ok
12:06:08.0571 4684 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
12:06:08.0576 4684 nvstor - ok
12:06:08.0643 4684 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
12:06:08.0649 4684 nv_agp - ok
12:06:08.0659 4684 NwlnkFlt - ok
12:06:08.0674 4684 NwlnkFwd - ok
12:06:08.0773 4684 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
12:06:08.0778 4684 ohci1394 - ok
12:06:08.0839 4684 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
12:06:08.0846 4684 Parport - ok
12:06:08.0887 4684 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
12:06:08.0893 4684 partmgr - ok
12:06:08.0936 4684 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
12:06:08.0942 4684 pci - ok
12:06:08.0981 4684 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
12:06:08.0985 4684 pciide - ok
12:06:09.0019 4684 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
12:06:09.0072 4684 pcmcia - ok
12:06:09.0278 4684 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
12:06:09.0341 4684 PEAUTH - ok
12:06:09.0450 4684 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
12:06:09.0458 4684 PptpMiniport - ok
12:06:09.0478 4684 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
12:06:09.0483 4684 Processor - ok
12:06:09.0517 4684 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
12:06:09.0524 4684 PSched - ok
12:06:09.0559 4684 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys
12:06:09.0563 4684 pxkbf - ok
12:06:09.0620 4684 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys
12:06:09.0626 4684 pxrts - ok
12:06:09.0643 4684 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys
12:06:09.0648 4684 pxscan - ok
12:06:09.0777 4684 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
12:06:09.0807 4684 ql2300 - ok
12:06:09.0871 4684 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
12:06:09.0879 4684 ql40xx - ok
12:06:09.0911 4684 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
12:06:09.0916 4684 QWAVEdrv - ok
12:06:09.0979 4684 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
12:06:09.0984 4684 RasAcd - ok
12:06:10.0049 4684 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:06:10.0055 4684 Rasl2tp - ok
12:06:10.0110 4684 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
12:06:10.0116 4684 RasPppoe - ok
12:06:10.0143 4684 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
12:06:10.0149 4684 RasSstp - ok
12:06:10.0187 4684 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
12:06:10.0214 4684 rdbss - ok
12:06:10.0244 4684 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:06:10.0250 4684 RDPCDD - ok
12:06:10.0273 4684 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
12:06:10.0319 4684 rdpdr - ok
12:06:10.0338 4684 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
12:06:10.0344 4684 RDPENCDD - ok
12:06:10.0378 4684 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
12:06:10.0415 4684 RDPWD - ok
12:06:10.0492 4684 rimmptsk (528d70eabe8305a02f387fec839b9a47) C:\Windows\system32\DRIVERS\rimmpx64.sys
12:06:10.0499 4684 rimmptsk - ok
12:06:10.0518 4684 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
12:06:10.0523 4684 rimsptsk - ok
12:06:10.0541 4684 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
12:06:10.0546 4684 rismxdp - ok
12:06:10.0592 4684 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
12:06:10.0601 4684 RsFx0103 - ok
12:06:10.0623 4684 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
12:06:10.0630 4684 rspndr - ok
12:06:10.0703 4684 RTL8169 (a2cbe070fba458357acef41c3f3906ca) C:\Windows\system32\DRIVERS\Rtlh64.sys
12:06:10.0711 4684 RTL8169 - ok
12:06:10.0742 4684 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
12:06:10.0751 4684 sbp2port - ok
12:06:10.0822 4684 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
12:06:10.0829 4684 sdbus - ok
12:06:10.0875 4684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:06:10.0882 4684 secdrv - ok
12:06:10.0926 4684 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
12:06:10.0932 4684 Serenum - ok
12:06:10.0952 4684 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
12:06:10.0958 4684 Serial - ok
12:06:10.0981 4684 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
12:06:10.0986 4684 sermouse - ok
12:06:11.0013 4684 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
12:06:11.0020 4684 sffdisk - ok
12:06:11.0036 4684 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
12:06:11.0042 4684 sffp_mmc - ok
12:06:11.0063 4684 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
12:06:11.0069 4684 sffp_sd - ok
12:06:11.0089 4684 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
12:06:11.0094 4684 sfloppy - ok
12:06:11.0115 4684 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
12:06:11.0121 4684 SiSRaid2 - ok
12:06:11.0140 4684 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
12:06:11.0148 4684 SiSRaid4 - ok
12:06:11.0213 4684 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
12:06:11.0221 4684 Smb - ok
12:06:11.0530 4684 SNP2UVC (0f8d8fe3a4ce42b11e9dfc1bd72756f6) C:\Windows\system32\DRIVERS\snp2uvc.sys
12:06:11.0545 4684 SNP2UVC - ok
12:06:11.0617 4684 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
12:06:11.0622 4684 spldr - ok
12:06:11.0724 4684 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
12:06:11.0754 4684 srv - ok
12:06:11.0796 4684 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
12:06:11.0822 4684 srv2 - ok
12:06:11.0836 4684 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
12:06:11.0844 4684 srvnet - ok
12:06:11.0935 4684 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
12:06:11.0940 4684 swenum - ok
12:06:11.0974 4684 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
12:06:11.0983 4684 Symc8xx - ok
12:06:12.0015 4684 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
12:06:12.0023 4684 Sym_hi - ok
12:06:12.0033 4684 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
12:06:12.0040 4684 Sym_u3 - ok
12:06:12.0064 4684 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
12:06:12.0071 4684 SynTP - ok
12:06:12.0255 4684 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
12:06:12.0306 4684 Tcpip - ok
12:06:12.0493 4684 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
12:06:12.0506 4684 Tcpip6 - ok
12:06:12.0610 4684 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
12:06:12.0618 4684 tcpipreg - ok
12:06:12.0642 4684 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
12:06:12.0648 4684 TDPIPE - ok
12:06:12.0715 4684 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
12:06:12.0722 4684 TDTCP - ok
12:06:12.0762 4684 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
12:06:12.0770 4684 tdx - ok
12:06:12.0826 4684 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
12:06:12.0832 4684 TermDD - ok
12:06:12.0895 4684 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:06:12.0902 4684 tssecsrv - ok
12:06:12.0945 4684 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
12:06:12.0952 4684 tunmp - ok
12:06:12.0983 4684 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
12:06:12.0989 4684 tunnel - ok
12:06:13.0018 4684 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
12:06:13.0025 4684 uagp35 - ok
12:06:13.0059 4684 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
12:06:13.0068 4684 udfs - ok
12:06:13.0091 4684 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
12:06:13.0098 4684 uliagpkx - ok
12:06:13.0125 4684 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
12:06:13.0153 4684 uliahci - ok
12:06:13.0188 4684 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
12:06:13.0198 4684 UlSata - ok
12:06:13.0227 4684 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
12:06:13.0234 4684 ulsata2 - ok
12:06:13.0249 4684 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
12:06:13.0259 4684 umbus - ok
12:06:13.0355 4684 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:06:13.0363 4684 USBAAPL64 - ok
12:06:13.0397 4684 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
12:06:13.0405 4684 usbaudio - ok
12:06:13.0470 4684 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
12:06:13.0479 4684 usbccgp - ok
12:06:13.0497 4684 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
12:06:13.0504 4684 usbcir - ok
12:06:13.0539 4684 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
12:06:13.0547 4684 usbehci - ok
12:06:13.0580 4684 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
12:06:13.0589 4684 usbhub - ok
12:06:13.0613 4684 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
12:06:13.0619 4684 usbohci - ok
12:06:13.0641 4684 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
12:06:13.0647 4684 usbprint - ok
12:06:13.0673 4684 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:06:13.0683 4684 USBSTOR - ok
12:06:13.0695 4684 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
12:06:13.0702 4684 usbuhci - ok
12:06:13.0751 4684 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
12:06:13.0759 4684 usbvideo - ok
12:06:13.0816 4684 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
12:06:13.0824 4684 vga - ok
12:06:13.0879 4684 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
12:06:13.0886 4684 VgaSave - ok
12:06:13.0906 4684 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
12:06:13.0916 4684 viaide - ok
12:06:13.0951 4684 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
12:06:13.0960 4684 volmgr - ok
12:06:13.0987 4684 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
12:06:14.0002 4684 volmgrx - ok
12:06:14.0025 4684 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
12:06:14.0037 4684 volsnap - ok
12:06:14.0070 4684 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
12:06:14.0077 4684 vsmraid - ok
12:06:14.0105 4684 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
12:06:14.0113 4684 WacomPen - ok
12:06:14.0166 4684 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
12:06:14.0175 4684 Wanarp - ok
12:06:14.0181 4684 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
12:06:14.0188 4684 Wanarpv6 - ok
12:06:14.0213 4684 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
12:06:14.0221 4684 Wd - ok
12:06:14.0250 4684 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
12:06:14.0266 4684 Wdf01000 - ok
12:06:14.0337 4684 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:06:14.0344 4684 WmiAcpi - ok
12:06:14.0415 4684 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
12:06:14.0423 4684 WpdUsb - ok
12:06:14.0450 4684 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
12:06:14.0459 4684 ws2ifsl - ok
12:06:14.0561 4684 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:06:14.0570 4684 WUDFRd - ok
12:06:14.0660 4684 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
12:06:14.0700 4684 xnacc - ok
12:06:14.0767 4684 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
12:06:14.0786 4684 yukonx64 - ok
12:06:14.0860 4684 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
12:06:14.0880 4684 \Device\Harddisk0\DR0 - ok
12:06:14.0884 4684 Boot (0x1200) (2d7ec30642f5622014057dcbc977028b) \Device\Harddisk0\DR0\Partition0
12:06:14.0885 4684 \Device\Harddisk0\DR0\Partition0 - ok
12:06:14.0887 4684 ============================================================
12:06:14.0887 4684 Scan finished
12:06:14.0887 4684 ============================================================
12:06:14.0902 0320 Detected object count: 0
12:06:14.0902 0320 Actual detected object count: 0
 
We need to reset your MBR.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run aswMBR again and post its log.
 
so i have a lot of school work and other things so it might take me a day or two to get a blank cd hopefully not too long though
 
Sorry for being so late

Hey sorry for being so late with this post, finals and stuff, just so you know iexplore.exe is now not showing up in processes and my cpu has been fine. Thank you so much for helping me get over this annoying problem.
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni

Latest posts

Back