[Closed] Windows Security Center service could not be started

Status
Not open for further replies.

signofzeta

Posts: 106   +0
Ok, I posted the exact same thing in the "BSOD" section of the forums, and if you don't think the whole windows security couldn't start thing is a cause of a virus, then you can close the one in the "BSOD" section of the forums and keep this one open. Anyway, Here is what I have. I also want some lurking threats removed, if there are any.

Malwarebytes:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
George :: GEORGEGAMINGPC [administrator]

2/11/2012 4:27:20 PM
mbam-log-2012-02-11 (16-27-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207254
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Gmer

GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-12 08:41:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9250320AS rev.0303
Running: gtoqqskx.exe; Driver: C:\Users\George\AppData\Local\Temp\axdyqpoc.sys


---- System - GMER 1.0.15 ----

SSDT 90493C5E ZwCreateSection
SSDT 90493C68 ZwRequestWaitReplyPort
SSDT 90493C63 ZwSetContextThread
SSDT 90493C6D ZwSetSecurityObject
SSDT 90493C72 ZwSystemDebugControl
SSDT 90493BFF ZwTerminateProcess

INT 0x51 ? 85B92BF8
INT 0x52 ? 8749FBF8
INT 0x62 ? 8749FBF8
INT 0x72 ? 8749FBF8
INT 0xB2 ? 85B92BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 830F4998 4 Bytes [5E, 3C, 49, 90] {POP ESI; CMP AL, 0x49; NOP }
.text ntkrnlpa.exe!KeSetEvent + 539 830F4CBC 4 Bytes [68, 3C, 49, 90]
.text ntkrnlpa.exe!KeSetEvent + 56D 830F4CF0 4 Bytes [63, 3C, 49, 90] {ARPL [ECX+ECX*2], DI; NOP }
.text ntkrnlpa.exe!KeSetEvent + 5D1 830F4D54 4 Bytes [6D, 3C, 49, 90] {INSD ; CMP AL, 0x49; NOP }
.text ntkrnlpa.exe!KeSetEvent + 619 830F4D9C 4 Bytes [72, 3C, 49, 90] {JB 0x3e; DEC ECX; NOP }
.text ...
? System32\Drivers\spak.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 837CE41B 5 Bytes JMP 8749F1D8
.text axf7xfon.SYS 8F575000 22 Bytes [82, C3, 01, 83, 6C, C2, 01, ...]
.text axf7xfon.SYS 8F575017 84 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...]
.text axf7xfon.SYS 8F57506C 52 Bytes [A0, EE, 08, 83, 98, EE, 0E, ...]
.text axf7xfon.SYS 8F5750A1 29 Bytes [10, 0F, 83, 74, 06, 09, 83, ...]
.text axf7xfon.SYS 8F5750BF 13 Bytes [83, 00, 00, 00, 00, 00, 00, ...] {ADD DWORD [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[3116] SHELL32.dll!SHFileOperationW 762068E8 5 Bytes JMP 03651102 C:\Program Files\Unlocker\UnlockerHook.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806966D6] \SystemRoot\System32\Drivers\spak.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80696042] \SystemRoot\System32\Drivers\spak.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80696800] \SystemRoot\System32\Drivers\spak.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806960C0] \SystemRoot\System32\Drivers\spak.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069613E] \SystemRoot\System32\Drivers\spak.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A5E9C] \SystemRoot\System32\Drivers\spak.sys
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortWritePortUchar] 838F59AF
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8F5980
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortRequestCallback] [8B55CC00] \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\axf7xfon.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 865251F8
Device \FileSystem\fastfat \FatCdrom 8B1FD1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 865221F8
Device \Driver\usbohci \Device\USBPDO-0 877341F8
Device \Driver\usbohci \Device\USBPDO-1 877341F8
Device \Driver\usbehci \Device\USBPDO-2 8765F500
Device \Driver\PCI_PNP6875 \Device\00000055 spak.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{F30F37EC-794C-4650-A5AB-1880BB88B0BA} 87B8D1F8
Device \Driver\volmgr \Device\HarddiskVolume1 865221F8
Device \Driver\volmgr \Device\HarddiskVolume2 865221F8
Device \Driver\cdrom \Device\CdRom0 877351F8
Device \Driver\sptd \Device\3005320884 spak.sys
Device \Driver\volmgr \Device\HarddiskVolume3 865221F8
Device \Driver\cdrom \Device\CdRom1 877351F8
Device \Driver\cdrom \Device\CdRom2 877351F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87B8D1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{A0BBAC67-483F-495C-AC61-DBB492CA07A9} 87B8D1F8
Device \Driver\Smb \Device\NetbiosSmb 87E7C1F8
Device \Driver\iScsiPrt \Device\RaidPort0 87751500
Device \Driver\usbohci \Device\USBFDO-0 877341F8
Device \Driver\usbohci \Device\USBFDO-1 877341F8
Device \Driver\usbehci \Device\USBFDO-2 8765F500
Device \Driver\axf7xfon \Device\Scsi\axf7xfon1 877C51F8
Device \Driver\axf7xfon \Device\Scsi\axf7xfon1Port4Path0Target1Lun0 877C51F8
Device \Driver\axf7xfon \Device\Scsi\axf7xfon1Port4Path0Target0Lun0 877C51F8
Device \FileSystem\fastfat \Fat 8B1FD1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs A3F7D1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d60c5c31d
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x43 0x1A 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x49 0xFD 0xC3 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0xD0 0x71 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB6 0x4A 0xEA 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xF9 0x28 0xF0 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x5F 0x79 0xFD 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x43 0x1A 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x49 0xFD 0xC3 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0xD0 0x71 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB6 0x4A 0xEA 0xBC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xF9 0x28 0xF0 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x5F 0x79 0xFD 0x56 ...

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
File C:\Windows\$NtUninstallKB56683$\1151941440 0 bytes
File C:\Windows\$NtUninstallKB56683$\26205412 0 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\@ 2048 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\bckfg.tmp 863 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\cfg.ini 185 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\keywords 26 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\L 0 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\L\qnbwvoto 75264 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\U 0 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB56683$\26205412\U\80000032.@ 77312 bytes

---- EOF - GMER 1.0.15 ----
 
DDS

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Run by George at 9:13:12 on 2012-02-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1226 [GMT -6:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\seagate\Sync\FreeAgentService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\seagate\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12\imesc\IMSCMIG.EXE /INSTALL
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HControlUser] "c:\program files\atk hotkey\HcontrolUser.exe"
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MaxMenuMgr] "c:\seagate\freeagent status\StxMenuMgr.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
StartupFolder: c:\users\george\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{dc905847-d537-427f-bf91-47cc7accde58}\_DF3A81D17C478A2A6C60A5.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{A0BBAC67-483F-495C-AC61-DBB492CA07A9} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{F30F37EC-794C-4650-A5AB-1880BB88B0BA} : DhcpNameServer = 10.0.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\george\appdata\roaming\mozilla\firefox\profiles\tkl96nqs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64242
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\george\appdata\roaming\mozilla\plugins\npicaN.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-4-7 15416]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-31 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-1-31 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-1-31 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-1-31 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-31 74640]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FreeAgentGoNext Service;Seagate Service;c:\seagate\sync\FreeAgentService.exe [2009-9-25 189736]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-11-19 5120]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-8 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 135664]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragonageorigins\dragon age\bin_ship\daupdatersvc.service.exe --> d:\dragonageorigins\dragon age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-1 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-4-7 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-31 14:10:07 -------- d-----w- c:\users\george\appdata\local\AskToolbar
2012-01-31 14:04:14 -------- d-----w- c:\users\george\appdata\roaming\Avira
2012-01-31 13:58:15 -------- d-----w- c:\program files\Ask.com
2012-01-31 13:57:32 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-31 13:57:32 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-31 13:57:31 -------- d-----w- c:\programdata\Avira
2012-01-31 13:57:31 -------- d-----w- c:\program files\Avira
2012-01-17 13:43:20 -------- d-----w- c:\users\george\appdata\roaming\Kalaaf
2012-01-17 13:43:20 -------- d-----w- c:\users\george\appdata\roaming\Appe
.
==================== Find3M ====================
.
2012-02-11 15:21:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-02-09 09:56:42 189744 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-09 09:56:38 189744 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-04 01:13:20 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-01-02 10:23:32 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-07-02 02:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll
.
============= FINISH: 9:14:21.03 ===============
 
attach

attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/7/2009 9:35:04 AM
System Uptime: 2/11/2012 9:20:30 AM (24 hours ago)
.
Motherboard: PEGATRON CORPORATION | | F50SV
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU 1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 11.079 GiB free.
D: is FIXED (NTFS) - 105 GiB total, 13.952 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP850: 2/11/2012 5:21:18 PM - Scheduled Checkpoint
RP851: 2/12/2012 5:27:09 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
Ask Toolbar
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear eXtreme
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
ASUS Virtual Camera
Asus_Camera_ScreenSaver
Atheros Client Installation Program
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
BitComet 1.12
Brink
Call of Duty Modern Warfare 2
CDBurnerXP
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix XenApp Web Plugin
Company of Heroes
CyberLink LabelPrint
CyberLink Power2Go
Dolby Control Center
Doom 3
Doom 3 (TM) Demo
DOOM 3: Resurrection of Evil
DOOM II: Hell on Earth
DOSShell 1.4
Dragon Age: Origins
Explorer Suite III
Express Gate
Fallout 3
Fallout Mod Manager 0.11.9
Game Scanner
Google Desktop
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HeXen: Deathkings of the Dark Citadel
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
LightScribe System Software 1.14.17.1
Logitech Gaming Software
Magic Online
Magic: The Gathering - Duels of the Planeswalkers Demo
Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo
Malwarebytes Anti-Malware version 1.60.1.1000
Marvel(TM) - Ultimate Alliance
MATLAB R2009b
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Chinese (Simplified)) 2007
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007 Help ¸üР(KB963678)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678)
Microsoft Office Excel MUI (Chinese (Simplified)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook 2007 Help ¸üР(KB963677)
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669)
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Chinese (Simplified)) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Chinese (Simplified)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Help ¸üР(KB963665)
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665)
Microsoft Office Word MUI (Chinese (Simplified)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
NBA 2K11
NBA 2K12
NVIDIA Drivers
NVIDIA PhysX
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - The Fighter's Stronghold
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OpenOffice.org 3.1
Picasa 2
PunkBuster Services
Python 2.5.2
Qtracker
Quake 4(TM) Demo
Quake Live Mozilla Plugin
QuickTime
Realtek High Definition Audio Driver
Return to Castle Wolfenstein
Return to Castle Wolfenstein Multiplayer DEMO
Samsung SCX-4x21 Series
SanctionedMedia
Seagate Manager Installer
SecureW2 EAP Suite 1.1.3 for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skulltag
Skype Toolbars
Skype™ 5.0
Steam
Synaptics Pointing Device Driver
TextPad 4.7
The Ultimate DOOM
Unlocker 1.9.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553975)
USB 2.0 1.3M UVC WebCam
Vista Codec Package
Warcraft II BNE
Winamp
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinFlash
WinRAR archiver
Wireless Console 2
Wolfenstein
Wolfenstein - Enemy Territory
Wolfenstein 3D: Spear of Destiny
Wolfenstein Demo
Wolfenstein(TM) 1.1 Patch
Wolfenstein(TM) 1.1 Patch
Wolfenstein(TM) 1.2 Patch
Wolfenstein(TM) 1.2 Patch
Wolfenstein(TM) Demo
wxPython 2.8.7.1 (ansi) for Python 2.5
Xfire (remove only)
YDKJ The 5th Dementia
You Don't Know Jack - Sports 1.0
You Don't Know Jack - Volume 2 1.0
You Don't Know Jack - XL 1.0
You Don't Know Jack 4 1.00
YOU DON'T KNOW JACK Louder! Faster! Funnier!
YOU DON'T KNOW JACK Offline
YOU DON'T KNOW JACK Volume 3
You Don't Know Jack®
Yu-Gi-Oh! ONLINE 3
.
==== End Of File ===========================
 
You do have some malware. However, we will have to look further to determine the extent of it.

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===============================
Please leave logs for Combofix and Eset scan in next reply.
==============================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.
=====================================
I have deleted your other thread.
 
If it ran, there is a log.

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

If you cannot find C:\Combofix.txt on your system, please update and run the program again.
 
ok, I ran the program twice, and in both scenarios, it doesn't give me a log, nor does C:\ComboFix.txt exist.

Combofix never told me to update the program, and when it started, it said it failed to get data from EnableLUA. And then it said that again. Then it created a system restore point, and backed up my registry. Then it started scanning.

What happened is that it detected a Rootkit ZeroAccess, or whatever it was called, and when the scan was done, it rebooted the machine, because it had to deal with the rootkit, whether it was Zero Access or not, I don't know. When i went back in, it just rebooted normally, and ComboFix didn't run, nor did a txt file pop up.

It could mean that there is another program that runs during startup, that is blocking the txt file from popping up.
 
Please run this instead:
  • Download OTL from one of the links below and save it to your desktop.
    OTL.exe
    OTL.com
    OTL.scr
    You just need one. Sometimes the file extension gets blocked.

    Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  • Double click the OTL icon to run it.
    OTL_icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
OTL

OTL

OTL logfile created on: 2/12/2012 8:00:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\George\Desktop\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.66% Memory free
6.19 Gb Paging File | 5.32 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 9.68 Gb Free Space | 8.31% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 13.79 Gb Free Space | 13.17% Space Free | Partition Type: NTFS

Computer Name: GEORGEGAMINGPC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\George\Desktop\downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\seagate\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()
MOD - C:\Windows\ASScrPro.exe ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (DAUpdaterSvc) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FreeAgentGoNext Service) -- C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64242
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 14:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 01:21:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6C028C61-1644-4D51-B6C5-E47F4688180E}: C:\Users\George\AppData\Local\{6C028C61-1644-4D51-B6C5-E47F4688180E}\

[2009/06/07 17:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2012/01/31 07:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions
[2011/03/18 20:46:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/18 11:39:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/06/10 13:10:45 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/12/24 18:32:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/07 17:38:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\battlefieldheroespatcher@ea.com
[2012/01/31 08:12:36 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\toolbar@ask.com
[2011/12/24 18:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\trash
[2011/11/10 13:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/25 22:52:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/12/30 14:51:53 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/11/11 01:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/08 01:21:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 13:51:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\seagate\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0BBAC67-483F-495C-AC61-DBB492CA07A9}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F30F37EC-794C-4650-A5AB-1880BB88B0BA}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\George\Pictures\black.jpg
O24 - Desktop BackupWallPaper: C:\Users\George\Pictures\black.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 19:03:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/12 16:07:36 | 004,400,207 | R--- | C] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
[2012/02/12 12:00:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/12 12:00:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/12 12:00:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/12 11:59:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/31 08:10:07 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\AskToolbar
[2012/01/31 08:04:14 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Avira
[2012/01/31 07:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/31 07:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/01/31 07:57:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/01/31 07:57:32 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/01/31 07:57:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/01/31 07:57:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/01/31 07:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/31 07:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/01/30 20:02:00 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Help
[2012/01/17 07:43:20 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Kalaaf
[2012/01/17 07:43:20 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Appe
[2008/06/03 00:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2012/02/12 19:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 19:51:45 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/02/12 19:51:02 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012/02/12 19:50:59 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/02/12 19:50:58 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 19:50:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 19:50:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 19:50:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/12 19:50:11 | 3218,378,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/12 18:58:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/12 16:07:42 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
[2012/02/12 12:59:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/12 08:49:25 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job
[2012/02/11 17:36:28 | 000,000,680 | ---- | M] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2012/02/11 16:26:38 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 03:56:42 | 000,189,744 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/02/05 23:40:23 | 000,131,584 | ---- | M] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/03 19:13:20 | 000,139,904 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/01/31 07:58:47 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/24 17:22:27 | 000,009,391 | ---- | M] () -- C:\Users\George\Documents\propassign2.ods

========== Files Created - No Company Name ==========

[2012/02/12 19:50:11 | 3218,378,752 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/12 12:00:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/12 12:00:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/12 12:00:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/12 12:00:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/12 12:00:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/31 07:58:47 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/24 17:22:24 | 000,009,391 | ---- | C] () -- C:\Users\George\Documents\propassign2.ods
[2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\Users\George\AppData\Local\bsc7o1i0dbmi
[2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\ProgramData\bsc7o1i0dbmi
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/04 17:44:11 | 000,000,000 | ---- | C] () -- C:\Users\George\AppData\Local\Hfefaf.bin
[2011/03/04 17:43:13 | 000,000,120 | ---- | C] () -- C:\Users\George\AppData\Local\Xkidagayus.dat
[2011/02/10 20:06:59 | 000,006,327 | ---- | C] () -- C:\Users\George\AppData\Roaming\56DE.800
[2010/11/28 22:53:40 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2010/06/24 18:59:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/26 06:12:58 | 000,000,313 | ---- | C] () -- C:\Windows\doom3.ini
[2009/12/07 17:48:25 | 002,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009/11/19 04:01:46 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009/11/19 04:01:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009/11/19 04:01:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009/11/19 04:01:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009/11/19 04:01:34 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugw2l3.dll
[2009/11/05 20:14:42 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/10/13 00:04:45 | 000,000,906 | ---- | C] () -- C:\Windows\Rtcwplat.INI
[2009/09/29 06:20:03 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/09/23 23:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/16 23:44:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/16 23:44:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/14 15:10:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/08 20:11:33 | 000,000,310 | ---- | C] () -- C:\Windows\d3xp.ini
[2009/07/29 17:15:19 | 000,000,868 | ---- | C] () -- C:\Windows\H2_Setup.INI
[2009/06/16 23:52:49 | 000,020,759 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2009/06/16 22:19:10 | 000,131,584 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 20:33:15 | 000,139,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/06/07 20:33:14 | 000,138,056 | ---- | C] () -- C:\Users\George\AppData\Roaming\PnkBstrK.sys
[2009/06/07 20:32:58 | 000,189,744 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/06/07 20:32:39 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/06/07 18:08:12 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/07 18:06:24 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/07 18:05:22 | 000,017,637 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/06/07 18:03:32 | 000,000,802 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/05/30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/07 10:17:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009/04/07 10:11:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/04/07 10:11:06 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/04/07 09:01:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/10 20:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/07/01 20:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/05/11 21:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/04/14 08:39:33 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/04/13 21:50:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/08/06 11:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,428,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,691,576 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,138,494 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/08 19:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/05/20 00:46:23 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\.doomseeker
[2011/12/28 03:29:58 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\2K Sports
[2009/08/23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Activision
[2012/01/24 14:37:26 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Appe
[2009/07/18 19:55:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Canneverbe_Limited
[2009/07/18 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\DAEMON Tools Lite
[2011/03/04 23:58:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\E35248A7D24B3A6B5942EEB1DF816866
[2009/09/06 07:22:21 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\GameScannerData
[2012/01/24 01:21:36 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Kalaaf
[2010/03/16 20:20:45 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Leadertech
[2009/09/22 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\OpenOffice.org
[2009/06/12 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\TextPad
[2011/04/13 01:43:22 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\USBSafelyRemove
[2009/12/15 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\VistaCodecs
[2011/02/26 10:06:20 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Wizards of the Coast
[2011/05/30 17:10:07 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\YOUDONTKNOWJACK
[2012/02/12 18:58:01 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/12 08:49:25 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/04/07 09:14:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/07 09:14:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/07 09:14:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/07 09:14:22 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/07 09:14:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
 
extras

Extras

OTL Extras logfile created on: 2/12/2012 8:00:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\George\Desktop\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.66% Memory free
6.19 Gb Paging File | 5.32 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 9.68 Gb Free Space | 8.31% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 13.79 Gb Free Space | 13.17% Space Free | Partition Type: NTFS

Computer Name: GEORGEGAMINGPC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C52FC6D-DDA0-449B-AEC5-F633C4B46949}" = rport=137 | protocol=17 | dir=out | app=system |
"{2715E5D6-45F5-4BBE-86D5-1F9A9984E440}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{33B5BEBA-12C7-4903-AE27-BB2D5FABFC34}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3BEF2574-C28C-4BFD-9374-D61CB9CC40D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3C1537BE-4688-480B-A9E8-B999B0A3DC96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{523AAD6D-387E-4A19-A118-8B35BAD158B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6449DF27-1FB3-4E56-98CE-9BA8732E5B87}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{73C8C21E-FDC3-4F52-970F-9B57D3EB678F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B391E1E-0A9F-4EBC-9936-77F4780CFA3A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7D6E5446-50F3-4E4D-930B-3D16159720E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D72E679-15B5-4ADF-8E38-2F058E4F93E2}" = lport=138 | protocol=17 | dir=in | app=system |
"{928C903F-704E-469C-80C1-8AE46936C437}" = rport=139 | protocol=6 | dir=out | app=system |
"{951805EC-CBCD-436C-8F56-0807A5D0938D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A63DA011-90A4-4A18-B707-4A11FAF221FD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AAD44075-0354-4B59-8A5C-1FDEC190A761}" = rport=138 | protocol=17 | dir=out | app=system |
"{AAF14C3A-7576-4ABE-BFDE-9209D1B935FC}" = lport=137 | protocol=17 | dir=in | app=system |
"{ABE38D0C-98F6-4AEA-82DD-D7FDB2D6A03B}" = lport=445 | protocol=6 | dir=in | app=system |
"{B364C00B-A361-44D3-86F7-4FF4F37B0CAE}" = rport=445 | protocol=6 | dir=out | app=system |
"{B9979E35-E34A-4A9F-B64C-E54FD87CD377}" = lport=139 | protocol=6 | dir=in | app=system |
"{BB1AEF5B-9611-4FB6-B961-66C723989F47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2776AAA-D99D-40E7-9600-EAA3B69B0709}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000685FE-EA87-4B99-8350-6672F7F27E85}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\hexen deathkings of the dark citadel\hexendk.bat |
"{01776907-0AB1-406F-A904-FD74E5D3A16C}" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqwded.exe |
"{0223F631-6E6B-401C-83D4-4B1768893AA3}" = protocol=6 | dir=in | app=d:\skulltag\doomseeker.exe |
"{02B190D6-5AD3-4FED-BB41-F3593C18945C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\heretic shadow of the serpent riders\heretic.bat |
"{04B4A29E-0955-4755-9135-F7889428A1BB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{09477CEA-5A47-441F-9AF8-A0F1D3C9A8FF}" = protocol=17 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mplite.exe |
"{0AB1B388-8A00-4B51-99EF-D3E01056B544}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m1 - spear of destiny.bat |
"{0AF7EF67-013F-4DA7-9458-54E25DA43F97}" = protocol=17 | dir=in | app=c:\games\wolfenstein\mp\wolf2mp.exe |
"{0CD8E558-76BF-4FB1-9912-BEFB543AA75B}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2.bat |
"{0DD81BE3-E19C-442C-A943-14C23F49D0C6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{113411AA-074E-4255-B959-6F7AA7255EF9}" = protocol=17 | dir=in | app=c:\program files\skulltag\skulltag.exe |
"{1160D574-1955-4BA5-9449-CE374022D00E}" = protocol=6 | dir=in | app=c:\users\george\appdata\local\temp\7zs8552.tmp\symnrt.exe |
"{12B98A7B-CC51-4D89-B293-4AD9B288C5A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15721D59-C2A1-4FBB-9A1B-F9050B4B5065}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\ultimate doom\ultimate + mouse.bat |
"{1BCEA41F-E73A-4153-96FE-94CD6E678F86}" = protocol=6 | dir=in | app=d:\nba2k11\nba2k11.exe |
"{208A909C-4AF2-41E3-8B45-D5455F506D83}" = protocol=17 | dir=in | app=d:\wizards of the coast\magic online\renamer.exe |
"{2123ACEC-B5D0-4874-8138-D89BF1C548B8}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\magic 2012 demo\magic_2012.exe |
"{22864F72-EFEB-491E-A32E-0FC45761C956}" = protocol=6 | dir=in | app=c:\program files\skulltag\skulltag.exe |
"{24AB5BB1-6FB3-44B0-B384-862C6EFC43BD}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m1 - spear of destiny.bat |
"{252BC8B1-9495-42A2-8087-A70B578B630E}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
"{26184C19-4422-42C9-BB67-EE4E75DCA211}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m3 - ultimate challenge.bat |
"{28D1BFB1-F1D2-4415-8279-DC92B8CE7EE5}" = protocol=6 | dir=in | app=c:\games\wolfenstein\mp\wolf2mp.exe |
"{2F2178D1-12B1-4FD6-86AD-C3B7F947FAE3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\heretic shadow of the serpent riders\heretic.bat |
"{34B5337F-929B-4DD3-858A-7501698FEEDA}" = protocol=17 | dir=in | app=d:\skulltag\rcon_utility.exe |
"{369E3C2F-B938-4297-88FA-AA39435457E3}" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqw.exe |
"{36D4114C-5CAE-431D-BEFB-9B6BEA514931}" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqw.exe |
"{36E69257-9DB6-4F83-B930-551EEC4C3455}" = protocol=6 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mp.exe |
"{3B3469FF-E83E-4903-9B19-0C168D3E1876}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\ultimate doom\ultimate.bat |
"{3DDF8654-51E3-4E8B-A19F-397685073C26}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3F731AB9-1A15-4EE0-B4EE-4F042275F43B}" = protocol=17 | dir=in | app=c:\games\wolfenstein\mp\wolf2mplite.exe |
"{4055C909-81C2-4F9F-A7FD-EDE4E98D7353}" = protocol=17 | dir=in | app=c:\program files\skulltag\rcon_utility.exe |
"{446A5703-3069-42F4-B3E9-C86ACFD0B9F5}" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqwded.exe |
"{4597D26C-E198-4DAA-848D-C5EA166EB8E9}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m2 - return to danger.bat |
"{4FCE69AF-75BD-4342-8A1A-01BD794D1DCD}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\dotp demo\dotp.exe |
"{54058D50-0E31-4105-BE17-6ACFB7F81B50}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2 + mouse.bat |
"{5D673323-97E1-417F-AC52-68E81C582E7E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hexen\hexen.bat |
"{5E9F1C3F-64D5-46BA-B369-D6F246661626}" = protocol=6 | dir=in | app=c:\program files\skulltag\rcon_utility.exe |
"{62EBEA82-D4CC-4596-ACA8-A439E4E3073F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{64A49419-4BB8-43FA-AA21-0A2E62B1ECF7}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2 + mouse.bat |
"{67273900-A25D-4939-8D58-DCBB2125A6AC}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\hexen deathkings of the dark citadel\hexendk.bat |
"{675A5E52-8974-49A3-8C95-D7733CEDDEC9}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\dotp demo\dotp.exe |
"{6A5EA69D-D515-44F5-9FDF-82B305B25D4B}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{6E04EFE9-9188-40F8-93D6-5FF80434C490}" = protocol=6 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mplite.exe |
"{70E77C02-AA0D-4522-86DE-BE06E8714F5E}" = protocol=6 | dir=in | app=c:\games\wolfenstein\mp\wolf2mplite.exe |
"{76636E90-2644-4E9E-855F-0F481BDB9A2C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hexen\hexen.bat |
"{7718183D-2C88-4A0D-A03F-8521766FBB76}" = protocol=6 | dir=in | app=d:\konami\yu-gi-oh! online 3\yo3.exe |
"{7B6B767A-CEC3-4B76-9419-7A95A9432BC2}" = protocol=17 | dir=in | app=c:\program files\skulltag\idese.exe |
"{7D85B3B3-1264-4417-8A86-86AEEDEAF4B0}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\master levels of doom\master.bat |
"{7E495C3F-5851-4E38-9ADD-903C8DAC3D3B}" = protocol=17 | dir=in | app=c:\users\george\appdata\local\temp\7zs8552.tmp\symnrt.exe |
"{7EF73771-639B-4635-A4E9-27A170618D1D}" = protocol=17 | dir=in | app=d:\skulltag\doomseeker.exe |
"{810D0179-88D9-49DD-8CEE-70E63A8EC912}" = protocol=17 | dir=in | app=d:\dragonageorigins\dragon age\bin_ship\daupdatersvc.service.exe |
"{82959583-A305-455B-8E18-4D77EB59CBAC}" = protocol=17 | dir=in | app=d:\dragonageorigins\dragon age\bin_ship\daorigins.exe |
"{8568C7C9-92AA-4E92-B8FF-A45F67963803}" = protocol=6 | dir=in | app=d:\dragonageorigins\dragon age\bin_ship\daupdatersvc.service.exe |
"{913B5E1C-9E40-4282-9FB1-73FE31BA0DAC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{94E41FCD-27A8-498A-A1DB-02DCDE19FDFC}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2.bat |
"{975125B1-DCD2-46F9-8628-F4D7EAC71B26}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
"{9BF6840C-BB36-4424-A867-ED0A5CF48934}" = protocol=17 | dir=in | app=d:\nba2k12\nba2k12.exe |
"{9F0C9EC9-984D-4AF0-9280-DBEEDEB0C953}" = protocol=6 | dir=in | app=d:\wizards of the coast\magic online\renamer.exe |
"{9FB00EC0-D87D-4657-ABC0-10F74614EDEE}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2.bat |
"{A22E20BB-A2EA-40DD-AA9E-0185185EB370}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{A27337F0-8C66-41CD-989F-80EFE6BB99C2}" = protocol=6 | dir=in | app=d:\nba2k12\nba2k12.exe |
"{A950A53C-83A0-4384-9A50-898A433E9D7D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AF6AAC97-E91D-478E-A8DA-2033D3BCB338}" = protocol=6 | dir=in | app=d:\dragonageorigins\dragon age\bin_ship\daorigins.exe |
"{B213DD36-EE45-4EF7-BE00-D2740CA46036}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BB26310A-F91E-47CE-81F8-323020574515}" = protocol=6 | dir=in | app=d:\dragonageorigins\dragon age\daoriginslauncher.exe |
"{C0B8D2A3-22B6-49B5-BEF3-DA76E5A31B70}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C0D017BC-3646-4A0C-A4E9-644D9A3211CB}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m2 - return to danger.bat |
"{C31993E7-5811-4C6A-B648-8B2D97FD3075}" = protocol=17 | dir=in | app=d:\nba2k11\nba2k11.exe |
"{C584ABAF-C2CF-4330-B37A-A6856DFE7D99}" = protocol=17 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mp.exe |
"{C5BBE8AC-5694-4B2C-ABD9-EBBD80D7C074}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\ultimate doom\ultimate + mouse.bat |
"{CACDFB28-B598-45A9-A88E-164D38241DBC}" = protocol=6 | dir=in | app=c:\program files\skulltag\idese.exe |
"{CCAA94D7-7A59-41D8-AEAC-CA24EAEC7F8B}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\spear of destiny\m3 - ultimate challenge.bat |
"{CD643205-70B3-4002-89DD-9B2957120210}" = protocol=17 | dir=in | app=d:\skulltag\skulltag.exe |
"{D3BE4C43-B145-4630-85FF-EF31428D4A01}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{D73E67E9-7D9C-4630-BFF3-8122003E5F83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DABCA86D-DD05-4FF2-960F-127D509E965A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DBC02AFF-8846-4140-993B-BDF17C83CD5E}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\ultimate doom\ultimate.bat |
"{E5AE9367-DAB8-4FA3-B155-DE86FAE54050}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\magic 2012 demo\magic_2012.exe |
"{E7346F7D-E524-4D2C-9FD8-D9FB8692D008}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E8D864F9-55AD-48BF-85C0-A39F049C2978}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfsp.exe |
"{EA454E6C-01FA-4ABE-9920-25C5AF60903B}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\doom 2\doom2.bat |
"{EFB18910-4A4D-4AA9-941D-6C1B587CB67C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F0BB3C6A-052C-45A5-8C00-8CFEFB21656D}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfsp.exe |
"{F68DF5A2-31FA-48E9-B2FB-7457CDC6D0DA}" = protocol=17 | dir=in | app=d:\dragonageorigins\dragon age\daoriginslauncher.exe |
"{F79A0C99-BA32-4A60-BBD8-08F05E5B686D}" = protocol=17 | dir=in | app=d:\konami\yu-gi-oh! online 3\yo3.exe |
"{FD109E64-3608-489D-A361-7357EF0861E7}" = protocol=6 | dir=in | app=d:\skulltag\skulltag.exe |
"{FD7288DD-AE1C-4CDF-A320-CD7E0B324409}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\master levels of doom\master.bat |
"{FF2B20FD-5215-4520-A723-37C9A43CD72F}" = protocol=6 | dir=in | app=d:\skulltag\rcon_utility.exe |
"TCP Query User{00D683F9-FE1E-44A6-AF02-AD0B7CD95341}D:\nba2k12\nba2k12.exe" = protocol=6 | dir=in | app=d:\nba2k12\nba2k12.exe |
"TCP Query User{062F84E9-9E46-477C-BADD-291D4E51409C}C:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\games\nba2k10\nba2k10.exe |
"TCP Query User{09ADFD79-A5AA-4797-8162-7AAB42CFC222}C:\users\george\desktop\idshit\quake\glquake.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\idshit\quake\glquake.exe |
"TCP Query User{1F3AD01D-CF2E-43F8-B302-D5007C92E851}C:\users\george\desktop\idshit\quakeii\quake2.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\idshit\quakeii\quake2.exe |
"TCP Query User{309069FB-340B-488E-83EB-A7EBDAB86165}D:\hexen ii\glh2.exe" = protocol=6 | dir=in | app=d:\hexen ii\glh2.exe |
"TCP Query User{32134200-A217-49A8-A29E-5A0BF3F5ABE6}C:\users\george\desktop\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\downloads\mtgoiii_helper.exe |
"TCP Query User{34629EC6-7430-4B5D-88B1-6AD75E352E4E}D:\mlb2k10\mlb2k10.exe" = protocol=6 | dir=in | app=d:\mlb2k10\mlb2k10.exe |
"TCP Query User{3EFA445E-1D3B-4A06-A84D-CC2DDCE84827}C:\games\activision\wolfenstein\mp\wolf2mp.exe" = protocol=6 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mp.exe |
"TCP Query User{40F24C01-D5D8-40A9-834A-E71CBB2D9BBD}C:\users\george\desktop\idshit\quake\glquake.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\idshit\quake\glquake.exe |
"TCP Query User{4491A7CE-A668-4214-BB89-7630E587A2B6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{50990E6B-96DA-47B3-871B-33AB25EA2B7A}C:\games\dosbox-0.72\dosbox.exe" = protocol=6 | dir=in | app=c:\games\dosbox-0.72\dosbox.exe |
"TCP Query User{5944C578-6887-4976-88D1-74D546FEFB82}C:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{75CF8A23-A118-4127-937A-EF6B08C46358}C:\users\george\desktop\downloads\zerg_reveal_final_englishus2_xvid.avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\downloads\zerg_reveal_final_englishus2_xvid.avi-downloader.exe |
"TCP Query User{7705D527-659B-42A5-9427-DA1B3410BA6A}D:\hexen ii\h2.exe" = protocol=6 | dir=in | app=d:\hexen ii\h2.exe |
"TCP Query User{792B1EE1-9E36-411A-82B6-66DFF6D086C8}D:\ettest\et.exe" = protocol=6 | dir=in | app=d:\ettest\et.exe |
"TCP Query User{79F8603D-F03F-4838-96FB-168B4E979676}D:\nba2k11\nba2k11.exe" = protocol=6 | dir=in | app=d:\nba2k11\nba2k11.exe |
"TCP Query User{7E6460C1-E24A-4661-AA0B-24F0AE19565E}J:\cod6\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=j:\cod6\modern warfare 2\iw4mp.exe |
"TCP Query User{82FA3BAF-B241-4EFE-899D-678B6F95D89A}C:\games\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\games\id software\quake 4\quake4.exe |
"TCP Query User{85BFDA00-6DDF-4891-BA51-881FFCBEDD4A}D:\mlb2k10\mlb2k10.exe" = protocol=6 | dir=in | app=d:\mlb2k10\mlb2k10.exe |
"TCP Query User{8A307CBB-7F54-4AD8-A0FA-0CFC19223CAE}C:\games\steam\steamapps\signofzeta\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\signofzeta\team fortress 2\hl2.exe |
"TCP Query User{8E641C46-A7C7-4119-8352-E804A32CB902}C:\games\dosbox-0.72\dosbox.exe" = protocol=6 | dir=in | app=c:\games\dosbox-0.72\dosbox.exe |
"TCP Query User{96C3B9BB-D7D6-4DF1-BEEF-64FE25D1A2C0}C:\games\qtracker\qtracker.exe" = protocol=6 | dir=in | app=c:\games\qtracker\qtracker.exe |
"TCP Query User{9931F14C-263F-47BD-8C62-08EF9C3A2B3E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{9A732FF6-40BC-405D-86D5-EA2C86566351}C:\games\qtracker\qtracker.exe" = protocol=6 | dir=in | app=c:\games\qtracker\qtracker.exe |
"TCP Query User{9FA372C9-DAD8-4638-B3D3-34D78824F68D}C:\games\id software\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=c:\games\id software\enemy territory - quake wars\etqw.exe |
"TCP Query User{A5EA80BB-C7AD-4648-9F6F-CBFCF06B9199}C:\users\george\desktop\idshit\quakeii\quake2.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\idshit\quakeii\quake2.exe |
"TCP Query User{A5EDD018-2366-4AF1-99A2-C4B46C6CD946}D:\hexen ii\glh2.exe" = protocol=6 | dir=in | app=d:\hexen ii\glh2.exe |
"TCP Query User{A72D29C0-9DAD-4958-A0D3-0607FCADE457}D:\hexen ii\h2.exe" = protocol=6 | dir=in | app=d:\hexen ii\h2.exe |
"TCP Query User{A77E5F80-BD35-48FD-9B72-CC835E491BAC}C:\games\id software\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=c:\games\id software\enemy territory - quake wars\etqw.exe |
"TCP Query User{AE3F1EFC-E778-4279-9A77-4AB802D02AC2}D:\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=d:\id software\quake 4\quake4.exe |
"TCP Query User{AE586299-ED41-4518-864E-53F34961DF4B}D:\id software\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=d:\id software\enemy territory - quake wars\etqw.exe |
"TCP Query User{B26773D8-9067-454B-B9B9-913DCA79239A}C:\games\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\games\xfire\xfire.exe |
"TCP Query User{CD04A516-9A12-4DE0-B2B6-0C5F82C50250}D:\doom 3\doom3.exe" = protocol=6 | dir=in | app=d:\doom 3\doom3.exe |
"TCP Query User{CF42FFB3-510A-4EAB-95B2-6D9FEF9D5A8C}C:\games\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\games\wolfenstein - enemy territory\et.exe |
"TCP Query User{CF9158E6-2364-4D79-8E2C-10249D74A255}C:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\games\nba2k10\nba2k10.exe |
"TCP Query User{D96AE54B-1A4D-4052-AE93-CC850A5B3AA6}C:\users\george\desktop\idshit\quake\winquake.exe" = protocol=6 | dir=in | app=c:\users\george\desktop\idshit\quake\winquake.exe |
"TCP Query User{DF48CF8E-2701-4DE2-992E-B07B7DD5F67D}D:\id software\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=d:\id software\enemy territory - quake wars\etqw.exe |
"TCP Query User{E605BED4-1A75-4D8B-A9AA-7A348192EAAB}C:\games\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\games\wolfenstein - enemy territory\et.exe |
"TCP Query User{E74E60D0-3F75-441A-931F-0F2998D63D55}D:\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=d:\id software\quake 4\quake4.exe |
"TCP Query User{F1020CD4-5EFC-4F52-A9C0-BDC6C88BEBB1}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{FCC6AB71-540F-42AE-BDA6-F9479BBCE58F}C:\games\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\games\id software\quake 4\quake4.exe |
"UDP Query User{07DAF760-F849-4863-8678-DB21DAE9EA0C}D:\id software\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=d:\id software\enemy territory - quake wars\etqw.exe |
"UDP Query User{0D9B634E-4084-4E82-8CAD-5EACE2A0A7C5}D:\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=d:\id software\quake 4\quake4.exe |
"UDP Query User{1D2C8246-6BE4-4523-BB54-203DE5815079}C:\games\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\games\id software\quake 4\quake4.exe |
"UDP Query User{20F622D5-187D-4039-A06E-BBD6D5FD0AC8}D:\hexen ii\glh2.exe" = protocol=17 | dir=in | app=d:\hexen ii\glh2.exe |
"UDP Query User{22460C3A-BDF4-4C27-8743-6294B70EC849}C:\games\qtracker\qtracker.exe" = protocol=17 | dir=in | app=c:\games\qtracker\qtracker.exe |
"UDP Query User{22881079-30E4-4E8E-96D9-AAB92E46197C}C:\games\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\games\wolfenstein - enemy territory\et.exe |
"UDP Query User{26976855-4CC5-4B02-B3D5-B178249D89C9}C:\games\id software\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=c:\games\id software\enemy territory - quake wars\etqw.exe |
"UDP Query User{2B08316F-C828-41F1-B237-A66C19055501}C:\games\activision\wolfenstein\mp\wolf2mp.exe" = protocol=17 | dir=in | app=c:\games\activision\wolfenstein\mp\wolf2mp.exe |
"UDP Query User{2B370AAA-87C3-46E0-A0AF-ECBE14AD756B}C:\games\dosbox-0.72\dosbox.exe" = protocol=17 | dir=in | app=c:\games\dosbox-0.72\dosbox.exe |
"UDP Query User{2B38668D-8A62-4A07-AF32-23D45D8B91D1}C:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{2D7BDA37-0D7C-466D-B589-B3BBE734CF6C}D:\hexen ii\h2.exe" = protocol=17 | dir=in | app=d:\hexen ii\h2.exe |
"UDP Query User{2FE09D1F-FF06-4EA0-902E-91DDE950AFB0}C:\games\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\games\xfire\xfire.exe |
"UDP Query User{377BE283-43C5-49A1-B1C9-0520143D9D64}C:\games\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\games\id software\quake 4\quake4.exe |
"UDP Query User{4015FC85-F597-4433-8941-74299802E4F7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{46178AE0-8CFF-4802-9418-F31B56283EEE}D:\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=d:\id software\quake 4\quake4.exe |
"UDP Query User{5835CF64-0C0A-4F27-85F5-5100396E1FDF}C:\users\george\desktop\idshit\quake\glquake.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\idshit\quake\glquake.exe |
"UDP Query User{5F185BC2-1AC2-4F45-8FF4-194F79E89AC4}D:\nba2k11\nba2k11.exe" = protocol=17 | dir=in | app=d:\nba2k11\nba2k11.exe |
"UDP Query User{60A8861B-3C4A-4342-B29E-0AD74BE3707B}C:\games\qtracker\qtracker.exe" = protocol=17 | dir=in | app=c:\games\qtracker\qtracker.exe |
"UDP Query User{6F2A0FD8-832B-40FD-8F75-71C867EAF0E1}D:\ettest\et.exe" = protocol=17 | dir=in | app=d:\ettest\et.exe |
"UDP Query User{7CFB5BB4-B580-48D9-9A71-90DB812C3458}D:\id software\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=d:\id software\enemy territory - quake wars\etqw.exe |
"UDP Query User{8226B16C-ECCD-49DE-A59B-DBF4FBDD9E86}C:\users\george\desktop\idshit\quake\winquake.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\idshit\quake\winquake.exe |
"UDP Query User{90B74E90-85CA-4F39-8262-2E457128864B}D:\mlb2k10\mlb2k10.exe" = protocol=17 | dir=in | app=d:\mlb2k10\mlb2k10.exe |
"UDP Query User{96FAE123-6341-49F5-8333-7E648F7794B4}D:\mlb2k10\mlb2k10.exe" = protocol=17 | dir=in | app=d:\mlb2k10\mlb2k10.exe |
"UDP Query User{9EC55D56-3425-4F7B-9EB4-FCF53F12CADE}C:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\games\nba2k10\nba2k10.exe |
"UDP Query User{A313CFB5-E253-45B5-A2B7-AEC240F53BC3}D:\hexen ii\h2.exe" = protocol=17 | dir=in | app=d:\hexen ii\h2.exe |
"UDP Query User{A36E3382-79B9-4A19-B351-B5099A8FB617}C:\users\george\desktop\downloads\zerg_reveal_final_englishus2_xvid.avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\downloads\zerg_reveal_final_englishus2_xvid.avi-downloader.exe |
"UDP Query User{A5B890A7-54A9-41E5-8195-DCF1956FE1A1}J:\cod6\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=j:\cod6\modern warfare 2\iw4mp.exe |
"UDP Query User{AB79DB8D-73EC-4CB4-A105-AA9B5C241AB5}C:\users\george\desktop\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\downloads\mtgoiii_helper.exe |
"UDP Query User{AFA8B614-A4F8-4858-878A-5CC27A94A94A}C:\users\george\desktop\idshit\quakeii\quake2.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\idshit\quakeii\quake2.exe |
"UDP Query User{B2F7DCB6-4E5A-45BA-AA65-F18324CCEC7E}C:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\games\nba2k10\nba2k10.exe |
"UDP Query User{B82B3A9C-C78F-43E9-A4D3-A39EB74094F4}C:\users\george\desktop\idshit\quake\glquake.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\idshit\quake\glquake.exe |
"UDP Query User{BBCE773A-2A1A-4ED9-B654-F166B3DB7DDF}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{BFF60B0B-9DDB-4771-87C7-E584C9E2D601}C:\games\dosbox-0.72\dosbox.exe" = protocol=17 | dir=in | app=c:\games\dosbox-0.72\dosbox.exe |
"UDP Query User{C53DFB45-670B-43A7-BA25-AA8137FFBA4E}C:\games\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\games\wolfenstein - enemy territory\et.exe |
"UDP Query User{CCE2EC6C-FD65-4561-95A9-AC2DBC2ADC08}D:\hexen ii\glh2.exe" = protocol=17 | dir=in | app=d:\hexen ii\glh2.exe |
"UDP Query User{CD351BF9-D7C7-493A-8638-82D4846F759E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D4CCDCA0-C960-4564-B32A-5328B4054367}D:\nba2k12\nba2k12.exe" = protocol=17 | dir=in | app=d:\nba2k12\nba2k12.exe |
"UDP Query User{D8B4389E-2F96-4713-81CB-45AF186CDB9F}D:\doom 3\doom3.exe" = protocol=17 | dir=in | app=d:\doom 3\doom3.exe |
"UDP Query User{DF243BF6-7ABF-4358-A5A0-EC5482877173}C:\games\id software\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=c:\games\id software\enemy territory - quake wars\etqw.exe |
"UDP Query User{E7FD5DB0-D8DA-497C-A6D7-148A094E3BD7}C:\users\george\desktop\idshit\quakeii\quake2.exe" = protocol=17 | dir=in | app=c:\users\george\desktop\idshit\quakeii\quake2.exe |
"UDP Query User{F065198F-DECA-49E2-8E4A-33716D51994E}C:\games\steam\steamapps\signofzeta\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\signofzeta\team fortress 2\hl2.exe |
 
extras

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3C61B5-3051-4DE6-8A6A-45100BCC1F41}" = Dolby Control Center
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1E3A9C30-6399-4293-AEAD-3C6A4D6F927C}" = Express Gate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22439E2F-1CF7-4F8B-992A-3AA3C0553929}" = Yu-Gi-Oh! ONLINE 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein Demo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CDF9C3-2863-4EB3-88AB-11BBFC346CE4}" = Game Scanner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0804-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Simplified)) 2007
"{90120000-0015-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0804-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Simplified)) 2007
"{90120000-0016-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0804-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
"{90120000-0018-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0804-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
"{90120000-0019-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0804-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
"{90120000-001A-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0804-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Simplified)) 2007
"{90120000-001B-0804-0000-0000000FF1CE}_PROHYBRIDR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{33FA7680-10ED-444E-BC72-214064317283}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007
"{90120000-001F-0804-0000-0000000FF1CE}_PROHYBRIDR_{82E853AD-6911-4EA9-9EB0-2F9BE7747878}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{5E6C6E79-40BE-491B-9ABF-C665667E1B07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-0028-0804-0000-0000000FF1CE}_PROHYBRIDR_{4029CB10-E410-41AD-BB3F-052C95243407}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0804-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Simplified)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0804-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Simplified)) 2007
"{90120000-006E-0804-0000-0000000FF1CE}_PROHYBRIDR_{A844CE03-EE56-4609-808D-946E33AA9236}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch
"{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel(TM) - Ultimate Alliance
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BAB004F0-F04C-49DD-8118-AE4A7697C469}" = Quake 4(TM) Demo
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE75C837-4BA9-4CF8-B912-C3ED5BD0EAAC}" = You Don't Know Jack®
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC905847-D537-427F-BF91-47CC7ACCDE58}" = ASUS FancyStart
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitComet" = BitComet 1.12
"Brink_is1" = Brink
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Doom 3 (TM) Demo" = Doom 3 (TM) Demo
"DOSShell" = DOSShell 1.4
"Explorer Suite_is1" = Explorer Suite III
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.11.9
"Google Desktop" = Google Desktop
"InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{6BB2B8AB-2590-4157-8576-C0A270994A6B}" = Wolfenstein(TM) Demo
"InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch
"InstallShield_{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel(TM) - Ultimate Alliance
"InstallShield_{BAB004F0-F04C-49DD-8118-AE4A7697C469}" = Quake 4(TM) Demo
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MatlabR2009b" = MATLAB R2009b
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Qtracker" = Qtracker
"Return to Castle Wolfenstein Multiplayer DEMO" = Return to Castle Wolfenstein Multiplayer DEMO
"Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skulltag" = Skulltag
"Steam App 2280" = The Ultimate DOOM
"Steam App 2300" = DOOM II: Hell on Earth
"Steam App 2370" = HeXen: Deathkings of the Dark Citadel
"Steam App 49460" = Magic: The Gathering - Duels of the Planeswalkers Demo
"Steam App 49480" = Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo
"Steam App 9000" = Wolfenstein 3D: Spear of Destiny
"Steam App 9010" = Return to Castle Wolfenstein
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.0
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"Warcraft II BNE" = Warcraft II BNE
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5
"Xfire" = Xfire (remove only)
"YDKJ LFF" = YOU DON'T KNOW JACK Louder! Faster! Funnier!
"YDKJ Offline" = YOU DON'T KNOW JACK Offline
"YDKJ The 5th Dementia" = YDKJ The 5th Dementia
"You Don't Know Jack - Sports" = You Don't Know Jack - Sports 1.0
"You Don't Know Jack - Volume 2" = You Don't Know Jack - Volume 2 1.0
"You Don't Know Jack - XL" = You Don't Know Jack - XL 1.0
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
"YOU DON'T KNOW JACK Volume 3" = YOU DON'T KNOW JACK Volume 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Smad" = SanctionedMedia
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2012 4:31:06 PM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
Description =

Error - 1/26/2012 3:20:44 PM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
Description =

Error - 1/27/2012 10:31:00 AM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
Description =

Error - 1/27/2012 5:27:04 PM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
Description =

Error - 1/28/2012 1:33:46 PM | Computer Name = GeorgeGamingPC | Source = Application Error | ID = 1000
Description = Faulting application WolfMP.exe, version 0.0.0.0, time stamp 0x3dbd5b83,
faulting module Steam.dll_unloaded, version 0.0.0.0, time stamp 0x4edec8a1, exception
code 0xc0000005, fault offset 0x301f36f2, process id 0x1304, application start time
0x01ccdde2f4f13690.

Error - 1/29/2012 2:03:14 PM | Computer Name = GeorgeGamingPC | Source = EventSystem | ID = 4609
Description =

Error - 1/29/2012 2:03:39 PM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
Description =

Error - 1/29/2012 5:29:45 PM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
Description =

Error - 1/31/2012 9:47:02 AM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
Description =

Error - 1/31/2012 9:50:47 AM | Computer Name = GeorgeGamingPC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/23/2009 9:59:41 PM | Computer Name = GeorgeGamingPC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/26/2009 8:01:03 AM | Computer Name = GeorgeGamingPC | Source = Service Control Manager | ID = 7011
Description =

Error - 7/26/2009 8:01:33 AM | Computer Name = GeorgeGamingPC | Source = Service Control Manager | ID = 7011
Description =

Error - 7/28/2009 10:02:42 PM | Computer Name = GeorgeGamingPC | Source = HTTP | ID = 15016
Description =

Error - 7/28/2009 10:05:48 PM | Computer Name = GeorgeGamingPC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 7/29/2009 12:11:38 PM | Computer Name = GeorgeGamingPC | Source = HTTP | ID = 15016
Description =

Error - 7/29/2009 12:12:24 PM | Computer Name = GeorgeGamingPC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 7/30/2009 2:15:26 AM | Computer Name = GeorgeGamingPC | Source = bowser | ID = 8003
Description =

Error - 7/30/2009 2:46:31 AM | Computer Name = GeorgeGamingPC | Source = bowser | ID = 8003
Description =

Error - 7/30/2009 3:22:29 AM | Computer Name = GeorgeGamingPC | Source = bowser | ID = 8003
Description =


< End of report >
 
OTL Custom Scan Fixes

  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code:
    :OTL
    [2008/11/11 01:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui File not found
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    [2012/01/31 08:10:07 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\AskToolbar
    [2012/01/31 07:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [emptyjava]
    [resethosts]
    [CreateRestorePoint]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
=======================================
Please update the following:
Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
Adobe Reader> Current is vX(10.xx)> Adobe Reader Update
Java(TM) > Current is v6u30> Java Updates .
Uninstall any earlier versions in of both as they are vulnerabilities for the system.
=========================================
Combofix is on the system
[2012/02/12
C:\Users\George\Desktop\ComboFix.exe
C:\ComboFix
C:\Users\George\Desktop\ComboFix.exe> 2/12
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\NIRCMD.exe
C:\Qoobox (this is for the quarantined files)
If you can't find the log:

1. Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.

2.See which one of the following runs. You do not need to download all three versions:
This is a slight variation on the RKill:
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, add the following:

3. Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
(Directions courtesy bleeping computer)

4. With both RKill and exehelper on board:
Go right to the renamed (Combofix) and double click on friday.exe to run
If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

If successful, please leave RKill, Exehelper and Combofix logs.
 
I am running the OTL fix now, but a pop up message says that it couldn't create a hosts file, with an OK button on it, which I clicked anyway, and now it is stuck at resetting hosts file. Is this normal, I mean, does it take this long?
 
Okay, the host file is missing and I had a command in the OTL fix to 'reset the host file'. Close the OTL Fix you have running and redo with host command removed as follows:

OTL Custom Scan Fixes
  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
    Code:
    :OTL
    [2008/11/11 01:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui File not found
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    [2012/01/31 08:10:07 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\AskToolbar
    [2012/01/31 07:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
    
    :Commands
    [purity]
    [emptytemp]
    [CreateRestorePoint]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
===================================================
There is a proxy running:>To disable the proxy:
Internet Explorer
1. Under "Tools" in the browser tool bar select "Internet Options".
2. In the "Internet Options" window that pops up, click the "Connections" tab at the top.
3. Click "LAN Settings" near the bottom of the "Connections" section.
4. If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
5. Click "OK" to close the "Local Area Network (LAN) Settings" window.
6. Click "OK" to close the "Internet Options" window.
7. You have completed removing the proxy settings for Internet Explorer.
Firefox
1. Under "Tools" in the browser tool bar select "Options".
2. In the "Options" window that pops up, click the "Advanced" tab at the top.
3. Click the "Network" subtab, and then click the "Settings" button in the "Connections" area.
4. If "No proxy" isn't selected, click it to mark "No proxy" as your preference
====================================================
You have several entries for the AskBar. Users usually get it from a bundle in a program or it's pre-checked on a download screen. I've put the entries I've seen in OTL, but you will also need to uninstall it.

You can easily uninstall the Toolbar using the instructions below for Windows Vista:

1. Close all open Web browsers
2. From the "Start" menu in Windows, select "Control Panel"
3. Under the "Programs" icon, select "Uninstall a program"
4. Select the program with the Ask logo and the text "Ask Toolbar" (or our partner’s brand for a custom Toolbar)
5. Click "Uninstall" and then "Continue" to remove the Toolbar

If you reopen your Web browser and still see the Toolbar, you may need to restart your computer for the uninstall process to be completed.

Please use Windows Explorer to access Computer> Local Drive (C)> Programs> Find the program folder and do a right click> Delete
================================
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result. Save log and include in next reply.
  • A reboot is required after disinfection.
========================================
Please uninstall the Combofix on the system and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
--------------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Allow update if asked.
Continue on if advised of rootkit and/or asks for reboot
------
NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode. If it won't run, go one to #2.

2. Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.

3.See which one of the following runs. You do not need to download all three versions:
This is a slight variation on the RKill:
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, add the following:

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
(Directions courtesy bleeping computer)

4. With both RKill and exehelper on board:
Go right to the renamed (Combofix) and double click on friday.exe to run
If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

If successful, please leave RKill, Exehelper and Combofix logs.
 
OTL

OTL logfile created on: 2/17/2012 3:04:24 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\George\Desktop\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.70% Memory free
6.19 Gb Paging File | 5.06 Gb Available in Paging File | 81.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 10.70 Gb Free Space | 9.19% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 13.46 Gb Free Space | 12.85% Space Free | Partition Type: NTFS

Computer Name: GEORGEGAMINGPC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\George\Desktop\downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\seagate\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()
MOD - C:\Windows\ASScrPro.exe ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (DAUpdaterSvc) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FreeAgentGoNext Service) -- C:\seagate\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64242
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 14:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/16 20:16:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6C028C61-1644-4D51-B6C5-E47F4688180E}: C:\Users\George\AppData\Local\{6C028C61-1644-4D51-B6C5-E47F4688180E}\

[2009/06/07 17:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2012/01/31 07:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions
[2011/03/18 20:46:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/18 11:39:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/06/10 13:10:45 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/12/24 18:32:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/07 17:38:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\battlefieldheroespatcher@ea.com
[2012/01/31 08:12:36 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\toolbar@ask.com
[2011/12/24 18:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tkl96nqs.default\extensions\trash
[2011/11/10 13:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/25 22:52:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/12/30 14:51:53 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/08 01:21:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 13:51:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\seagate\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0BBAC67-483F-495C-AC61-DBB492CA07A9}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F30F37EC-794C-4650-A5AB-1880BB88B0BA}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\George\Pictures\black.jpg
O24 - Desktop BackupWallPaper: C:\Users\George\Pictures\black.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 20:16:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/12 19:03:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/12 16:07:36 | 004,400,207 | R--- | C] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
[2012/02/12 12:00:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/12 12:00:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/12 12:00:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/12 11:59:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/31 08:04:14 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Avira
[2012/01/31 07:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/31 07:57:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/01/31 07:57:32 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/01/31 07:57:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/01/31 07:57:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/01/31 07:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/31 07:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/01/30 20:02:00 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Help
[2008/06/03 00:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2012/02/17 14:59:36 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/02/17 14:57:25 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/02/17 14:57:25 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012/02/17 14:57:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 14:57:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 14:57:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 14:56:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/17 14:56:51 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 14:55:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/17 13:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/16 20:10:22 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job
[2012/02/16 20:09:08 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/02/12 16:07:42 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
[2012/02/12 12:59:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/11 17:36:28 | 000,000,680 | ---- | M] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2012/02/11 16:26:38 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 03:56:42 | 000,189,744 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/02/05 23:40:23 | 000,131,584 | ---- | M] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/03 19:13:20 | 000,139,904 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/01/31 07:58:47 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/24 17:22:27 | 000,009,391 | ---- | M] () -- C:\Users\George\Documents\propassign2.ods

========== Files Created - No Company Name ==========

[2012/02/12 19:50:11 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/12 12:00:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/12 12:00:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/12 12:00:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/12 12:00:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/12 12:00:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/31 07:58:47 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/24 17:22:24 | 000,009,391 | ---- | C] () -- C:\Users\George\Documents\propassign2.ods
[2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\Users\George\AppData\Local\bsc7o1i0dbmi
[2012/01/01 23:00:30 | 000,010,432 | -HS- | C] () -- C:\ProgramData\bsc7o1i0dbmi
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/04 17:44:11 | 000,000,000 | ---- | C] () -- C:\Users\George\AppData\Local\Hfefaf.bin
[2011/03/04 17:43:13 | 000,000,120 | ---- | C] () -- C:\Users\George\AppData\Local\Xkidagayus.dat
[2011/02/10 20:06:59 | 000,006,327 | ---- | C] () -- C:\Users\George\AppData\Roaming\56DE.800
[2010/11/28 22:53:40 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2010/06/24 18:59:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/26 06:12:58 | 000,000,313 | ---- | C] () -- C:\Windows\doom3.ini
[2009/12/07 17:48:25 | 002,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009/11/19 04:01:46 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009/11/19 04:01:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009/11/19 04:01:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009/11/19 04:01:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009/11/19 04:01:34 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugw2l3.dll
[2009/11/05 20:14:42 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/10/13 00:04:45 | 000,000,906 | ---- | C] () -- C:\Windows\Rtcwplat.INI
[2009/09/29 06:20:03 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/09/23 23:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/16 23:44:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/16 23:44:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/14 15:10:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/08 20:11:33 | 000,000,310 | ---- | C] () -- C:\Windows\d3xp.ini
[2009/07/29 17:15:19 | 000,000,868 | ---- | C] () -- C:\Windows\H2_Setup.INI
[2009/06/16 23:52:49 | 000,020,759 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2009/06/16 22:19:10 | 000,131,584 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 20:33:15 | 000,139,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/06/07 20:33:14 | 000,138,056 | ---- | C] () -- C:\Users\George\AppData\Roaming\PnkBstrK.sys
[2009/06/07 20:32:58 | 000,189,744 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/06/07 20:32:39 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/06/07 18:08:12 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/07 18:06:24 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/07 18:05:22 | 000,017,637 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/06/07 18:03:32 | 000,000,802 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/05/30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/07 10:17:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009/04/07 10:11:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/04/07 10:11:06 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/04/07 09:01:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/10 20:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/07/01 20:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/05/11 21:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/04/14 08:39:33 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/04/13 21:50:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/08/06 11:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,428,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,691,576 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,138,494 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/08 19:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/05/20 00:46:23 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\.doomseeker
[2011/12/28 03:29:58 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\2K Sports
[2009/08/23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Activision
[2012/01/24 14:37:26 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Appe
[2009/07/18 19:55:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Canneverbe_Limited
[2009/07/18 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\DAEMON Tools Lite
[2011/03/04 23:58:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\E35248A7D24B3A6B5942EEB1DF816866
[2009/09/06 07:22:21 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\GameScannerData
[2012/01/24 01:21:36 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Kalaaf
[2010/03/16 20:20:45 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Leadertech
[2009/09/22 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\OpenOffice.org
[2009/06/12 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\TextPad
[2011/04/13 01:43:22 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\USBSafelyRemove
[2009/12/15 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\VistaCodecs
[2011/02/26 10:06:20 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Wizards of the Coast
[2011/05/30 17:10:07 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\YOUDONTKNOWJACK
[2012/02/17 14:55:36 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/16 20:10:22 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25D39F52-AFBC-4213-A160-F2C344AEDA86}.job

========== Purity Check ==========



< End of report >
 
I couldn't find any program that is related to the Ask thing. It isn't even listed in add/remove programs, in my case, it is called "programs and features"

I haven't gone to the TDSkiller step yet..

So should I skip the remove Ask thing, and go straight to TDSkiller?
 
Ok, I managed to get rid of the askbar, now every time I try to run a TDSkiller I do a scan, it detected something, and I told it to "copy to quarantine", which is one of the 3 options, others being skip and delete. When I do that, the program goes back to the initial "start scan" screen, and it doesn't give me a log.

Ok, nevermind, what I did is I clicked on the "report" button, and it gave me this.

TDSkiller report

01:26:57.0395 1904 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
01:26:57.0786 1904 ============================================================
01:26:57.0786 1904 Current date / time: 2012/02/18 01:26:57.0786
01:26:57.0786 1904 SystemInfo:
01:26:57.0786 1904
01:26:57.0786 1904 OS Version: 6.0.6002 ServicePack: 2.0
01:26:57.0786 1904 Product type: Workstation
01:26:57.0786 1904 ComputerName: GEORGEGAMINGPC
01:26:57.0786 1904 UserName: George
01:26:57.0786 1904 Windows directory: C:\Windows
01:26:57.0786 1904 System windows directory: C:\Windows
01:26:57.0786 1904 Processor architecture: Intel x86
01:26:57.0787 1904 Number of processors: 2
01:26:57.0787 1904 Page size: 0x1000
01:26:57.0787 1904 Boot type: Normal boot
01:26:57.0787 1904 ============================================================
01:26:59.0759 1904 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:26:59.0761 1904 \Device\Harddisk0\DR0:
01:26:59.0762 1904 MBR used
01:26:59.0762 1904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0xE8E0360
01:26:59.0791 1904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10051119, BlocksNum 0xD173468
01:26:59.0927 1904 Initialize success
01:26:59.0927 1904 ============================================================
01:27:10.0008 4048 ============================================================
01:27:10.0008 4048 Scan started
01:27:10.0008 4048 Mode: Manual;
01:27:10.0008 4048 ============================================================
01:27:11.0048 4048 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
01:27:11.0051 4048 ACPI - ok
01:27:11.0135 4048 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
01:27:11.0139 4048 adp94xx - ok
01:27:11.0208 4048 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
01:27:11.0212 4048 adpahci - ok
01:27:11.0239 4048 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
01:27:11.0241 4048 adpu160m - ok
01:27:11.0278 4048 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
01:27:11.0281 4048 adpu320 - ok
01:27:11.0448 4048 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
01:27:11.0451 4048 AFD - ok
01:27:11.0527 4048 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
01:27:11.0529 4048 agp440 - ok
01:27:11.0601 4048 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:27:11.0604 4048 aic78xx - ok
01:27:11.0654 4048 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
01:27:11.0655 4048 aliide - ok
01:27:11.0677 4048 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
01:27:11.0679 4048 amdagp - ok
01:27:11.0703 4048 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
01:27:11.0705 4048 amdide - ok
01:27:11.0759 4048 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
01:27:11.0761 4048 AmdK7 - ok
01:27:11.0791 4048 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
01:27:11.0794 4048 AmdK8 - ok
01:27:11.0911 4048 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
01:27:11.0913 4048 arc - ok
01:27:11.0994 4048 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
01:27:11.0996 4048 arcsas - ok
01:27:12.0124 4048 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
01:27:12.0126 4048 AsDsm - ok
01:27:12.0244 4048 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
01:27:12.0244 4048 ASMMAP - ok
01:27:12.0409 4048 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
01:27:12.0410 4048 AsyncMac - ok
01:27:12.0458 4048 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
01:27:12.0459 4048 atapi - ok
01:27:12.0572 4048 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
01:27:12.0579 4048 athr - ok
01:27:12.0677 4048 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
01:27:12.0680 4048 avgntflt - ok
01:27:12.0777 4048 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
01:27:12.0780 4048 avipbb - ok
01:27:12.0816 4048 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
01:27:12.0818 4048 avkmgr - ok
01:27:12.0905 4048 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
01:27:12.0907 4048 Beep - ok
01:27:12.0970 4048 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
01:27:12.0971 4048 blbdrive - ok
01:27:13.0042 4048 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
01:27:13.0044 4048 bowser - ok
01:27:13.0076 4048 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:27:13.0079 4048 BrFiltLo - ok
01:27:13.0110 4048 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:27:13.0112 4048 BrFiltUp - ok
01:27:13.0171 4048 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:27:13.0175 4048 Brserid - ok
01:27:13.0223 4048 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:27:13.0227 4048 BrSerWdm - ok
01:27:13.0249 4048 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:27:13.0252 4048 BrUsbMdm - ok
01:27:13.0287 4048 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:27:13.0290 4048 BrUsbSer - ok
01:27:13.0341 4048 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
01:27:13.0344 4048 BthEnum - ok
01:27:13.0404 4048 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
01:27:13.0407 4048 BTHMODEM - ok
01:27:13.0474 4048 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
01:27:13.0477 4048 BthPan - ok
01:27:13.0518 4048 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
01:27:13.0522 4048 BTHPORT - ok
01:27:13.0549 4048 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
01:27:13.0552 4048 BTHUSB - ok
01:27:13.0634 4048 catchme - ok
01:27:13.0738 4048 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
01:27:13.0741 4048 cdfs - ok
01:27:13.0828 4048 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
01:27:13.0831 4048 cdrom - ok
01:27:13.0872 4048 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
01:27:13.0874 4048 circlass - ok
01:27:13.0931 4048 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
01:27:13.0940 4048 CLFS - ok
01:27:14.0108 4048 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
01:27:14.0111 4048 CmBatt - ok
01:27:14.0149 4048 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
01:27:14.0152 4048 cmdide - ok
01:27:14.0190 4048 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
01:27:14.0193 4048 Compbatt - ok
01:27:14.0213 4048 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
01:27:14.0216 4048 crcdisk - ok
01:27:14.0238 4048 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
01:27:14.0241 4048 Crusoe - ok
01:27:14.0408 4048 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
01:27:14.0411 4048 DfsC - ok
01:27:14.0507 4048 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
01:27:14.0509 4048 DgiVecp - ok
01:27:14.0606 4048 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
01:27:14.0609 4048 disk - ok
01:27:14.0762 4048 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
01:27:14.0765 4048 drmkaud - ok
01:27:14.0824 4048 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
01:27:14.0831 4048 DXGKrnl - ok
01:27:14.0894 4048 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:27:14.0897 4048 E1G60 - ok
01:27:14.0985 4048 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
01:27:14.0988 4048 Ecache - ok
01:27:15.0212 4048 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
01:27:15.0217 4048 elxstor - ok
01:27:15.0245 4048 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
01:27:15.0249 4048 ErrDev - ok
01:27:15.0371 4048 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
01:27:15.0375 4048 exfat - ok
01:27:15.0413 4048 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
01:27:15.0417 4048 fastfat - ok
01:27:15.0520 4048 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
01:27:15.0524 4048 fdc - ok
01:27:15.0591 4048 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
01:27:15.0595 4048 FileInfo - ok
01:27:15.0633 4048 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
01:27:15.0636 4048 Filetrace - ok
01:27:15.0662 4048 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:27:15.0665 4048 flpydisk - ok
01:27:15.0756 4048 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
01:27:15.0761 4048 FltMgr - ok
01:27:15.0928 4048 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
01:27:15.0931 4048 fssfltr - ok
01:27:16.0053 4048 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
01:27:16.0056 4048 Fs_Rec - ok
01:27:16.0085 4048 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
01:27:16.0088 4048 gagp30kx - ok
01:27:16.0288 4048 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
01:27:16.0291 4048 hamachi - ok
01:27:16.0366 4048 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
01:27:16.0370 4048 HdAudAddService - ok
01:27:16.0426 4048 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:27:16.0433 4048 HDAudBus - ok
01:27:16.0466 4048 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:27:16.0469 4048 HidBth - ok
01:27:16.0498 4048 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:27:16.0502 4048 HidIr - ok
01:27:16.0557 4048 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
01:27:16.0560 4048 HidUsb - ok
01:27:16.0603 4048 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
01:27:16.0607 4048 HpCISSs - ok
01:27:16.0674 4048 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
01:27:16.0681 4048 HTTP - ok
01:27:16.0735 4048 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
01:27:16.0739 4048 i2omp - ok
01:27:16.0824 4048 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
01:27:16.0827 4048 i8042prt - ok
01:27:16.0872 4048 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
01:27:16.0877 4048 iaStorV - ok
01:27:16.0945 4048 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:27:16.0950 4048 iirsp - ok
01:27:17.0163 4048 IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
01:27:17.0184 4048 IntcAzAudAddService - ok
01:27:17.0270 4048 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
01:27:17.0275 4048 intelide - ok
01:27:17.0331 4048 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
01:27:17.0334 4048 intelppm - ok
01:27:17.0372 4048 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:27:17.0376 4048 IpFilterDriver - ok
01:27:17.0396 4048 IpInIp - ok
01:27:17.0435 4048 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
01:27:17.0439 4048 IPMIDRV - ok
01:27:17.0472 4048 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
01:27:17.0476 4048 IPNAT - ok
01:27:17.0499 4048 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
01:27:17.0502 4048 IRENUM - ok
01:27:17.0522 4048 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
01:27:17.0527 4048 isapnp - ok
01:27:17.0582 4048 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
01:27:17.0587 4048 iScsiPrt - ok
01:27:17.0622 4048 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:27:17.0626 4048 iteatapi - ok
01:27:17.0650 4048 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:27:17.0653 4048 iteraid - ok
01:27:17.0698 4048 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:27:17.0703 4048 kbdclass - ok
01:27:17.0725 4048 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
01:27:17.0729 4048 kbdhid - ok
01:27:17.0793 4048 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
01:27:17.0799 4048 kbfiltr - ok
01:27:17.0853 4048 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
01:27:17.0861 4048 KSecDD - ok
01:27:17.0927 4048 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
01:27:17.0932 4048 lltdio - ok
01:27:17.0973 4048 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
01:27:17.0977 4048 LSI_FC - ok
01:27:18.0001 4048 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
01:27:18.0005 4048 LSI_SAS - ok
01:27:18.0033 4048 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
01:27:18.0038 4048 LSI_SCSI - ok
01:27:18.0060 4048 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
01:27:18.0064 4048 luafv - ok
01:27:18.0113 4048 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
01:27:18.0117 4048 lullaby - ok
01:27:18.0144 4048 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
01:27:18.0147 4048 megasas - ok
01:27:18.0221 4048 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
01:27:18.0228 4048 MegaSR - ok
01:27:18.0263 4048 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
01:27:18.0266 4048 Modem - ok
01:27:18.0313 4048 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
01:27:18.0317 4048 monitor - ok
01:27:18.0338 4048 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
01:27:18.0342 4048 mouclass - ok
01:27:18.0404 4048 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
01:27:18.0408 4048 mouhid - ok
01:27:18.0457 4048 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
01:27:18.0461 4048 MountMgr - ok
01:27:18.0533 4048 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
01:27:18.0538 4048 mpio - ok
01:27:18.0574 4048 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
01:27:18.0579 4048 mpsdrv - ok
01:27:18.0604 4048 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:27:18.0609 4048 Mraid35x - ok
01:27:18.0651 4048 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
01:27:18.0656 4048 MRxDAV - ok
01:27:18.0695 4048 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:27:18.0700 4048 mrxsmb - ok
01:27:18.0735 4048 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:27:18.0741 4048 mrxsmb10 - ok
01:27:18.0781 4048 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:27:18.0786 4048 mrxsmb20 - ok
01:27:18.0885 4048 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
01:27:18.0889 4048 msahci - ok
01:27:18.0919 4048 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
01:27:18.0925 4048 msdsm - ok
01:27:19.0002 4048 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
01:27:19.0006 4048 Msfs - ok
01:27:19.0094 4048 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
01:27:19.0099 4048 msisadrv - ok
01:27:19.0183 4048 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
01:27:19.0188 4048 MSKSSRV - ok
01:27:19.0244 4048 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
01:27:19.0249 4048 MSPCLOCK - ok
01:27:19.0270 4048 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
01:27:19.0275 4048 MSPQM - ok
01:27:19.0322 4048 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
01:27:19.0328 4048 MsRPC - ok
01:27:19.0364 4048 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
01:27:19.0370 4048 mssmbios - ok
01:27:19.0409 4048 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
01:27:19.0414 4048 MSTEE - ok
01:27:19.0459 4048 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
01:27:19.0461 4048 MTsensor - ok
01:27:19.0499 4048 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
01:27:19.0505 4048 Mup - ok
01:27:19.0602 4048 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
01:27:19.0610 4048 NativeWifiP - ok
01:27:19.0671 4048 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
01:27:19.0681 4048 NDIS - ok
01:27:19.0749 4048 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
01:27:19.0756 4048 NdisTapi - ok
01:27:19.0779 4048 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
01:27:19.0786 4048 Ndisuio - ok
01:27:19.0821 4048 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:27:19.0828 4048 NdisWan - ok
01:27:19.0849 4048 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
01:27:19.0854 4048 NDProxy - ok
01:27:19.0924 4048 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
01:27:19.0928 4048 NetBIOS - ok
01:27:19.0959 4048 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
01:27:19.0966 4048 netbt - ok
01:27:20.0058 4048 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:27:20.0063 4048 nfrd960 - ok
01:27:20.0147 4048 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
01:27:20.0151 4048 Npfs - ok
01:27:20.0176 4048 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
01:27:20.0182 4048 nsiproxy - ok
01:27:20.0242 4048 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
01:27:20.0255 4048 Ntfs - ok
01:27:20.0287 4048 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:27:20.0292 4048 ntrigdigi - ok
01:27:20.0333 4048 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
01:27:20.0338 4048 Null - ok
01:27:20.0600 4048 nvlddmkm (5ce5b23855262acabaecce156f48dd88) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:27:20.0680 4048 nvlddmkm - ok
01:27:20.0731 4048 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
01:27:20.0738 4048 nvraid - ok
01:27:20.0759 4048 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
01:27:20.0764 4048 nvstor - ok
01:27:20.0865 4048 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
01:27:20.0871 4048 nv_agp - ok
01:27:20.0888 4048 NwlnkFlt - ok
01:27:20.0906 4048 NwlnkFwd - ok
01:27:20.0978 4048 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
01:27:20.0985 4048 ohci1394 - ok
01:27:21.0063 4048 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:27:21.0070 4048 Parport - ok
01:27:21.0118 4048 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
01:27:21.0125 4048 partmgr - ok
01:27:21.0160 4048 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:27:21.0166 4048 Parvdm - ok
01:27:21.0221 4048 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
01:27:21.0229 4048 pci - ok
01:27:21.0285 4048 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
01:27:21.0294 4048 pciide - ok
01:27:21.0335 4048 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
01:27:21.0343 4048 pcmcia - ok
01:27:21.0441 4048 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:27:21.0455 4048 PEAUTH - ok
01:27:21.0601 4048 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
01:27:21.0607 4048 PptpMiniport - ok
01:27:21.0647 4048 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
01:27:21.0652 4048 Processor - ok
01:27:21.0711 4048 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
01:27:21.0716 4048 PSched - ok
01:27:21.0741 4048 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
01:27:21.0746 4048 PxHelp20 - ok
01:27:21.0837 4048 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
01:27:21.0849 4048 ql2300 - ok
01:27:21.0885 4048 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:27:21.0892 4048 ql40xx - ok
01:27:21.0927 4048 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
01:27:21.0932 4048 QWAVEdrv - ok
01:27:21.0958 4048 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
01:27:21.0963 4048 RasAcd - ok
01:27:21.0997 4048 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:27:22.0003 4048 Rasl2tp - ok
01:27:22.0061 4048 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
01:27:22.0066 4048 RasPppoe - ok
01:27:22.0102 4048 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
01:27:22.0108 4048 RasSstp - ok
01:27:22.0146 4048 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
01:27:22.0153 4048 rdbss - ok
01:27:22.0188 4048 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:27:22.0195 4048 RDPCDD - ok
01:27:22.0229 4048 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
01:27:22.0236 4048 rdpdr - ok
01:27:22.0252 4048 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
01:27:22.0260 4048 RDPENCDD - ok
01:27:22.0304 4048 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
01:27:22.0312 4048 RDPWD - ok
01:27:22.0427 4048 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
01:27:22.0433 4048 RFCOMM - ok
01:27:22.0484 4048 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
01:27:22.0491 4048 rspndr - ok
01:27:22.0539 4048 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:27:22.0545 4048 sbp2port - ok
01:27:22.0650 4048 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
01:27:22.0657 4048 sdbus - ok
01:27:22.0708 4048 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:27:22.0714 4048 secdrv - ok
01:27:22.0763 4048 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:27:22.0768 4048 Serenum - ok
01:27:22.0816 4048 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:27:22.0823 4048 Serial - ok
01:27:22.0859 4048 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
01:27:22.0865 4048 sermouse - ok
01:27:22.0902 4048 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
01:27:22.0909 4048 sffdisk - ok
01:27:22.0934 4048 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
01:27:22.0940 4048 sffp_mmc - ok
01:27:22.0968 4048 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
01:27:22.0975 4048 sffp_sd - ok
01:27:23.0032 4048 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
01:27:23.0037 4048 sfloppy - ok
01:27:23.0077 4048 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
01:27:23.0083 4048 sisagp - ok
01:27:23.0124 4048 SiSGbeLH (42c5de6854f32e6fd399ac8f69fd5fa8) C:\Windows\system32\DRIVERS\SiSGB6.sys
01:27:23.0130 4048 SiSGbeLH - ok
01:27:23.0162 4048 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
01:27:23.0168 4048 SiSRaid2 - ok
01:27:23.0201 4048 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
01:27:23.0207 4048 SiSRaid4 - ok
01:27:23.0258 4048 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
01:27:23.0265 4048 Smb - ok
01:27:23.0358 4048 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
01:27:23.0371 4048 smserial - ok
01:27:23.0512 4048 SNP2UVC (060f51141b20b8156804446a04ab8b2a) C:\Windows\system32\DRIVERS\snp2uvc.sys
01:27:23.0530 4048 SNP2UVC - ok
01:27:23.0566 4048 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
01:27:23.0573 4048 spldr - ok
01:27:23.0647 4048 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
01:27:23.0647 4048 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
01:27:23.0655 4048 sptd ( LockedFile.Multi.Generic ) - warning
01:27:23.0655 4048 sptd - detected LockedFile.Multi.Generic (1)
01:27:23.0736 4048 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
01:27:23.0743 4048 srv - ok
01:27:23.0794 4048 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
01:27:23.0803 4048 srv2 - ok
01:27:23.0837 4048 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
01:27:23.0844 4048 srvnet - ok
01:27:23.0888 4048 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
01:27:23.0895 4048 ssmdrv - ok
01:27:23.0937 4048 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
01:27:23.0943 4048 SSPORT - ok
01:27:24.0081 4048 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
01:27:24.0090 4048 swenum - ok
01:27:24.0133 4048 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:27:24.0141 4048 Symc8xx - ok
01:27:24.0195 4048 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:27:24.0204 4048 Sym_hi - ok
01:27:24.0240 4048 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:27:24.0249 4048 Sym_u3 - ok
01:27:24.0372 4048 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
01:27:24.0380 4048 SynTP - ok
01:27:24.0456 4048 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
01:27:24.0469 4048 Tcpip - ok
01:27:24.0511 4048 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
01:27:24.0524 4048 Tcpip6 - ok
01:27:24.0561 4048 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
01:27:24.0568 4048 tcpipreg - ok
01:27:24.0607 4048 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
01:27:24.0614 4048 TDPIPE - ok
01:27:24.0651 4048 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
01:27:24.0658 4048 TDTCP - ok
01:27:24.0691 4048 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
01:27:24.0698 4048 tdx - ok
01:27:24.0734 4048 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
01:27:24.0741 4048 TermDD - ok
01:27:24.0817 4048 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:27:24.0824 4048 tssecsrv - ok
01:27:24.0862 4048 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
01:27:24.0869 4048 tunmp - ok
01:27:24.0900 4048 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
01:27:24.0908 4048 tunnel - ok
01:27:24.0936 4048 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
01:27:24.0943 4048 uagp35 - ok
01:27:24.0984 4048 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
01:27:24.0992 4048 udfs - ok
01:27:25.0061 4048 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
01:27:25.0069 4048 uliagpkx - ok
01:27:25.0103 4048 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
01:27:25.0111 4048 uliahci - ok
01:27:25.0133 4048 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:27:25.0140 4048 UlSata - ok
01:27:25.0178 4048 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:27:25.0185 4048 ulsata2 - ok
01:27:25.0215 4048 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
01:27:25.0222 4048 umbus - ok
01:27:25.0460 4048 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
01:27:25.0461 4048 UnlockerDriver5 - ok
01:27:25.0651 4048 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
01:27:25.0659 4048 usbaudio - ok
01:27:25.0698 4048 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
01:27:25.0706 4048 usbccgp - ok
01:27:25.0744 4048 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:27:25.0751 4048 usbcir - ok
01:27:25.0833 4048 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
01:27:25.0840 4048 usbehci - ok
01:27:25.0878 4048 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
01:27:25.0888 4048 usbhub - ok
01:27:25.0912 4048 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
01:27:25.0920 4048 usbohci - ok
01:27:25.0964 4048 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
01:27:25.0972 4048 usbprint - ok
01:27:26.0103 4048 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
01:27:26.0110 4048 usbscan - ok
01:27:26.0162 4048 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:27:26.0170 4048 USBSTOR - ok
01:27:26.0218 4048 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
01:27:26.0226 4048 usbuhci - ok
01:27:26.0248 4048 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
01:27:26.0256 4048 usbvideo - ok
01:27:26.0289 4048 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
01:27:26.0296 4048 vga - ok
01:27:26.0312 4048 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
01:27:26.0321 4048 VgaSave - ok
01:27:26.0346 4048 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
01:27:26.0354 4048 viaagp - ok
01:27:26.0379 4048 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
01:27:26.0386 4048 ViaC7 - ok
01:27:26.0410 4048 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
01:27:26.0418 4048 viaide - ok
01:27:26.0461 4048 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
01:27:26.0468 4048 volmgr - ok
01:27:26.0513 4048 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
01:27:26.0524 4048 volmgrx - ok
01:27:26.0557 4048 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
01:27:26.0568 4048 volsnap - ok
01:27:26.0610 4048 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
01:27:26.0619 4048 vsmraid - ok
01:27:26.0655 4048 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:27:26.0665 4048 WacomPen - ok
01:27:26.0700 4048 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:27:26.0709 4048 Wanarp - ok
01:27:26.0735 4048 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:27:26.0746 4048 Wanarpv6 - ok
01:27:26.0797 4048 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
01:27:26.0806 4048 Wd - ok
01:27:26.0853 4048 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
01:27:26.0866 4048 Wdf01000 - ok
01:27:27.0093 4048 WmFilter (cffe18db8140b00335221907a694dd01) C:\Windows\system32\drivers\WmFilter.sys
01:27:27.0102 4048 WmFilter - ok
01:27:27.0161 4048 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:27:27.0170 4048 WmiAcpi - ok
01:27:27.0231 4048 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
01:27:27.0240 4048 ws2ifsl - ok
01:27:27.0357 4048 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:27:27.0367 4048 WUDFRd - ok
01:27:27.0426 4048 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
01:27:27.0439 4048 xnacc - ok
01:27:27.0571 4048 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
01:27:27.0581 4048 xusb21 - ok
01:27:27.0634 4048 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
01:27:27.0644 4048 yukonwlh - ok
01:27:27.0673 4048 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
01:27:27.0783 4048 \Device\Harddisk0\DR0 - ok
01:27:27.0793 4048 Boot (0x1200) (58d05d33716f8103d6c9c0e84086a8b6) \Device\Harddisk0\DR0\Partition0
01:27:27.0796 4048 \Device\Harddisk0\DR0\Partition0 - ok
01:27:27.0838 4048 Boot (0x1200) (12aa7348563a13b65716e39d09fc4495) \Device\Harddisk0\DR0\Partition1
01:27:27.0840 4048 \Device\Harddisk0\DR0\Partition1 - ok
01:27:27.0841 4048 ============================================================
01:27:27.0841 4048 Scan finished
01:27:27.0841 4048 ============================================================
01:27:27.0856 3032 Detected object count: 1
01:27:27.0856 3032 Actual detected object count: 1
01:27:45.0551 3032 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
01:27:45.0553 3032 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
 
During the Combofix, it said something about a ZeroAccess rootkit, then the computer had to reboot. After rebooting, it never gave me a log, so basically it did exactly the same thing as before. So no combofix log. It isn't in C:\ either.

So what should I do next?
 
Let see if this will help run things better:

The malware also changes your Windows HOSTS file. We will need to replace the default version for your operating system. (Note:if you or your company has added custom entries to your HOSTS file then you will need to add them again after restoring the default HOSTS file.)

The malware, in order to protect itself,may change the permissions of the HOSTS file so you can't edit or delete it. To fix these permissions please download the following batch file and save it to your desktop:

Step 1: Restoring Permissions
  • Please download Hostsperm.bat and save it to our desktop.
  • Double-click on the hostsperm.bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run.
  • Once it starts you will see a small black window that opens, then goes away. This is normal.
You should now be able to access your HOSTS file.

Step 2: Show Hidden Files and Folders in Windows Vista:
  • Click on the Start button and select Computer
  • Select Folder Options> View tab
  • Check Show hidden files and folders
  • uncheckHide protected operating system files(Recommended)> Confirm Yes/b]
    [*] Then, uncheck the box next to Hide extensions for known filetypes
    [*] Click Apply then click OK


Step 3: Delete the hosts file
  • Using Windows Explorer> navigate to Computer> Local Drive> Windows> System 32> Drivers
  • Navigate to C:\Windows\System32\drivers\etc and do a right click> Delete and delete the hosts file.
  • Once it is deleted, go to next Step.

Step 4: Replacing the Hosts file for your operating system:
  • Download the following HOSTS file that corresponds to Vista HERE
  • Save it in the C:\Windows\System32\Drivers\etc folder.


Note: If the contents of the HOSTS file opens in your browser when you click on a link, then right-click on the ink and select Save Target As for in Internet Explorer, or Save Link As if in Firefox, to download the file.

Now reboot your computer.
 
Do a right click on this file> Properties> Uncheck the Read Only attribute:

R--- | C] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe

Now try to run the scan and recover the log
======================================
This is the file that runs the Security Center- it's missing. We'll see if there is copy on the system to replace it:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    winrnr.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
I'm not at the system look part yet, but I ran combofix again, it it still said that it detected a ZeroAccess rootkit, and because it detected a rootkit, the scan may take a while longer, then it told me to reboot, and when I did, and windows started up again, I didn't get the combo fix log, and it isn't in C:/ either. So basically the same thing happened... again.
 
Status
Not open for further replies.
Back