Solved Windows 7 Google Redirect

yugao · 2011/05/22

[Resolved] Windows 7 Google Redirect

Hi,

I am running Windows 7 Ultimate. A few days ago, I caught the fake Windows Recovery Virus where it hides all my files and tells me that my HDD is corrupt. The idea is to trick me into buying their fake antivirus. I used Malware Bytes and removed that virus. Now the problem I have is the Google redirect virus, where it redirects me to an ad everytime I click on a google search result.

I scanned my computer using:
~ESET, which didn't find anything.
~Microsoft Safety Scanner - found some stuff, but wasn't the redirect virus
~Webroot antivirus with spy sweeper - found some trojans and a lot of bad cookies
~Spybot Search & Destroy - also found some stuff, but wasn't the redirect virus
~comboFix - I will post the log below.
~I will also post the HijackThis log below.

After reading the Announcement section of the forum, I will also post the recent malware bytes log as well as the gmer, mbrcheck, and dds logs.

If anyone can help me solve this issue, it would be greatly appreciated!

Thanks,
Eddie

Malware Bytes Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6645

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

5/22/2011 5:57:25 PM
mbam-log-2011-05-22 (17-57-25).txt

Scan type: Quick scan
Objects scanned: 177971
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Log:

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-22 18:27:53
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST31500341AS rev.CC1H
Running: 8wd4j15w.exe; Driver: C:\Users\Eddie\AppData\Local\Temp\ugloapod.sys

---- System - GMER 1.0.15 ----

SSDT 868A85E0 ZwAllocateVirtualMemory
SSDT 868C17B0 ZwCreateProcess
SSDT 868C1578 ZwCreateProcessEx
SSDT 868A88B0 ZwCreateThread
SSDT 868A8400 ZwCreateThreadEx
SSDT 868A8478 ZwCreateUserProcess
SSDT 868A8658 ZwQueueApcThread
SSDT 868A84F0 ZwReadVirtualMemory
SSDT 868A8748 ZwSetContextThread
SSDT 89081FA8 ZwSetDefaultHardErrorPort
SSDT 868A89A0 ZwSetInformationProcess
SSDT 868A87C0 ZwSetInformationThread
SSDT 868A8928 ZwSuspendProcess
SSDT 868A86D0 ZwSuspendThread
SSDT 868C1500 ZwTerminateProcess
SSDT 868A8838 ZwTerminateThread
SSDT 868A8568 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 8307BA09 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8309B512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 830A2788 4 Bytes [E0, 85, 8A, 86]
.text ntoskrnl.exe!KeRemoveQueueEx + 14AB 830A2878 8 Bytes [B0, 17, 8C, 86, 78, 15, 8C, ...] {MOV AL, 0x17; MOV WORD [ESI-0x7973ea88], ES}
.text ntoskrnl.exe!KeRemoveQueueEx + 14CB 830A2898 8 Bytes [B0, 88, 8A, 86, 00, 84, 8A, ...] {MOV AL, 0x88; MOV AL, [ESI-0x79757c00]}
.text ntoskrnl.exe!KeRemoveQueueEx + 14E3 830A28B0 4 Bytes [78, 84, 8A, 86]
.text ntoskrnl.exe!KeRemoveQueueEx + 17A3 830A2B70 4 Bytes [58, 86, 8A, 86]
.text ...
? System32\Drivers\spgf.sys The system cannot find the path specified. !
PAGE ataport.SYS!DllUnload + 1 8C634AD7 4 Bytes JMP 85BA51D9
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9402F000, 0x388539, 0xE8000020]
.text USBPORT.SYS!DllUnload 92BA8DB9 5 Bytes JMP 876A01D8
.text atxmrqx9.SYS 94831000 12 Bytes [44, 48, 01, 83, EE, 46, 01, ...]
.text atxmrqx9.SYS 9483100D 9 Bytes [27, 01, 83, 48, 4B, 01, 83, ...] {DAA ; ADD [EBX-0x7cfeb4b8], EAX; ADD [EAX], AL}
.text atxmrqx9.SYS 94831017 170 Bytes [00, DE, A7, B0, 83, E6, A5, ...]
.text atxmrqx9.SYS 948310C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text atxmrqx9.SYS 948310CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\Users\Eddie\AppData\Local\Temp\ALSysIO.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[252] kernel32.dll!SetUnhandledExceptionFilter 77033D01 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 779F5F18 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 779F6A98 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 779F7008 5 Bytes JMP 0017000A
.text C:\Windows\system32\svchost.exe[1116] ole32.dll!CoCreateInstance 77809D0B 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!GetCursorPos 75E0A4B3 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!GetForegroundWindow 75E1335D 5 Bytes JMP 001B000A
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!WindowFromPoint 75E36BE9 5 Bytes JMP 0019000A
.text C:\Windows\Explorer.exe[1444] ntdll.dll!NtProtectVirtualMemory 779F5F18 5 Bytes JMP 00D8000A
.text C:\Windows\Explorer.exe[1444] ntdll.dll!NtWriteVirtualMemory 779F6A98 5 Bytes JMP 00D9000A
.text C:\Windows\Explorer.exe[1444] ntdll.dll!KiUserExceptionDispatcher 779F7008 5 Bytes JMP 00D7000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1588] ntdll.dll!NtProtectVirtualMemory 779F5F18 5 Bytes JMP 0032000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1588] ntdll.dll!NtWriteVirtualMemory 779F6A98 5 Bytes JMP 0033000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1588] ntdll.dll!KiUserExceptionDispatcher 779F7008 5 Bytes JMP 0031000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [83A38DDC] \SystemRoot\System32\Drivers\spgf.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [83A38E30] \SystemRoot\System32\Drivers\spgf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83A0E042] \SystemRoot\System32\Drivers\spgf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [83A0E6D6] \SystemRoot\System32\Drivers\spgf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [83A0E800] \SystemRoot\System32\Drivers\spgf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [83A0E13E] \SystemRoot\System32\Drivers\spgf.sys
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
IAT \SystemRoot\System32\Drivers\atxmrqx9.SYS[NTOSKRNL.exe!KeTickCount] 78801875

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 868661F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\volmgr \Device\VolMgrControl 85BA71F8
Device \Driver\usbuhci \Device\USBPDO-0 876C71F8
Device \Driver\usbuhci \Device\USBPDO-1 876C71F8
Device \Driver\usbuhci \Device\USBPDO-2 876C71F8
Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-3 876C71F8
Device \Driver\usbehci \Device\USBPDO-4 876CB500
Device \Driver\volmgr \Device\HarddiskVolume1 85BA71F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 877641F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85BA91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 85BA91F8
Device \Driver\atapi \Device\Ide\IdePort0 85BA91F8
Device \Driver\atapi \Device\Ide\IdePort1 85BA91F8
Device \Driver\atapi \Device\Ide\IdePort2 85BA91F8
Device \Driver\atapi \Device\Ide\IdePort3 85BA91F8
Device \Driver\cdrom \Device\CdRom1 877641F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 87760500
Device \Driver\sptd \Device\1119605858 spgf.sys
Device \Driver\PCI_PNP7108 \Device\0000005b spgf.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{F2A3E2AD-C879-46B9-95E2-E0F2B12409D9} 87760500
Device \Driver\usbuhci \Device\USBFDO-0 876C71F8
Device \Driver\usbuhci \Device\USBFDO-1 876C71F8
Device \Driver\usbuhci \Device\USBFDO-2 876C71F8
Device \Driver\usbuhci \Device\USBFDO-3 876C71F8
Device \Driver\usbehci \Device\USBFDO-4 876CB500
Device \Driver\atxmrqx9 \Device\Scsi\atxmrqx91 876A81F8
Device \Driver\atxmrqx9 \Device\Scsi\atxmrqx91Port4Path0Target0Lun0 876A81F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0x3E 0x72 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9F 0x4D 0x8B 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x71 0xD5 0x9E 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0x3E 0x72 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9F 0x4D 0x8B 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x71 0xD5 0x9E 0xEE ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x16 0x94 0xD9 0x14 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

MBRCheck Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: ASRock
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 174):
0x83046000 \SystemRoot\system32\ntoskrnl.exe
0x8300F000 \SystemRoot\system32\halmacpi.dll
0x87765000 \SystemRoot\system32\kdcom.dll
0x83802000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83887000 \SystemRoot\system32\PSHED.dll
0x83898000 \SystemRoot\system32\BOOTVID.dll
0x838A0000 \SystemRoot\system32\CLFS.SYS
0x838E2000 \SystemRoot\system32\CI.dll
0x8398D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x839FE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83A0C000 \SystemRoot\System32\Drivers\spgf.sys
0x83AFF000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x83B08000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x83B2E000 \SystemRoot\system32\drivers\ACPI.sys
0x83B76000 \SystemRoot\system32\drivers\msisadrv.sys
0x83B7E000 \SystemRoot\system32\drivers\vdrvroot.sys
0x83B89000 \SystemRoot\system32\drivers\pci.sys
0x83BB3000 \SystemRoot\System32\drivers\partmgr.sys
0x83BC4000 \SystemRoot\system32\DRIVERS\sshrmd.sys
0x83BCE000 \SystemRoot\system32\DRIVERS\ssidrv.sys
0x8C428000 \SystemRoot\system32\DRIVERS\msrpc.sys
0x8C453000 \SystemRoot\system32\DRIVERS\NETIO.SYS
0x8C491000 \SystemRoot\system32\DRIVERS\NDIS.SYS
0x8C548000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C554000 \SystemRoot\system32\drivers\volmgr.sys
0x8C564000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C5AF000 \SystemRoot\system32\drivers\intelide.sys
0x8C5B6000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8C5C4000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C5DA000 \SystemRoot\system32\drivers\vmbus.sys
0x8C604000 \SystemRoot\system32\drivers\winhv.sys
0x8C616000 \SystemRoot\system32\drivers\atapi.sys
0x8C61F000 \SystemRoot\system32\drivers\ataport.SYS
0x8C642000 \SystemRoot\system32\drivers\amdxata.sys
0x8C64B000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C67F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C690000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C69A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C7C9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C825000 \SystemRoot\System32\Drivers\cng.sys
0x8C882000 \SystemRoot\System32\drivers\pcw.sys
0x8C890000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C899000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C8BE000 \SystemRoot\System32\drivers\tcpip.sys
0x8CA08000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CA39000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8CA42000 \SystemRoot\system32\drivers\volsnap.sys
0x8CA81000 \SystemRoot\System32\Drivers\spldr.sys
0x8CA89000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CAB6000 \SystemRoot\System32\Drivers\mup.sys
0x8CAC6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CACE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CB00000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CB11000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CB68000 \SystemRoot\system32\drivers\cdrom.sys
0x8CB87000 \SystemRoot\System32\Drivers\Null.SYS
0x8CB8E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CB95000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x8CBB2000 \SystemRoot\System32\drivers\vga.sys
0x8CBBE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CBDF000 \SystemRoot\System32\drivers\watchdog.sys
0x8CBEC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CBF4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C800000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C808000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C813000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C7DC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9282E000 \SystemRoot\system32\drivers\afd.sys
0x92888000 \SystemRoot\System32\DRIVERS\netbt.sys
0x928BA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x928D9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x928E0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x928EE000 \SystemRoot\system32\DRIVERS\serial.sys
0x92908000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9291B000 \SystemRoot\system32\drivers\termdd.sys
0x9292C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9296D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92977000 \SystemRoot\system32\drivers\mssmbios.sys
0x92981000 \SystemRoot\System32\drivers\discache.sys
0x9298D000 \SystemRoot\system32\drivers\csc.sys
0x929F1000 \SystemRoot\System32\Drivers\dfsc.sys
0x92A09000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92A17000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92A38000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x92A4A000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9402E000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x92A89000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92B40000 \SystemRoot\System32\drivers\dxgmms1.sys
0x947DA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x94000000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x92B79000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x92B84000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92BCF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92BDE000 \SystemRoot\system32\DRIVERS\fdc.sys
0x92800000 \SystemRoot\system32\DRIVERS\parport.sys
0x92818000 \SystemRoot\system32\DRIVERS\serenum.sys
0x94025000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x94830000 \SystemRoot\System32\Drivers\atxmrqx9.SYS
0x94869000 \SystemRoot\system32\drivers\CompositeBus.sys
0x94876000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x94888000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x948A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x948AB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x948CD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x948E5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x948FC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x94913000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9491D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9492A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x94937000 \SystemRoot\system32\drivers\swenum.sys
0x94939000 \SystemRoot\system32\drivers\ks.sys
0x9496D000 \SystemRoot\system32\drivers\umbus.sys
0x9497B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x949BF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x949C9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x949DA000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x949F8000 \SystemRoot\system32\drivers\portcls.sys
0x94A27000 \SystemRoot\system32\drivers\drmk.sys
0x95416000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x95717000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95724000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9572F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95738000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95749000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95760000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96021000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0x96442000 \SystemRoot\system32\drivers\usbaudio.sys
0x96456000 \SystemRoot\system32\DRIVERS\lvrs.sys
0x97130000 \SystemRoot\System32\win32k.sys
0x9649C000 \SystemRoot\System32\drivers\Dxapi.sys
0x964A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x964B1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x964C4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x964CB000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x964D4000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x964DC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x964E7000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x964EF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x964FB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97390000 \SystemRoot\System32\TSDDD.dll
0x973C0000 \SystemRoot\System32\cdd.dll
0x97000000 \SystemRoot\System32\ATMFD.DLL
0x96506000 \SystemRoot\system32\drivers\luafv.sys
0x96521000 \SystemRoot\system32\DRIVERS\eamon.sys
0x965DD000 \SystemRoot\system32\DRIVERS\ssfmonm.sys
0x965EB000 \SystemRoot\system32\drivers\WudfPf.sys
0x96605000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96615000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9665B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9666B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9667E000 \SystemRoot\system32\drivers\HTTP.sys
0x96703000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9671C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9672E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x96751000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9678C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x967A7000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x967AE000 \SystemRoot\System32\Drivers\adfs.SYS
0x967BF000 \??\C:\Windows\system32\drivers\cpuz135_x32.sys
0x967C8000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x95762000 \SystemRoot\system32\drivers\peauth.sys
0x967E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x96000000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x967EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x94A40000 \SystemRoot\System32\DRIVERS\srv2.sys
0x94A90000 \SystemRoot\System32\DRIVERS\srv.sys
0x967F8000 \??\C:\Program Files\MSI Afterburner\RTCore32.sys
0x95400000 \??\C:\Users\Eddie\AppData\Local\Temp\ALSysIO.sys
0x967FA000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x94B4C000 \??\C:\Users\Eddie\AppData\Local\Temp\ugloapod.sys
0x779B0000 \Windows\System32\ntdll.dll
0x47A00000 \Windows\System32\smss.exe
0x77BF0000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 60):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
424 csrss.exe
512 C:\Windows\System32\wininit.exe
524 csrss.exe
564 C:\Windows\System32\services.exe
580 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\winlogon.exe
736 C:\Windows\System32\svchost.exe
808 C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
848 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\atiesrxx.exe
1048 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1164 C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
1480 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\atieclxx.exe
1644 C:\Windows\System32\svchost.exe
1868 C:\Windows\System32\spoolsv.exe
1900 C:\Windows\System32\svchost.exe
1996 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2020 C:\Program Files\Bonjour\mDNSResponder.exe
252 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
384 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
440 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
1588 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2100 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2228 C:\Windows\System32\svchost.exe
2272 C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
2596 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2884 C:\Windows\System32\taskeng.exe
3004 C:\Windows\System32\taskhost.exe
3024 C:\Windows\System32\dwm.exe
3060 C:\Program Files\MSI Afterburner\MSIAfterburner.exe
3080 C:\Program Files\Core Temp\Core Temp.exe
3820 C:\Windows\System32\svchost.exe
2980 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3120 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3284 C:\Windows\System32\ico.exe
3852 C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
3896 C:\Windows\System32\SearchIndexer.exe
956 C:\Program Files\Windows Media Player\wmpnetwk.exe
3160 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\svchost.exe
1444 C:\Windows\explorer.exe
4420 C:\Windows\System32\UI0Detect.exe
5600 C:\Windows\System32\audiodg.exe
4964 C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
2324 C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
996 C:\Windows\System32\rundll32.exe
5584 C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
2816 C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
2588 C:\Windows\System32\SearchProtocolHost.exe
4592 C:\Windows\System32\SearchFilterHost.exe
3124 C:\Users\Eddie\Desktop\MBRCheck.exe
2824 C:\Windows\System32\conhost.exe
4936 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST31500341AS, Rev: CC1H

Size Device Name MBR Status
--------------------------------------------
1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

broni · 2011/05/22

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================

I still need DDS logs.

Do you still have any hidden files there?

yugao · 2011/05/22

All of my files are back, except the shortcuts in my start menu are all gone, but that is not too bad.

Here are the rest of the logs, they were too big to post all in one post sorry.

DDS Log:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by Eddie at 18:30:03 on 2011-05-22
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3263.1542 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\System32\ico.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Explorer.exe
C:\Windows\system32\UI0Detect.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eddie\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe "
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
mRun: [Adobe_ID0ENQBO] "c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE "
mRun: [Mouse Suite 98 Daemon] "ICO.EXE "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE "
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe "
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-3-10 22504]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-22 1153368]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2011-5-20 47120]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-31 428640]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2011-5-20 3900032]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-5-20 3276136]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2005-5-24 4608]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-23 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-8-5 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-8-5 398720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-26 1343400]
.
=============== Created Last 30 ================
.
2011-05-23 00:28:47 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-22 22:53:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-22 22:53:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-22 09:09:52 98816 ----a-w- c:\windows\sed.exe
2011-05-22 09:09:52 89088 ----a-w- c:\windows\MBR.exe
2011-05-22 09:09:52 256512 ----a-w- c:\windows\PEV.exe
2011-05-22 09:09:52 161792 ----a-w- c:\windows\SWREG.exe
2011-05-22 08:35:40 -------- d-----w- c:\users\eddie\appdata\local\Apps
2011-05-22 08:35:39 -------- d-----w- c:\users\eddie\appdata\local\Deployment
2011-05-22 07:25:46 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-20 17:47:28 47120 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-05-20 17:47:28 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-05-20 17:47:28 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-05-20 17:44:09 -------- dc-h--w- c:\programdata\{3C707538-83E3-4DAC-9218-6D79F3B9FEA5}
2011-05-20 17:43:39 -------- d-----w- c:\program files\Webroot
2011-05-20 17:43:26 -------- d-----w- c:\programdata\Webroot
2011-05-20 17:43:25 -------- d-----w- c:\users\eddie\appdata\local\PackageAware
2011-05-20 10:24:13 -------- d-----w- c:\programdata\STOPzilla!
2011-05-20 04:56:25 -------- d-----w- c:\users\eddie\appdata\roaming\Malwarebytes
2011-05-20 04:56:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 04:56:19 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 04:56:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 04:56:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 01:23:41 0 ----a-w- c:\users\eddie\appdata\local\Xxeseqonofaj.bin
2011-05-20 01:23:40 -------- d-----w- c:\users\eddie\appdata\local\{C3D1E3D5-65A5-4DEA-AF62-8AFD1603BD59}
2011-05-19 17:47:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 23:33:40 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ba612a49-adbf-4e4d-b37a-6dbe2dfdd338}\mpengine.dll
2011-05-11 03:12:19 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 03:12:18 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 03:12:18 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 03:12:18 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 03:12:18 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 03:12:18 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 03:12:15 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 03:12:12 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 03:12:11 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 00:22:22 40960 ----a-w- c:\windows\system32\eax.dll
2011-05-11 00:22:22 -------- d-----w- c:\program files\Creative Labs
2011-05-11 00:21:50 -------- d-----w- c:\program files\EidosNet
2011-05-11 00:21:50 -------- d-----w- c:\program files\Eidos Interactive
2011-05-11 00:21:31 306688 ----a-w- c:\windows\IsUninst.exe
2011-05-07 01:40:10 -------- d-----w- c:\program files\iPod
2011-05-07 01:40:09 -------- d-----w- c:\program files\iTunes
2011-05-07 01:37:17 -------- d-----w- c:\program files\Bonjour
2011-04-28 06:35:31 -------- d-----w- c:\program files\Dyyno
2011-04-27 00:44:30 -------- d-----w- c:\programdata\Skype Extras
2011-04-27 00:44:13 -------- d-----r- c:\program files\Skype
2011-04-24 19:29:02 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
==================== Find3M ====================
.
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-01 05:11:10 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-04-01 05:10:46 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 05:10:24 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 05:09:48 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-04-01 05:08:56 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 05:08:36 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 05:07:02 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 05:07:02 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06:56 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 04:56:20 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:39:05 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:39:00 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:39:00 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:39:00 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:38:51 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:38:37 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:38:37 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31:07 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-09 16:21:36 7723008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 12:19:24 17397248 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-09 11:57:06 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 11:56:56 679424 ----a-w- c:\windows\system32\aticfx32.dll
2011-03-09 11:53:44 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 11:53:20 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 11:52:56 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 11:51:58 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-03-09 11:51:44 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-09 11:51:36 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-09 11:51:30 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 11:51:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-09 11:48:48 4277760 ----a-w- c:\windows\system32\atidxx32.dll
2011-03-09 11:34:36 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-09 11:34:24 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-09 11:32:34 5618688 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-09 11:30:32 4294656 ----a-w- c:\windows\system32\atiumdag.dll
2011-03-09 11:18:10 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 11:17:58 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 11:17:50 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-03-09 11:17:26 239616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 11:17:02 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-03-09 11:16:50 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-03-09 11:16:26 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-03-09 11:16:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 11:11:06 52736 ----a-w- c:\windows\system32\coinst.dll
2011-03-09 10:42:08 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-03-09 10:34:14 3471872 ----a-w- c:\windows\system32\atiumdva.dll
2011-03-09 10:18:54 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-09 10:18:54 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-07 05:33:13 981504 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 03:52:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 05:30:54 2616320 ----a-w- c:\windows\explorer.exe
2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 01:29:47 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-23 04:48:17 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:48:01 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:47:54 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:47:45 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:47:40 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:47:36 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:47:33 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
============= FINISH: 18:31:29.19 ===============

Attach Log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/26/2010 4:56:30 AM
System Uptime: 5/22/2011 5:20:44 PM (1 hours ago)
.
Motherboard: ASRock | | G31M-S
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPUSocket | 2874/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 1397 GiB total, 755.47 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP210: 5/17/2011 4:33:23 PM - Windows Update
RP211: 5/17/2011 9:55:31 PM - Installed Apache HTTP Server 2.2.18
RP213: 5/19/2011 6:22:28 PM - Windows Defender Checkpoint
RP214: 5/20/2011 3:23:21 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP216: 5/20/2011 3:31:10 AM - StopZILLA! Restore Point.
RP217: 5/20/2011 10:30:18 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP218: 5/22/2011 1:31:22 AM - Removed Apache HTTP Server 2.2.18
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
3D Sound Back Beta0.1
Acrobat.com
Adobe Acrobat 9 Pro - English, FranÃ§ais, Deutsch
Adobe Acrobat 9.4.4 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Aion
AMD Drag and Drop Transcoding
Apache Tomcat 6.0.20
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Connect
Core Temp version 0.99.8
CPUID CPU-Z 1.57
Definition update for Microsoft Office 2010 (KB982726)
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
EAX(tm) Unified (SHELL)
erLT
ESET NOD32 Antivirus
Google Chrome
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HydraVision
ImgBurn
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 23
Java(TM) SE Development Kit 6 Update 20
kuler
Logitech SetPoint 5.20
LogonStudio Vista
Malwarebytes' Anti-Malware
MapleStory
MATLAB R2010b
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Standard 2010
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Mouse Suite
MSI Afterburner 2.1.0
MySQL Server 5.1
NCsoft Launcher
NetBeans IDE 6.8
Nexon Game Manager
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Portal 2
QuickTime
Realtek High Definition Audio Driver
RIFT
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skypeâ„¢ 5.3
Spybot - Search & Destroy
StarCraft II
Suite Shared Configuration CS4
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Outlook 2007 Junk Email Filter (KB2536413)
User's Guides
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Vimicro USB2.0 UVC PC Camera
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.1.9
Webroot Software
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
5/22/2011 5:20:54 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
5/22/2011 5:10:30 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/22/2011 4:59:35 PM, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
5/22/2011 4:57:41 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
5/22/2011 3:01:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8321878a, 0x91367864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052211-24250-01.
5/22/2011 2:34:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8321778a, 0x80e4d864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052211-20312-01.
5/21/2011 9:36:24 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
5/21/2011 9:34:24 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
5/21/2011 9:34:24 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
5/21/2011 9:34:24 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
5/21/2011 9:34:24 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
5/21/2011 9:34:24 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
5/21/2011 9:34:24 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
5/21/2011 9:34:24 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
5/21/2011 9:34:24 PM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
5/21/2011 9:34:24 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
5/21/2011 9:34:24 PM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
5/21/2011 9:34:24 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2011 9:21:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/21/2011 9:21:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
5/21/2011 9:18:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
5/21/2011 9:17:56 PM, Error: Microsoft-Windows-TaskScheduler [701] - Task Scheduler service failed to start Task Compatibility module. Tasks may not be able to register on previous Window versions. Additional Data: Error Value: 2147943624.
5/21/2011 9:16:53 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
5/21/2011 9:16:53 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/21/2011 9:16:53 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/21/2011 9:16:53 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2011 9:16:53 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2011 9:16:53 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/21/2011 9:16:53 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2011 9:16:53 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/21/2011 9:16:53 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/21/2011 9:16:53 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/21/2011 9:16:53 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2011 4:59:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
5/21/2011 4:59:24 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/21/2011 4:42:43 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/20/2011 3:30:23 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/20/2011 3:29:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
5/20/2011 12:04:40 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/20/2011 10:34:37 AM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/19/2011 9:29:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
5/19/2011 9:29:47 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

yugao · 2011/05/22

ComboFix Log:

ComboFix 11-05-21.03 - Eddie 05/22/2011 16:59:47.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3263.2293 [GMT -7:00]
Running from: c:\users\Eddie\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Eddie\AppData\Roaming\.#
c:\users\Eddie\AppData\Roaming\Adobe\shed
c:\users\Eddie\AppData\Roaming\Adobe\shed\thr1.chm
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 00:19 . 2011-05-23 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 22:53 . 2011-05-22 23:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-22 22:53 . 2011-05-22 23:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-22 08:35 . 2011-05-22 08:35 -------- d-----w- c:\users\Eddie\AppData\Local\Apps
2011-05-22 08:35 . 2011-05-22 08:35 -------- d-----w- c:\users\Eddie\AppData\Local\Deployment
2011-05-22 07:25 . 2011-05-22 07:25 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-20 17:47 . 2011-04-19 01:05 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-05-20 17:47 . 2011-04-19 01:05 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-05-20 17:47 . 2011-04-19 01:05 47120 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-05-20 17:44 . 2011-05-20 17:44 -------- dc-h--w- c:\programdata\{3C707538-83E3-4DAC-9218-6D79F3B9FEA5}
2011-05-20 17:43 . 2011-05-20 17:43 -------- d-----w- c:\program files\Webroot
2011-05-20 17:43 . 2011-05-22 22:59 -------- d-----w- c:\programdata\Webroot
2011-05-20 17:43 . 2011-05-20 17:43 -------- d-----w- c:\users\Eddie\AppData\Local\PackageAware
2011-05-20 10:24 . 2011-05-20 17:31 -------- d-----w- c:\programdata\STOPzilla!
2011-05-20 04:56 . 2011-05-20 04:56 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2011-05-20 04:56 . 2011-05-20 04:56 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 04:56 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 04:56 . 2011-05-20 04:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 04:56 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 01:23 . 2011-05-20 01:23 0 ----a-w- c:\users\Eddie\AppData\Local\Xxeseqonofaj.bin
2011-05-20 01:23 . 2011-05-20 01:23 -------- d-----w- c:\users\Eddie\AppData\Local\{C3D1E3D5-65A5-4DEA-AF62-8AFD1603BD59}
2011-05-19 17:47 . 2011-05-19 17:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 23:33 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA612A49-ADBF-4E4D-B37A-6DBE2DFDD338}\mpengine.dll
2011-05-11 03:12 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 03:12 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 03:12 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 03:12 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 03:12 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 03:12 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 03:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 03:12 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 03:12 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 00:22 . 2011-05-11 00:22 -------- d-----w- c:\program files\Creative Labs
2011-05-11 00:22 . 1999-07-06 21:13 40960 ----a-w- c:\windows\system32\eax.dll
2011-05-11 00:21 . 2011-05-11 00:22 -------- d-----w- c:\program files\EidosNet
2011-05-11 00:21 . 2011-05-11 00:21 -------- d-----w- c:\program files\Eidos Interactive
2011-05-11 00:21 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-05-07 01:40 . 2011-05-07 01:40 -------- d-----w- c:\program files\iPod
2011-05-07 01:40 . 2011-05-07 01:41 -------- d-----w- c:\program files\iTunes
2011-05-07 01:37 . 2011-05-07 01:37 -------- d-----w- c:\program files\Bonjour
2011-04-28 06:35 . 2011-04-28 07:48 -------- d-----w- c:\program files\Dyyno
2011-04-27 00:44 . 2011-04-27 00:45 -------- d-----w- c:\programdata\Skype Extras
2011-04-27 00:44 . 2011-04-27 00:44 -------- d-----w- c:\program files\Common Files\Skype
2011-04-27 00:44 . 2011-04-27 00:44 -------- d-----r- c:\program files\Skype
2011-04-24 19:29 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-01 05:11 . 2011-04-01 05:11 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-04-01 05:10 . 2011-04-01 05:10 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 05:10 . 2011-04-01 05:10 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 05:09 . 2011-04-01 05:09 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-04-01 05:08 . 2011-04-01 05:08 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 05:08 . 2011-04-01 05:08 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 05:07 . 2011-04-01 05:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 05:07 . 2011-04-01 05:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06 . 2011-04-01 05:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 04:56 . 2011-04-01 04:56 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-11 05:33 . 2011-04-12 22:52 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-04-12 22:52 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 16:21 . 2011-03-09 16:21 7723008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 12:19 . 2011-03-09 12:19 17397248 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-09 11:57 . 2011-03-09 11:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 11:56 . 2010-05-27 17:02 679424 ----a-w- c:\windows\system32\aticfx32.dll
2011-03-09 11:53 . 2011-03-09 11:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 11:53 . 2011-01-27 06:55 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 11:52 . 2011-01-27 06:55 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 11:51 . 2011-03-09 11:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-03-09 11:51 . 2010-05-27 16:58 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-09 11:51 . 2011-03-09 11:51 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-09 11:51 . 2011-03-09 11:51 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 11:51 . 2011-03-09 11:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-09 11:48 . 2010-05-27 16:54 4277760 ----a-w- c:\windows\system32\atidxx32.dll
2011-03-09 11:34 . 2011-03-09 11:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-09 11:34 . 2011-03-09 11:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-09 11:32 . 2011-03-09 11:32 5618688 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-09 11:30 . 2010-05-27 16:37 4294656 ----a-w- c:\windows\system32\atiumdag.dll
2011-03-09 11:18 . 2010-07-07 01:16 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 11:17 . 2011-03-09 11:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 11:17 . 2011-03-09 11:17 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-03-09 11:17 . 2011-03-09 11:17 239616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 11:17 . 2010-05-27 16:24 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-03-09 11:16 . 2010-05-27 16:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-03-09 11:16 . 2011-03-09 11:16 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-03-09 11:16 . 2011-03-09 11:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 11:11 . 2010-07-07 01:24 52736 ----a-w- c:\windows\system32\coinst.dll
2011-03-09 10:42 . 2011-03-09 10:42 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-03-09 10:34 . 2010-05-27 16:31 3471872 ----a-w- c:\windows\system32\atiumdva.dll
2011-03-09 10:18 . 2011-03-09 10:18 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-09 10:18 . 2011-03-09 10:18 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-08 05:28 . 2011-04-12 22:52 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-07 05:33 . 2011-04-12 22:52 981504 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 03:52 . 2011-04-12 22:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-03 05:38 . 2011-04-12 22:52 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36 . 2011-04-12 22:52 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42 . 2011-04-12 22:52 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:38 . 2011-04-12 22:51 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 01:29 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-23 04:48 . 2011-04-12 22:52 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:48 . 2011-04-12 22:52 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:47 . 2011-04-12 22:52 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:47 . 2011-04-12 22:52 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:47 . 2011-04-12 22:52 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:47 . 2011-04-12 22:52 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:47 . 2011-04-12 22:52 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Mouse Suite 98 Daemon "= "ICO.EXE" [2004-07-14 57344]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2009-06-17 55824]
"WebrootTrayApp "= "c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-05-20 1378352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@= "FSFilter System Recovery "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R1 eshcygkv;eshcygkv;c:\windows\system32\drivers\eshcygkv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-19 3595660]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-26 252416]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-27 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-28 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-20 22504]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2011-04-19 47120]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-05-20 3276136]
S3 ALSysIO;ALSysIO;c:\users\Eddie\AppData\Local\Temp\ALSysIO.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [2005-05-25 4608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4275705012-1076300711-2835624944-1000Core.job
- c:\users\Eddie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 08:35]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4275705012-1076300711-2835624944-1000UA.job
- c:\users\Eddie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 08:35]
.
2011-05-22 c:\windows\Tasks\MSIAfterburner.job
- c:\program files\MSI Afterburner\MSIAfterburner.exe [2011-02-15 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-PlayNC Launcher - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-FINAL FANTASY VIII - c:\program files\Eidos Interactive\Square Soft
AddRemove-FoxyTunesForFirefox - c:\program files\Mozilla Firefox\firefox.exe
AddRemove-nbi-glassfish-mod-sun-3.0.0.74.2 - c:\program files\sges-v3\uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL "
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version "=hex:16,94,d9,14,f1,ac,0f,b4,fb,fb,47,a3,db,f3,96,fc,ff,32,c2,28,b5,
23,c0,fe,03,d3,80,df,d6,9d,1f,1e,20,7c,2b,1f,bb,77,91,98,63,c2,ce,22,98,ca,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version "=hex:16,94,d9,14,f1,ac,0f,b4,fb,fb,47,a3,db,f3,96,fc,ff,32,c2,28,b5,
23,c0,fe,03,d3,80,df,d6,9d,1f,1e,20,7c,2b,1f,bb,77,91,98,63,c2,ce,22,98,ca,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\windows\system32\taskhost.exe
c:\program files\Core Temp\Core Temp.exe
c:\windows\system32\conhost.exe
c:\windows\System32\ico.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-22 17:30:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-23 00:30
.
Pre-Run: 811,014,074,368 bytes free
Post-Run: 811,011,743,744 bytes free
.
- - End Of File - - 04DBDAE996A176ED755A21E5393170C3

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:43:28 PM, on 5/22/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\System32\ico.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eddie\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] "C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE "
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] "ICO.EXE "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE "
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe

--
End of file - 7640 bytes

broni · 2011/05/22

To fix your hidden files issue...
Download and run UnHide
Let me know, if it worked.

Then...

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

yugao · 2011/05/22

UnHide was the program i used a few days ago to unhide my files. All the files on my desktop showed up. The folders in my start menu also showed up. However, the folders in the startmenu are all empty. Just in case, I ran unhide again and nothing has changed.

There is the TDSSKiller Log:

2011/05/22 19:38:49.0664 1228 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 19:38:50.0911 1228 ================================================================================
2011/05/22 19:38:50.0912 1228 SystemInfo:
2011/05/22 19:38:50.0912 1228
2011/05/22 19:38:50.0912 1228 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/22 19:38:50.0912 1228 Product type: Workstation
2011/05/22 19:38:50.0912 1228 ComputerName: EDDIE-PC
2011/05/22 19:38:50.0912 1228 UserName: Eddie
2011/05/22 19:38:50.0912 1228 Windows directory: C:\Windows
2011/05/22 19:38:50.0912 1228 System windows directory: C:\Windows
2011/05/22 19:38:50.0912 1228 Processor architecture: Intel x86
2011/05/22 19:38:50.0912 1228 Number of processors: 2
2011/05/22 19:38:50.0912 1228 Page size: 0x1000
2011/05/22 19:38:50.0912 1228 Boot type: Normal boot
2011/05/22 19:38:50.0912 1228 ================================================================================
2011/05/22 19:38:51.0189 1228 Initialize success
2011/05/22 19:38:58.0397 5600 ================================================================================
2011/05/22 19:38:58.0397 5600 Scan started
2011/05/22 19:38:58.0397 5600 Mode: Manual;
2011/05/22 19:38:58.0397 5600 ================================================================================
2011/05/22 19:38:59.0848 5600 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/05/22 19:38:59.0909 5600 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/05/22 19:38:59.0937 5600 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/05/22 19:39:00.0009 5600 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/05/22 19:39:00.0083 5600 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/22 19:39:00.0118 5600 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/22 19:39:00.0149 5600 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/22 19:39:00.0226 5600 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/05/22 19:39:00.0247 5600 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/05/22 19:39:00.0282 5600 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/22 19:39:00.0341 5600 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/05/22 19:39:00.0437 5600 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/05/22 19:39:00.0454 5600 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/05/22 19:39:00.0473 5600 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/22 19:39:00.0657 5600 amdkmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/22 19:39:00.0817 5600 amdkmdap (655053f7c0a3b551da84db7417a10e15) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/22 19:39:00.0842 5600 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/22 19:39:00.0902 5600 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/05/22 19:39:00.0935 5600 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/22 19:39:00.0960 5600 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/05/22 19:39:01.0056 5600 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/05/22 19:39:01.0130 5600 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/22 19:39:01.0154 5600 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/22 19:39:01.0213 5600 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/22 19:39:01.0272 5600 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/05/22 19:39:01.0341 5600 AtiHdmiService (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
2011/05/22 19:39:01.0502 5600 atikmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/22 19:39:01.0570 5600 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/22 19:39:01.0600 5600 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/22 19:39:01.0629 5600 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/22 19:39:01.0678 5600 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/22 19:39:01.0744 5600 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/22 19:39:01.0765 5600 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/22 19:39:01.0793 5600 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/22 19:39:01.0824 5600 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/22 19:39:01.0847 5600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/22 19:39:01.0875 5600 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/22 19:39:01.0892 5600 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/22 19:39:01.0919 5600 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/22 19:39:02.0020 5600 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/22 19:39:02.0075 5600 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/05/22 19:39:02.0104 5600 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/22 19:39:02.0152 5600 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/22 19:39:02.0211 5600 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/22 19:39:02.0242 5600 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/05/22 19:39:02.0281 5600 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/22 19:39:02.0309 5600 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/22 19:39:02.0381 5600 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/22 19:39:02.0459 5600 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/05/22 19:39:02.0481 5600 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/22 19:39:02.0541 5600 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/05/22 19:39:02.0609 5600 dc3d (33e7ab50f87f97abd9057205e27cb182) C:\Windows\system32\DRIVERS\dc3d.sys
2011/05/22 19:39:02.0671 5600 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/05/22 19:39:02.0699 5600 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/22 19:39:02.0722 5600 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/22 19:39:02.0793 5600 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/22 19:39:02.0847 5600 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/22 19:39:02.0938 5600 eamon (e31464ce787e3a0ffea55baa591897f0) C:\Windows\system32\DRIVERS\eamon.sys
2011/05/22 19:39:03.0025 5600 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/22 19:39:03.0086 5600 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/05/22 19:39:03.0146 5600 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/22 19:39:03.0179 5600 epfwwfpr (9798f4c71df8a86266bb0476205411f9) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/05/22 19:39:03.0233 5600 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/05/22 19:39:03.0284 5600 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/22 19:39:03.0305 5600 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/22 19:39:03.0338 5600 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/22 19:39:03.0370 5600 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/22 19:39:03.0398 5600 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/22 19:39:03.0450 5600 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/22 19:39:03.0477 5600 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/22 19:39:03.0512 5600 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/22 19:39:03.0538 5600 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/22 19:39:03.0595 5600 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/22 19:39:03.0630 5600 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/22 19:39:03.0695 5600 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/22 19:39:03.0721 5600 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/22 19:39:03.0770 5600 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/05/22 19:39:03.0821 5600 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/22 19:39:03.0855 5600 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/22 19:39:03.0882 5600 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/22 19:39:03.0934 5600 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/22 19:39:03.0958 5600 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/22 19:39:04.0008 5600 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/22 19:39:04.0039 5600 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/05/22 19:39:04.0085 5600 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/22 19:39:04.0111 5600 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/05/22 19:39:04.0165 5600 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/05/22 19:39:04.0198 5600 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/22 19:39:04.0332 5600 IntcAzAudAddService (aee99ecf06cd1cea95816ccb5bf73ec8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/22 19:39:04.0391 5600 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/05/22 19:39:04.0445 5600 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/22 19:39:04.0470 5600 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/22 19:39:04.0498 5600 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/22 19:39:04.0522 5600 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/22 19:39:04.0590 5600 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/22 19:39:04.0638 5600 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/05/22 19:39:04.0660 5600 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/05/22 19:39:04.0693 5600 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/22 19:39:04.0712 5600 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/22 19:39:04.0775 5600 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/05/22 19:39:04.0824 5600 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/22 19:39:04.0850 5600 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/22 19:39:04.0921 5600 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/22 19:39:04.0963 5600 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/22 19:39:05.0044 5600 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/22 19:39:05.0112 5600 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/22 19:39:05.0131 5600 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/22 19:39:05.0154 5600 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/22 19:39:05.0171 5600 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/22 19:39:05.0200 5600 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/22 19:39:05.0268 5600 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/05/22 19:39:05.0317 5600 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
2011/05/22 19:39:05.0437 5600 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/05/22 19:39:05.0536 5600 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/22 19:39:05.0563 5600 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/22 19:39:05.0622 5600 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/22 19:39:05.0692 5600 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/22 19:39:05.0755 5600 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/22 19:39:05.0779 5600 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/22 19:39:05.0833 5600 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/22 19:39:05.0879 5600 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/05/22 19:39:05.0903 5600 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/22 19:39:05.0964 5600 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/05/22 19:39:06.0023 5600 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/22 19:39:06.0070 5600 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/22 19:39:06.0116 5600 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/22 19:39:06.0142 5600 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/05/22 19:39:06.0169 5600 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/05/22 19:39:06.0203 5600 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/22 19:39:06.0236 5600 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/22 19:39:06.0283 5600 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/05/22 19:39:06.0347 5600 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/22 19:39:06.0372 5600 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/22 19:39:06.0391 5600 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/22 19:39:06.0420 5600 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/22 19:39:06.0459 5600 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/05/22 19:39:06.0531 5600 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/22 19:39:06.0586 5600 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/22 19:39:06.0605 5600 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/22 19:39:06.0707 5600 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/22 19:39:06.0765 5600 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/05/22 19:39:06.0791 5600 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/22 19:39:06.0813 5600 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/22 19:39:06.0860 5600 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/22 19:39:06.0885 5600 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/22 19:39:06.0934 5600 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/05/22 19:39:06.0989 5600 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/22 19:39:07.0040 5600 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/22 19:39:07.0114 5600 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/22 19:39:07.0146 5600 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/22 19:39:07.0182 5600 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/22 19:39:07.0252 5600 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/05/22 19:39:07.0294 5600 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/22 19:39:07.0354 5600 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/05/22 19:39:07.0376 5600 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/05/22 19:39:07.0420 5600 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/05/22 19:39:07.0466 5600 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/05/22 19:39:07.0514 5600 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/22 19:39:07.0545 5600 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/05/22 19:39:07.0570 5600 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/22 19:39:07.0634 5600 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/05/22 19:39:07.0676 5600 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/05/22 19:39:07.0710 5600 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/22 19:39:07.0734 5600 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/22 19:39:07.0764 5600 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/22 19:39:07.0828 5600 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\Windows\system32\DRIVERS\pelmouse.sys
2011/05/22 19:39:07.0876 5600 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\Windows\system32\DRIVERS\pelusblf.sys
2011/05/22 19:39:07.0949 5600 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/22 19:39:08.0017 5600 PRISM_A02 (9da91b46157cc6772137991a6cbbd9d7) C:\Windows\system32\DRIVERS\PRISMA02.sys
2011/05/22 19:39:08.0041 5600 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/22 19:39:08.0079 5600 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/22 19:39:08.0106 5600 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/22 19:39:08.0148 5600 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/22 19:39:08.0200 5600 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/22 19:39:08.0231 5600 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/22 19:39:08.0283 5600 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/22 19:39:08.0317 5600 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/22 19:39:08.0343 5600 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/22 19:39:08.0396 5600 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/22 19:39:08.0422 5600 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/22 19:39:08.0473 5600 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/22 19:39:08.0498 5600 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/22 19:39:08.0543 5600 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/22 19:39:08.0571 5600 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/05/22 19:39:08.0608 5600 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/22 19:39:08.0634 5600 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/22 19:39:08.0687 5600 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/05/22 19:39:08.0738 5600 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/05/22 19:39:08.0764 5600 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/05/22 19:39:08.0851 5600 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/05/22 19:39:08.0913 5600 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/22 19:39:09.0049 5600 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\MSI Afterburner\RTCore32.sys
2011/05/22 19:39:09.0086 5600 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/05/22 19:39:09.0131 5600 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/05/22 19:39:09.0184 5600 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/05/22 19:39:09.0272 5600 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/22 19:39:09.0302 5600 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/22 19:39:09.0343 5600 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/22 19:39:09.0369 5600 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/22 19:39:09.0421 5600 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/22 19:39:09.0467 5600 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/05/22 19:39:09.0491 5600 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/22 19:39:09.0518 5600 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/22 19:39:09.0540 5600 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/22 19:39:09.0603 5600 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/05/22 19:39:09.0656 5600 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/22 19:39:09.0683 5600 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/22 19:39:09.0705 5600 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/22 19:39:09.0740 5600 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/22 19:39:09.0828 5600 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/05/22 19:39:09.0834 5600 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/22 19:39:09.0839 5600 sptd - detected LockedFile.Multi.Generic (1)
2011/05/22 19:39:09.0893 5600 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/05/22 19:39:09.0920 5600 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/22 19:39:09.0944 5600 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/22 19:39:10.0058 5600 ssfmonm (3199c2d24366ee02b279f0a065936703) C:\Windows\system32\DRIVERS\ssfmonm.sys
2011/05/22 19:39:10.0089 5600 sshrmd (44533a8b02355f05015dbeac869c1d91) C:\Windows\system32\DRIVERS\sshrmd.sys
2011/05/22 19:39:10.0167 5600 ssidrv (22ff2bde8b5362b29778de58b3261514) C:\Windows\system32\DRIVERS\ssidrv.sys
2011/05/22 19:39:10.0206 5600 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/22 19:39:10.0270 5600 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/22 19:39:10.0319 5600 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/05/22 19:39:10.0342 5600 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/05/22 19:39:10.0458 5600 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/05/22 19:39:10.0525 5600 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/22 19:39:10.0588 5600 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/22 19:39:10.0636 5600 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/05/22 19:39:10.0664 5600 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/05/22 19:39:10.0717 5600 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/22 19:39:10.0736 5600 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/05/22 19:39:10.0804 5600 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/22 19:39:10.0850 5600 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/22 19:39:10.0922 5600 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/22 19:39:10.0948 5600 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/22 19:39:11.0006 5600 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/22 19:39:11.0082 5600 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/22 19:39:11.0107 5600 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/05/22 19:39:11.0148 5600 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/22 19:39:11.0234 5600 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/22 19:39:11.0296 5600 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/05/22 19:39:11.0345 5600 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/22 19:39:11.0370 5600 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/05/22 19:39:11.0394 5600 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/22 19:39:11.0427 5600 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/22 19:39:11.0469 5600 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/22 19:39:11.0505 5600 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/22 19:39:11.0551 5600 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/22 19:39:11.0599 5600 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/22 19:39:11.0624 5600 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/22 19:39:11.0651 5600 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/22 19:39:11.0688 5600 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/22 19:39:11.0719 5600 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/22 19:39:11.0744 5600 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/22 19:39:11.0787 5600 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/05/22 19:39:11.0811 5600 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/05/22 19:39:11.0836 5600 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/22 19:39:11.0882 5600 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/05/22 19:39:11.0909 5600 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/05/22 19:39:11.0931 5600 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/22 19:39:12.0010 5600 VMUVC (0f0cfdb1ebff88ab998003c65cd79b4b) C:\Windows\system32\Drivers\VMUVC.sys
2011/05/22 19:39:12.0037 5600 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/05/22 19:39:12.0067 5600 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/22 19:39:12.0096 5600 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/05/22 19:39:12.0124 5600 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/22 19:39:12.0191 5600 vvftUVC (d3ee7cc6b0c29083a874db9d890bceb5) C:\Windows\system32\drivers\vvftUVC.sys
2011/05/22 19:39:12.0262 5600 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/22 19:39:12.0304 5600 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/22 19:39:12.0368 5600 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 19:39:12.0381 5600 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 19:39:12.0458 5600 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/22 19:39:12.0487 5600 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/22 19:39:12.0567 5600 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/22 19:39:12.0600 5600 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/22 19:39:12.0673 5600 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/22 19:39:12.0706 5600 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/22 19:39:12.0782 5600 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/22 19:39:12.0862 5600 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/05/22 19:39:12.0929 5600 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/22 19:39:12.0997 5600 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/22 19:39:13.0001 5600 ================================================================================
2011/05/22 19:39:13.0001 5600 Scan finished
2011/05/22 19:39:13.0001 5600 ================================================================================
2011/05/22 19:39:13.0014 5864 Detected object count: 2
2011/05/22 19:39:31.0212 5864 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/22 19:39:31.0224 5864 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/22 19:39:31.0224 5864 \HardDisk0 - ok
2011/05/22 19:39:31.0225 5864 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/22 19:39:52.0795 2960 Deinitialize success

yugao · 2011/05/22

I clicked on a few search links on google and it seems that I am not getting redirected anymore. So maybe this virus is fixed?

broni · 2011/05/22

A rootkit was the main culprit, but we'll keep checking.

For now, I'd like to see, if I can get your start menu folders back.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it.

Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:dir
%Temp%\smtmp
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

yugao · 2011/05/22

There are a few other minor issues now.
1. When I try to start Windows Defender an error msg pops up "The specified service does not exist as an installed service. (Error Code:0x80070424).
2. My ESET GUI does not auto run when windows starts up.
3. My Action center keeps popping up my task bar like it has a security message, but the message never shows up. This stops when I disable Spyware and related protection as well as Virus protection Security messages.
4. Just like the ESET GUI, my Realtek HD Audio Manager is also not running on start up. I have to manually go into my Program Files folder to run these two GUIs.

Heres the SystemLook Log:

SystemLook 04.09.10 by jpshortstuff
Log created at 20:14 on 22/05/2011 by Eddie
Administrator - Elevation successful

========== dir ==========

C:\Users\Eddie\AppData\Local\Temp\smtmp - Unable to find folder.

-= EOF =-

Thanks!

broni · 2011/05/22

Your log tells me, that you ran some temporary file cleaner after Windows Recovery infection.
What happens, Windows Recovery moves your startups, among other stuff to C:\Users\user_name\AppData\Local\Temp\smtmp folder.
Once, you run some temporary file cleaner, that data is gone and it can't be recovered.
You'll have recreate start items manually.

Now, as I said, we'll run few more scans, because a **** like Windows Recovery usually doesn't come alone.
We'll see which of your issues will get fixed.

OK....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log ", save it to your desktop and post in your next reply:

===================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

yugao · 2011/05/22

Ok I understand why my startups and start menu items are gone. I'm not worried about the startmenu items since I know where to find them if I need it, but is there a way to get the start up items working again? It would be a hassle to manually run the GUI at every start up.

Where I disabled ESET antivirus and real time scanner, Combo fix still said that they were on. I took a screen shot of this because I'm not sure why. I ran the Combo Fix anyways and will post the log below.

http://imageshack.us/photo/my-images/594/antivirusdisable.jpg/
This is the link to my screen shot.

Here is the aswMBR Log:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-22 20:28:01
-----------------------------
20:28:01.708 OS Version: Windows 6.1.7601 Service Pack 1
20:28:01.708 Number of processors: 2 586 0x1706
20:28:01.710 ComputerName: EDDIE-PC UserName: Eddie
20:28:20.206 Initialize success
20:28:41.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:28:41.853 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
20:28:43.865 Disk 0 MBR read successfully
20:28:43.867 Disk 0 MBR scan
20:28:43.869 Disk 0 Windows 7 default MBR code
20:28:45.872 Disk 0 scanning sectors +2930274304
20:28:45.898 Disk 0 scanning C:\Windows\system32\drivers
20:28:51.222 Service scanning
20:28:52.254 Disk 0 trace - called modules:
20:28:52.266 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85ba91f8]<<
20:28:52.269 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a24408]
20:28:52.272 3 CLASSPNP.SYS[8c70c59e] -> nt!IofCallDriver -> [0x868d2918]
20:28:52.276 5 ACPI.sys[83f653d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x868d7908]
20:28:52.279 \Driver\atapi[0x868cbef8] -> IRP_MJ_CREATE -> 0x85ba91f8
20:28:52.616 Scan finished successfully
20:29:35.773 Disk 0 MBR has been saved successfully to "C:\Users\Eddie\Desktop\MBR.dat "
20:29:35.786 The log file has been saved successfully to "C:\Users\Eddie\Desktop\aswMBR.txt "

Combo Fix Log:

ComboFix 11-05-21.03 - Eddie 05/22/2011 20:37:17.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3263.2034 [GMT -7:00]
Running from: c:\users\Eddie\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 03:54 . 2011-05-23 03:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 22:53 . 2011-05-22 23:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-22 22:53 . 2011-05-22 23:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-22 08:35 . 2011-05-22 08:35 -------- d-----w- c:\users\Eddie\AppData\Local\Apps
2011-05-22 08:35 . 2011-05-22 08:35 -------- d-----w- c:\users\Eddie\AppData\Local\Deployment
2011-05-22 07:25 . 2011-05-22 07:25 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-20 17:47 . 2011-04-19 01:05 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-05-20 17:47 . 2011-04-19 01:05 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-05-20 17:47 . 2011-04-19 01:05 47120 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-05-20 17:44 . 2011-05-20 17:44 -------- dc----w- c:\programdata\{3C707538-83E3-4DAC-9218-6D79F3B9FEA5}
2011-05-20 17:43 . 2011-05-20 17:43 -------- d-----w- c:\program files\Webroot
2011-05-20 17:43 . 2011-05-22 22:59 -------- d-----w- c:\programdata\Webroot
2011-05-20 17:43 . 2011-05-20 17:43 -------- d-----w- c:\users\Eddie\AppData\Local\PackageAware
2011-05-20 10:24 . 2011-05-20 17:31 -------- d-----w- c:\programdata\STOPzilla!
2011-05-20 04:56 . 2011-05-20 04:56 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2011-05-20 04:56 . 2011-05-20 04:56 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 04:56 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 04:56 . 2011-05-20 04:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 04:56 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 01:23 . 2011-05-20 01:23 0 ----a-w- c:\users\Eddie\AppData\Local\Xxeseqonofaj.bin
2011-05-20 01:23 . 2011-05-20 01:23 -------- d-----w- c:\users\Eddie\AppData\Local\{C3D1E3D5-65A5-4DEA-AF62-8AFD1603BD59}
2011-05-19 17:47 . 2011-05-19 17:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 23:33 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA612A49-ADBF-4E4D-B37A-6DBE2DFDD338}\mpengine.dll
2011-05-11 03:12 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 03:12 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 03:12 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 03:12 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 03:12 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 03:12 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 03:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 03:12 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 03:12 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 00:22 . 2011-05-11 00:22 -------- d-----w- c:\program files\Creative Labs
2011-05-11 00:22 . 1999-07-06 21:13 40960 ----a-w- c:\windows\system32\eax.dll
2011-05-11 00:21 . 2011-05-11 00:22 -------- d-----w- c:\program files\EidosNet
2011-05-11 00:21 . 2011-05-11 00:21 -------- d-----w- c:\program files\Eidos Interactive
2011-05-11 00:21 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-05-07 01:40 . 2011-05-07 01:40 -------- d-----w- c:\program files\iPod
2011-05-07 01:40 . 2011-05-07 01:41 -------- d-----w- c:\program files\iTunes
2011-05-07 01:37 . 2011-05-07 01:37 -------- d-----w- c:\program files\Bonjour
2011-04-28 06:35 . 2011-04-28 07:48 -------- d-----w- c:\program files\Dyyno
2011-04-27 00:44 . 2011-04-27 00:45 -------- d-----w- c:\programdata\Skype Extras
2011-04-27 00:44 . 2011-04-27 00:44 -------- d-----w- c:\program files\Common Files\Skype
2011-04-27 00:44 . 2011-04-27 00:44 -------- d-----r- c:\program files\Skype
2011-04-24 19:29 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-01 05:11 . 2011-04-01 05:11 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-04-01 05:10 . 2011-04-01 05:10 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 05:10 . 2011-04-01 05:10 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 05:09 . 2011-04-01 05:09 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-04-01 05:08 . 2011-04-01 05:08 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 05:08 . 2011-04-01 05:08 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 05:07 . 2011-04-01 05:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 05:07 . 2011-04-01 05:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06 . 2011-04-01 05:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 04:56 . 2011-04-01 04:56 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-11 05:33 . 2011-04-12 22:52 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-04-12 22:52 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 16:21 . 2011-03-09 16:21 7723008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 12:19 . 2011-03-09 12:19 17397248 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-09 11:57 . 2011-03-09 11:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 11:56 . 2010-05-27 17:02 679424 ----a-w- c:\windows\system32\aticfx32.dll
2011-03-09 11:53 . 2011-03-09 11:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 11:53 . 2011-01-27 06:55 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 11:52 . 2011-01-27 06:55 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 11:51 . 2011-03-09 11:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-03-09 11:51 . 2010-05-27 16:58 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-09 11:51 . 2011-03-09 11:51 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-09 11:51 . 2011-03-09 11:51 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 11:51 . 2011-03-09 11:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-09 11:48 . 2010-05-27 16:54 4277760 ----a-w- c:\windows\system32\atidxx32.dll
2011-03-09 11:34 . 2011-03-09 11:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-09 11:34 . 2011-03-09 11:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-09 11:32 . 2011-03-09 11:32 5618688 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-09 11:30 . 2010-05-27 16:37 4294656 ----a-w- c:\windows\system32\atiumdag.dll
2011-03-09 11:18 . 2010-07-07 01:16 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 11:17 . 2011-03-09 11:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 11:17 . 2011-03-09 11:17 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-03-09 11:17 . 2011-03-09 11:17 239616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 11:17 . 2010-05-27 16:24 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-03-09 11:16 . 2010-05-27 16:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-03-09 11:16 . 2011-03-09 11:16 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-03-09 11:16 . 2011-03-09 11:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 11:11 . 2010-07-07 01:24 52736 ----a-w- c:\windows\system32\coinst.dll
2011-03-09 10:42 . 2011-03-09 10:42 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-03-09 10:34 . 2010-05-27 16:31 3471872 ----a-w- c:\windows\system32\atiumdva.dll
2011-03-09 10:18 . 2011-03-09 10:18 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-09 10:18 . 2011-03-09 10:18 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-08 05:28 . 2011-04-12 22:52 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-07 05:33 . 2011-04-12 22:52 981504 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 03:52 . 2011-04-12 22:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-03 05:38 . 2011-04-12 22:52 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36 . 2011-04-12 22:52 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42 . 2011-04-12 22:52 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:38 . 2011-04-12 22:51 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 01:29 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-23 04:48 . 2011-04-12 22:52 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:48 . 2011-04-12 22:52 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:47 . 2011-04-12 22:52 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:47 . 2011-04-12 22:52 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:47 . 2011-04-12 22:52 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:47 . 2011-04-12 22:52 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:47 . 2011-04-12 22:52 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Mouse Suite 98 Daemon "= "ICO.EXE" [2004-07-14 57344]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2009-06-17 55824]
"WebrootTrayApp "= "c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-05-20 1378352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@= "FSFilter System Recovery "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R1 eshcygkv;eshcygkv;c:\windows\system32\drivers\eshcygkv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-19 3595660]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-26 252416]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-27 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-28 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-20 22504]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2011-04-19 47120]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-05-20 3276136]
S3 ALSysIO;ALSysIO;c:\users\Eddie\AppData\Local\Temp\ALSysIO.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [2005-05-25 4608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4275705012-1076300711-2835624944-1000Core.job
- c:\users\Eddie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 08:35]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4275705012-1076300711-2835624944-1000UA.job
- c:\users\Eddie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 08:35]
.
2011-05-22 c:\windows\Tasks\MSIAfterburner.job
- c:\program files\MSI Afterburner\MSIAfterburner.exe [2011-02-15 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL "
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version "=hex:16,94,d9,14,f1,ac,0f,b4,fb,fb,47,a3,db,f3,96,fc,ff,32,c2,28,b5,
23,c0,fe,03,d3,80,df,d6,9d,1f,1e,20,7c,2b,1f,bb,77,91,98,63,c2,ce,22,98,ca,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version "=hex:16,94,d9,14,f1,ac,0f,b4,fb,fb,47,a3,db,f3,96,fc,ff,32,c2,28,b5,
23,c0,fe,03,d3,80,df,d6,9d,1f,1e,20,7c,2b,1f,bb,77,91,98,63,c2,ce,22,98,ca,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-22 20:58:10
ComboFix-quarantined-files.txt 2011-05-23 03:58
ComboFix2.txt 2011-05-23 00:30
.
Pre-Run: 810,405,416,960 bytes free
Post-Run: 810,099,912,704 bytes free
.
- - End Of File - - 083A8E1B2C3DE2E211EFE8D2BAFBF6E8

broni · 2011/05/22

is there a way to get the start up items working again?
Click to expand...

What exact startup items are you referring to?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\users\Eddie\AppData\Local\Xxeseqonofaj.bin
c:\windows\system32\drivers\eshcygkv.sys


Folder::
c:\programdata\STOPzilla!


Driver::
eshcygkv


Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
 "HideSCAHealth "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

yugao · 2011/05/22

I think I figured out how to add startup programs. There is a folder called startup where all the files in there are hidden. If I add shortcuts of the startup programs that i want in there, it should work.

here is the Combofix Log:

ComboFix 11-05-21.03 - Eddie 05/22/2011 21:19:39.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3263.1892 [GMT -7:00]
Running from: c:\users\Eddie\Desktop\ComboFix.exe
Command switches used :: c:\users\Eddie\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Eddie\AppData\Local\Xxeseqonofaj.bin "
"c:\windows\system32\drivers\eshcygkv.sys "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\STOPzilla!
c:\programdata\STOPzilla!\modules_scanned.db
c:\programdata\STOPzilla!\modules_scanned.db.bak
c:\programdata\STOPzilla!\scanner.log
c:\programdata\STOPzilla!\userdata.db
c:\programdata\STOPzilla!\vdb\vb-000.vdb
c:\programdata\STOPzilla!\vdb\vb-001.vdb
c:\programdata\STOPzilla!\vdb\vb-002.vdb
c:\programdata\STOPzilla!\vdb\vb-003.vdb
c:\programdata\STOPzilla!\vdb\vb-004.vdb
c:\programdata\STOPzilla!\vdb\vb-005.vdb
c:\programdata\STOPzilla!\vdb\vb-006.vdb
c:\programdata\STOPzilla!\vdb\vb-007.vdb
c:\programdata\STOPzilla!\vdb\vb-008.vdb
c:\programdata\STOPzilla!\vdb\vb-009.vdb
c:\programdata\STOPzilla!\vdb\vb-010.vdb
c:\programdata\STOPzilla!\vdb\vb-011.vdb
c:\programdata\STOPzilla!\vdb\vb-012.vdb
c:\programdata\STOPzilla!\vdb\vb-013.vdb
c:\programdata\STOPzilla!\vdb\vb-014.vdb
c:\programdata\STOPzilla!\vdb\vb-015.vdb
c:\programdata\STOPzilla!\vdb\vb-016.vdb
c:\programdata\STOPzilla!\vdb\vb-017.vdb
c:\programdata\STOPzilla!\vdb\vb-018.vdb
c:\programdata\STOPzilla!\vdb\vb-019.vdb
c:\programdata\STOPzilla!\vdb\vb-020.vdb
c:\programdata\STOPzilla!\vdb\vb-021.vdb
c:\programdata\STOPzilla!\vdb\vb-022.vdb
c:\programdata\STOPzilla!\vdb\vb-023.vdb
c:\programdata\STOPzilla!\vdb\vb-024.vdb
c:\programdata\STOPzilla!\vdb\vb-025.vdb
c:\programdata\STOPzilla!\vdb\vb-026.vdb
c:\programdata\STOPzilla!\vdb\vb-027.vdb
c:\programdata\STOPzilla!\vdb\vb-028.vdb
c:\programdata\STOPzilla!\vdb\vb-029.vdb
c:\programdata\STOPzilla!\vdb\vb-030.vdb
c:\programdata\STOPzilla!\vdb\vb-031.vdb
c:\programdata\STOPzilla!\vdb\vb-032.vdb
c:\programdata\STOPzilla!\vdb\vb-033.vdb
c:\programdata\STOPzilla!\vdb\vb-034.vdb
c:\programdata\STOPzilla!\vdb\vb-035.vdb
c:\programdata\STOPzilla!\vdb\vb-036.vdb
c:\programdata\STOPzilla!\vdb\vb-037.vdb
c:\programdata\STOPzilla!\vdb\vb-038.vdb
c:\programdata\STOPzilla!\vdb\vb-039.vdb
c:\programdata\STOPzilla!\vdb\vb-040.vdb
c:\programdata\STOPzilla!\vdb\vb-041.vdb
c:\programdata\STOPzilla!\vdb\vb-042.vdb
c:\programdata\STOPzilla!\vdb\vb-043.vdb
c:\programdata\STOPzilla!\vdb\vb-044.vdb
c:\programdata\STOPzilla!\vdb\vb-045.vdb
c:\programdata\STOPzilla!\vdb\vb-046.vdb
c:\programdata\STOPzilla!\vdb\vb-047.vdb
c:\programdata\STOPzilla!\vdb\vb-048.vdb
c:\programdata\STOPzilla!\vdb\vb-049.vdb
c:\programdata\STOPzilla!\vdb\vb-050.vdb
c:\programdata\STOPzilla!\vdb\vb-051.vdb
c:\programdata\STOPzilla!\vdb\vb-052.vdb
c:\programdata\STOPzilla!\vdb\vb-053.vdb
c:\programdata\STOPzilla!\vdb\vb-054.vdb
c:\programdata\STOPzilla!\vdb\vb-055.vdb
c:\programdata\STOPzilla!\vdb\vb-056.vdb
c:\programdata\STOPzilla!\vdb\vb-057.vdb
c:\programdata\STOPzilla!\vdb\vb-058.vdb
c:\programdata\STOPzilla!\vdb\vb-059.vdb
c:\programdata\STOPzilla!\vdb\vb-060.vdb
c:\programdata\STOPzilla!\vdb\vb-061.vdb
c:\programdata\STOPzilla!\vdb\vb-062.vdb
c:\programdata\STOPzilla!\vdb\vb-063.vdb
c:\programdata\STOPzilla!\vdb\vb-064.vdb
c:\programdata\STOPzilla!\vdb\vb-065.vdb
c:\programdata\STOPzilla!\vdb\vb-066.vdb
c:\programdata\STOPzilla!\vdb\vb-067.vdb
c:\programdata\STOPzilla!\vdb\vb-068.vdb
c:\programdata\STOPzilla!\vdb\vb-069.vdb
c:\programdata\STOPzilla!\vdb\vb-070.vdb
c:\programdata\STOPzilla!\vdb\vb-071.vdb
c:\programdata\STOPzilla!\vdb\vb-072.vdb
c:\programdata\STOPzilla!\vdb\vb-073.vdb
c:\programdata\STOPzilla!\vdb\vb-074.vdb
c:\programdata\STOPzilla!\vdb\vb-075.vdb
c:\programdata\STOPzilla!\vdb\vb-076.vdb
c:\programdata\STOPzilla!\vdb\vb-077.vdb
c:\programdata\STOPzilla!\vdb\vb-078.vdb
c:\programdata\STOPzilla!\vdb\vb-079.vdb
c:\programdata\STOPzilla!\vdb\vb-080.vdb
c:\programdata\STOPzilla!\vdb\vb-081.vdb
c:\programdata\STOPzilla!\vdb\vb-082.vdb
c:\programdata\STOPzilla!\vdb\vb-083.vdb
c:\programdata\STOPzilla!\vdb\vb-084.vdb
c:\programdata\STOPzilla!\vdb\vb-085.vdb
c:\programdata\STOPzilla!\vdb\vb-086.vdb
c:\programdata\STOPzilla!\vdb\vb-087.vdb
c:\programdata\STOPzilla!\vdb\vb-088.vdb
c:\programdata\STOPzilla!\vdb\vb-089.vdb
c:\programdata\STOPzilla!\vdb\vb-090.vdb
c:\programdata\STOPzilla!\vdb\vb-091.vdb
c:\programdata\STOPzilla!\vdb\vbcorent.dll
c:\programdata\STOPzilla!\vdb\vdb.xml
c:\programdata\STOPzilla!\vdb\xml_edk.log
c:\programdata\STOPzilla!\zilla5.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_eshcygkv
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 04:35 . 2011-05-23 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 22:53 . 2011-05-22 23:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-22 22:53 . 2011-05-22 23:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-22 08:35 . 2011-05-22 08:35 -------- d-----w- c:\users\Eddie\AppData\Local\Apps
2011-05-22 08:35 . 2011-05-22 08:35 -------- d-----w- c:\users\Eddie\AppData\Local\Deployment
2011-05-22 07:25 . 2011-05-22 07:25 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-20 17:47 . 2011-04-19 01:05 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-05-20 17:47 . 2011-04-19 01:05 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-05-20 17:47 . 2011-04-19 01:05 47120 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-05-20 17:44 . 2011-05-20 17:44 -------- dc----w- c:\programdata\{3C707538-83E3-4DAC-9218-6D79F3B9FEA5}
2011-05-20 17:43 . 2011-05-20 17:43 -------- d-----w- c:\program files\Webroot
2011-05-20 17:43 . 2011-05-22 22:59 -------- d-----w- c:\programdata\Webroot
2011-05-20 17:43 . 2011-05-20 17:43 -------- d-----w- c:\users\Eddie\AppData\Local\PackageAware
2011-05-20 04:56 . 2011-05-20 04:56 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2011-05-20 04:56 . 2011-05-20 04:56 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 04:56 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 04:56 . 2011-05-20 04:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 04:56 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 01:23 . 2011-05-20 01:23 0 ----a-w- c:\users\Eddie\AppData\Local\Xxeseqonofaj.bin
2011-05-20 01:23 . 2011-05-20 01:23 -------- d-----w- c:\users\Eddie\AppData\Local\{C3D1E3D5-65A5-4DEA-AF62-8AFD1603BD59}
2011-05-19 17:47 . 2011-05-19 17:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 23:33 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA612A49-ADBF-4E4D-B37A-6DBE2DFDD338}\mpengine.dll
2011-05-11 03:12 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 03:12 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 03:12 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 03:12 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 03:12 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 03:12 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 03:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 03:12 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 03:12 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 00:22 . 2011-05-11 00:22 -------- d-----w- c:\program files\Creative Labs
2011-05-11 00:22 . 1999-07-06 21:13 40960 ----a-w- c:\windows\system32\eax.dll
2011-05-11 00:21 . 2011-05-11 00:22 -------- d-----w- c:\program files\EidosNet
2011-05-11 00:21 . 2011-05-11 00:21 -------- d-----w- c:\program files\Eidos Interactive
2011-05-11 00:21 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-05-07 01:40 . 2011-05-07 01:40 -------- d-----w- c:\program files\iPod
2011-05-07 01:40 . 2011-05-07 01:41 -------- d-----w- c:\program files\iTunes
2011-05-07 01:37 . 2011-05-07 01:37 -------- d-----w- c:\program files\Bonjour
2011-04-28 06:35 . 2011-04-28 07:48 -------- d-----w- c:\program files\Dyyno
2011-04-27 00:44 . 2011-04-27 00:45 -------- d-----w- c:\programdata\Skype Extras
2011-04-27 00:44 . 2011-04-27 00:44 -------- d-----w- c:\program files\Common Files\Skype
2011-04-27 00:44 . 2011-04-27 00:44 -------- d-----r- c:\program files\Skype
2011-04-24 19:29 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-01 05:11 . 2011-04-01 05:11 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-04-01 05:10 . 2011-04-01 05:10 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 05:10 . 2011-04-01 05:10 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 05:09 . 2011-04-01 05:09 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-04-01 05:08 . 2011-04-01 05:08 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 05:08 . 2011-04-01 05:08 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 05:07 . 2011-04-01 05:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 05:07 . 2011-04-01 05:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06 . 2011-04-01 05:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 04:56 . 2011-04-01 04:56 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-11 05:33 . 2011-04-12 22:52 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-04-12 22:52 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 16:21 . 2011-03-09 16:21 7723008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 12:19 . 2011-03-09 12:19 17397248 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-09 11:57 . 2011-03-09 11:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 11:56 . 2010-05-27 17:02 679424 ----a-w- c:\windows\system32\aticfx32.dll
2011-03-09 11:53 . 2011-03-09 11:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 11:53 . 2011-01-27 06:55 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 11:52 . 2011-01-27 06:55 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 11:51 . 2011-03-09 11:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-03-09 11:51 . 2010-05-27 16:58 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-09 11:51 . 2011-03-09 11:51 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-09 11:51 . 2011-03-09 11:51 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 11:51 . 2011-03-09 11:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-09 11:48 . 2010-05-27 16:54 4277760 ----a-w- c:\windows\system32\atidxx32.dll
2011-03-09 11:34 . 2011-03-09 11:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-09 11:34 . 2011-03-09 11:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-09 11:32 . 2011-03-09 11:32 5618688 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-09 11:30 . 2010-05-27 16:37 4294656 ----a-w- c:\windows\system32\atiumdag.dll
2011-03-09 11:18 . 2010-07-07 01:16 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 11:17 . 2011-03-09 11:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 11:17 . 2011-03-09 11:17 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-03-09 11:17 . 2011-03-09 11:17 239616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 11:17 . 2010-05-27 16:24 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-03-09 11:16 . 2010-05-27 16:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-03-09 11:16 . 2011-03-09 11:16 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-03-09 11:16 . 2011-03-09 11:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 11:11 . 2010-07-07 01:24 52736 ----a-w- c:\windows\system32\coinst.dll
2011-03-09 10:42 . 2011-03-09 10:42 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-03-09 10:34 . 2010-05-27 16:31 3471872 ----a-w- c:\windows\system32\atiumdva.dll
2011-03-09 10:18 . 2011-03-09 10:18 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-09 10:18 . 2011-03-09 10:18 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-08 05:28 . 2011-04-12 22:52 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-07 05:33 . 2011-04-12 22:52 981504 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 03:52 . 2011-04-12 22:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-03 05:38 . 2011-04-12 22:52 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36 . 2011-04-12 22:52 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42 . 2011-04-12 22:52 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:38 . 2011-04-12 22:51 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 01:29 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-23 04:48 . 2011-04-12 22:52 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:48 . 2011-04-12 22:52 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:47 . 2011-04-12 22:52 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:47 . 2011-04-12 22:52 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:47 . 2011-04-12 22:52 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:47 . 2011-04-12 22:52 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:47 . 2011-04-12 22:52 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Mouse Suite 98 Daemon "= "ICO.EXE" [2004-07-14 57344]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2009-06-17 55824]
"WebrootTrayApp "= "c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-05-20 1378352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@= "FSFilter System Recovery "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-19 3595660]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-26 252416]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-27 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-28 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-20 22504]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2011-04-19 47120]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-05-20 3276136]
S3 ALSysIO;ALSysIO;c:\users\Eddie\AppData\Local\Temp\ALSysIO.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [2005-05-25 4608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4275705012-1076300711-2835624944-1000Core.job
- c:\users\Eddie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 08:35]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4275705012-1076300711-2835624944-1000UA.job
- c:\users\Eddie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 08:35]
.
2011-05-22 c:\windows\Tasks\MSIAfterburner.job
- c:\program files\MSI Afterburner\MSIAfterburner.exe [2011-02-15 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL "
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version "=hex:16,94,d9,14,f1,ac,0f,b4,fb,fb,47,a3,db,f3,96,fc,ff,32,c2,28,b5,
23,c0,fe,03,d3,80,df,d6,9d,1f,1e,20,7c,2b,1f,bb,77,91,98,63,c2,ce,22,98,ca,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version "=hex:16,94,d9,14,f1,ac,0f,b4,fb,fb,47,a3,db,f3,96,fc,ff,32,c2,28,b5,
23,c0,fe,03,d3,80,df,d6,9d,1f,1e,20,7c,2b,1f,bb,77,91,98,63,c2,ce,22,98,ca,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\windows\system32\taskhost.exe
c:\program files\Core Temp\Core Temp.exe
c:\windows\system32\conhost.exe
c:\windows\System32\ico.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-05-22 21:44:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-23 04:44
ComboFix2.txt 2011-05-23 03:58
ComboFix3.txt 2011-05-23 00:30
.
Pre-Run: 810,194,210,816 bytes free
Post-Run: 810,151,272,448 bytes free
.
- - End Of File - - A6BE92A24C54811CC6F4123C71BDECAD

broni · 2011/05/22

Looks good

Update me on any current issues.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

yugao · 2011/05/23

Which Antivirus would you recommend me to keep? Webroot Antivirus with Spy Sweeper, or ESET NOD32 Antivirus?

OTL:

OTL logfile created on: 5/22/2011 10:00:00 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Eddie\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.19 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 65.36% Memory free
6.37 Gb Paging File | 5.14 Gb Available in Paging File | 80.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397.26 Gb Total Space | 754.79 Gb Free Space | 54.02% Space Free | Partition Type: NTFS

Computer Name: EDDIE-PC | User Name: Eddie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 21:57:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
PRC - [2011/05/20 10:44:05 | 001,378,352 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/05/20 10:44:03 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/04/18 18:04:44 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/09 04:53:20 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/03/09 04:52:56 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/15 04:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/03 02:13:42 | 000,470,544 | ---- | M] () -- C:\Program Files\Core Temp\Core Temp.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/07/28 18:23:14 | 001,493,608 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009/07/21 09:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint II\SetPointII.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2004/07/14 15:36:54 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2003/11/06 15:51:32 | 000,020,480 | ---- | M] () -- C:\Windows\System32\FSRremoS.EXE

========== Modules (SafeList) ==========

MOD - [2011/05/22 21:57:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/20 10:44:03 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/09 04:52:56 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/26 23:28:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/26 17:33:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/19 12:59:00 | 003,595,660 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)
DRV - [2011/04/18 18:05:08 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/04/18 18:05:06 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2011/04/18 18:05:04 | 000,047,120 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2011/03/31 22:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2011/03/31 22:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/03/09 09:21:36 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/03/09 09:21:36 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/03/09 04:17:26 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/01/19 18:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/05/06 02:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/27 20:12:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/04 02:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/17 09:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/05/14 15:49:34 | 000,093,312 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/04/29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2005/05/24 20:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\MSI Afterburner\RTCore32.sys -- (RTCore32)
DRV - [2004/05/20 14:00:00 | 000,381,248 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PRISMA02.sys -- (PRISM_A02)
DRV - [2003/02/11 13:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 13:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4275705012-1076300711-2835624944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4275705012-1076300711-2835624944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4275705012-1076300711-2835624944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 4A 33 10 31 15 CC 01 [binary data]
IE - HKU\S-1-5-21-4275705012-1076300711-2835624944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4275705012-1076300711-2835624944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{C3D1E3D5-65A5-4DEA-AF62-8AFD1603BD59}: C:\Users\Eddie\AppData\Local\{C3D1E3D5-65A5-4DEA-AF62-8AFD1603BD59} [2011/05/19 18:23:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/26 07:01:37 | 000,000,000 | ---D | M]

[2011/05/22 01:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\3ypj7frj.default\extensions
[2011/05/22 01:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\3ypj7frj.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/05/22 01:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\3ypj7frj.default\extensions\foxmarks@kei.com
[2011/05/22 01:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 03:41:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 18:57:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 02:03:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/16 11:31:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/22 21:37:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4275705012-1076300711-2835624944-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKU\S-1-5-21-4275705012-1076300711-2835624944-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4275705012-1076300711-2835624944-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4275705012-1076300711-2835624944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4275705012-1076300711-2835624944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Security Packages - (ce) - File not found
O30 - LSA: Security Packages - (V1) - File not found
O30 - LSA: Security Packages - (㺫ᦼ晏楦散㈱) - File not found
O30 - LSA: Security Packages - (>뻯㱻㈏㺫ᦼ*) - File not found
O30 - LSA: Security Packages - (쎒) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.RTV1 - C:\Windows\System32\rtvcvfw32.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 21:57:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/05/22 21:37:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/22 21:35:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/22 21:16:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/22 20:27:44 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/05/22 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\tdsskiller
[2011/05/22 18:29:54 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Eddie\Desktop\dds.scr
[2011/05/22 15:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/22 15:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/22 15:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/22 15:48:30 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\backups
[2011/05/22 15:45:36 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Eddie\Desktop\HijackThis.exe
[2011/05/22 02:09:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/22 02:09:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/22 02:09:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/22 02:09:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/22 02:08:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/22 01:37:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/05/22 01:35:40 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\Apps
[2011/05/22 01:35:39 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\Deployment
[2011/05/22 00:25:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011/05/20 10:47:28 | 000,182,056 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\System32\drivers\ssidrv.sys
[2011/05/20 10:47:28 | 000,047,120 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\System32\drivers\ssfmonm.sys
[2011/05/20 10:47:28 | 000,024,496 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\System32\drivers\sshrmd.sys
[2011/05/20 10:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2011/05/20 10:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C707538-83E3-4DAC-9218-6D79F3B9FEA5}
[2011/05/20 10:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/05/20 10:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/05/20 10:43:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\PackageAware
[2011/05/20 10:41:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\Webroot Spy Sweeper + serial for 2020 days!
[2011/05/19 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Roaming\Malwarebytes
[2011/05/19 21:56:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/19 21:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/19 21:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/19 21:56:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/19 21:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/19 18:23:40 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C3D1E3D5-65A5-4DEA-AF62-8AFD1603BD59}
[2011/05/14 15:13:34 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\Drive.Angry.DVDRip.XviD-DEFACED
[2011/05/12 17:20:14 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\Grey's Anatomy Season 7
[2011/05/10 17:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Labs
[2011/05/10 17:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive
[2011/05/10 17:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\EidosNet
[2011/05/10 17:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos Interactive
[2011/05/06 18:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/06 18:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/06 18:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/06 18:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/02 03:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/01 16:54:16 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\13.Assassins.2010.RERip.XviD.AC3-ViSiON
[2011/04/27 23:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Dyyno
[2011/04/26 20:59:20 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\pd-0.43-0.msw
[2011/04/26 17:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/04/26 17:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/04/26 17:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/04/26 17:44:13 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 22:01:12 | 000,017,360 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 22:01:12 | 000,017,360 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 21:57:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/05/22 21:56:17 | 000,001,506 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RtHDVBg - Shortcut.lnk
[2011/05/22 21:53:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/22 21:53:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/05/22 21:53:44 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 21:49:29 | 000,001,506 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII - Shortcut.lnk
[2011/05/22 21:48:51 | 000,001,489 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\egui - Shortcut.lnk
[2011/05/22 21:41:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275705012-1076300711-2835624944-1000UA.job
[2011/05/22 21:37:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/22 20:35:41 | 000,677,980 | ---- | M] () -- C:\Users\Eddie\Desktop\Antivirus disable.jpg
[2011/05/22 20:30:06 | 004,352,705 | R--- | M] () -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/05/22 20:29:35 | 000,000,512 | ---- | M] () -- C:\Users\Eddie\Desktop\MBR.dat
[2011/05/22 20:27:49 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/05/22 20:14:06 | 000,075,264 | ---- | M] () -- C:\Users\Eddie\Desktop\SystemLook.exe
[2011/05/22 19:23:20 | 001,280,208 | ---- | M] () -- C:\Users\Eddie\Desktop\tdsskiller.zip
[2011/05/22 18:29:58 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Eddie\Desktop\dds.scr
[2011/05/22 18:29:16 | 000,080,384 | ---- | M] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/05/22 18:00:10 | 000,302,080 | ---- | M] () -- C:\Users\Eddie\Desktop\8wd4j15w.exe
[2011/05/22 15:45:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Eddie\Desktop\HijackThis.exe
[2011/05/22 03:38:18 | 000,673,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/22 03:38:18 | 000,124,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/22 03:01:05 | 448,453,849 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/22 02:36:06 | 000,000,735 | ---- | M] () -- C:\Users\Eddie\Desktop\ComboFix - Shortcut.lnk
[2011/05/22 01:41:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275705012-1076300711-2835624944-1000Core.job
[2011/05/21 21:41:11 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\MSIAfterburner.job
[2011/05/20 10:47:57 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110522-160239.backup
[2011/05/20 10:44:14 | 000,002,245 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2011/05/20 10:43:15 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2011/05/20 10:30:41 | 000,007,088 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/20 00:07:15 | 000,606,104 | ---- | M] () -- C:\Users\Eddie\Desktop\unhide.exe
[2011/05/19 23:47:42 | 000,012,340 | -HS- | M] () -- C:\Users\Eddie\AppData\Local\3wi85bql8bp08d3y5
[2011/05/19 23:47:42 | 000,012,340 | -HS- | M] () -- C:\ProgramData\3wi85bql8bp08d3y5
[2011/05/19 21:56:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 21:47:14 | 000,000,120 | ---- | M] () -- C:\Users\Eddie\AppData\Local\Nlumesum.dat
[2011/05/19 18:23:41 | 000,000,000 | ---- | M] () -- C:\Users\Eddie\AppData\Local\Xxeseqonofaj.bin
[2011/05/18 00:19:54 | 000,000,233 | ---- | M] () -- C:\Users\Eddie\.jupload.properties
[2011/04/26 20:59:49 | 000,000,739 | ---- | M] () -- C:\Users\Eddie\Desktop\pd - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 21:56:17 | 000,001,506 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RtHDVBg - Shortcut.lnk
[2011/05/22 21:49:29 | 000,001,506 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII - Shortcut.lnk
[2011/05/22 21:48:50 | 000,001,489 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\egui - Shortcut.lnk
[2011/05/22 20:35:41 | 000,677,980 | ---- | C] () -- C:\Users\Eddie\Desktop\Antivirus disable.jpg
[2011/05/22 20:29:46 | 004,352,705 | R--- | C] () -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/05/22 20:29:35 | 000,000,512 | ---- | C] () -- C:\Users\Eddie\Desktop\MBR.dat
[2011/05/22 20:14:04 | 000,075,264 | ---- | C] () -- C:\Users\Eddie\Desktop\SystemLook.exe
[2011/05/22 19:22:54 | 001,280,208 | ---- | C] () -- C:\Users\Eddie\Desktop\tdsskiller.zip
[2011/05/22 18:29:15 | 000,080,384 | ---- | C] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/05/22 18:00:06 | 000,302,080 | ---- | C] () -- C:\Users\Eddie\Desktop\8wd4j15w.exe
[2011/05/22 02:36:06 | 000,000,735 | ---- | C] () -- C:\Users\Eddie\Desktop\ComboFix - Shortcut.lnk
[2011/05/22 02:34:30 | 448,453,849 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/22 02:09:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/22 02:09:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/22 02:09:52 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/22 02:09:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/22 02:09:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/22 01:36:10 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275705012-1076300711-2835624944-1000UA.job
[2011/05/22 01:36:05 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275705012-1076300711-2835624944-1000Core.job
[2011/05/21 21:41:11 | 000,000,264 | ---- | C] () -- C:\Windows\tasks\MSIAfterburner.job
[2011/05/20 10:47:29 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2011/05/20 10:47:29 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2011/05/20 10:44:14 | 000,002,245 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2011/05/20 10:43:15 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2011/05/20 03:30:15 | 000,007,088 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/20 00:07:12 | 000,606,104 | ---- | C] () -- C:\Users\Eddie\Desktop\unhide.exe
[2011/05/19 21:56:19 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 18:59:22 | 000,012,340 | -HS- | C] () -- C:\Users\Eddie\AppData\Local\3wi85bql8bp08d3y5
[2011/05/19 18:50:00 | 000,012,340 | -HS- | C] () -- C:\ProgramData\3wi85bql8bp08d3y5
[2011/05/19 18:23:41 | 000,000,120 | ---- | C] () -- C:\Users\Eddie\AppData\Local\Nlumesum.dat
[2011/05/19 18:23:41 | 000,000,000 | ---- | C] () -- C:\Users\Eddie\AppData\Local\Xxeseqonofaj.bin
[2011/05/18 00:19:06 | 000,000,233 | ---- | C] () -- C:\Users\Eddie\.jupload.properties
[2011/04/26 20:59:49 | 000,000,739 | ---- | C] () -- C:\Users\Eddie\Desktop\pd - Shortcut.lnk
[2011/03/31 22:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/03/31 22:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/03/31 22:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/03/31 21:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/10 22:56:05 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2011/03/09 04:16:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/02/23 18:20:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/23 18:18:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/01 22:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/13 03:03:20 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/09/26 22:18:22 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/23 04:32:23 | 000,000,565 | ---- | C] () -- C:\Users\Eddie\AppData\Roaming\MPQEditor.ini
[2010/05/31 18:25:59 | 000,000,886 | ---- | C] () -- C:\Program Files\InstallRecord.blob
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/04/25 17:16:55 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/04/25 17:16:55 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/04/25 17:16:55 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/04/25 17:16:55 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/04/25 17:16:55 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/04/25 17:16:55 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/03/31 23:25:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2010/03/31 23:25:04 | 000,020,480 | ---- | C] () -- C:\Windows\System32\FSRremoS.EXE
[2010/03/27 00:46:48 | 000,007,602 | ---- | C] () -- C:\Users\Eddie\AppData\Local\Resmon.ResmonCfg
[2010/03/27 00:26:44 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/03/26 07:00:51 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/03/26 07:00:51 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/03/26 06:56:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/26 04:50:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 002,345,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,673,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,124,802 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/03/26 23:15:19 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\DAEMON Tools Lite
[2010/04/16 02:06:47 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\FOG Downloader
[2010/04/14 01:41:35 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\ijjigame
[2010/03/26 05:59:46 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\ImgBurn
[2011/04/01 19:11:50 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Leadertech
[2011/03/10 14:02:10 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\RIFT
[2011/05/22 19:23:19 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\uTorrent
[2011/05/21 21:41:11 | 000,000,264 | ---- | M] () -- C:\Windows\Tasks\MSIAfterburner.job
[2011/05/21 21:17:56 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/31 02:30:46 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 05:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/03/26 05:48:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/05/22 21:44:58 | 000,023,150 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/03 02:08:16 | 000,000,069 | ---- | M] () -- C:\DozoTrainer.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/03/26 05:50:31 | 000,203,836 | RHS- | M] () -- C:\grldr
[2011/05/22 21:53:44 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/01/12 22:31:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/12 22:31:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/22 21:53:44 | 3421,822,976 | -HS- | M] () -- C:\pagefile.sys
[2011/05/19 21:53:34 | 000,000,495 | ---- | M] () -- C:\rkill.log
[2011/05/22 19:39:52 | 000,071,486 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_22.05.2011_19.38.49_log.txt
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/03/26 05:50:31 | 000,000,000 | RHS- | M] () -- C:\winx.ld

< %systemroot%\Fonts\*.com >
[2009/07/13 21:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 18:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/13 18:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2010/11/20 05:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2010/05/31 18:29:23 | 000,000,886 | ---- | M] () -- C:\Program Files\InstallRecord.blob

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/26 05:02:20 | 000,000,221 | -HS- | M] () -- C:\Users\Eddie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/05/22 18:00:10 | 000,302,080 | ---- | M] () -- C:\Users\Eddie\Desktop\8wd4j15w.exe
[2011/05/22 20:27:49 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/05/22 20:30:06 | 004,352,705 | R--- | M] () -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/05/22 15:45:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Eddie\Desktop\HijackThis.exe
[2011/05/22 18:29:16 | 000,080,384 | ---- | M] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/05/21 16:41:04 | 067,579,280 | ---- | M] (Microsoft Corporation) -- C:\Users\Eddie\Desktop\msert.exe
[2011/05/22 21:57:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/05/22 20:14:06 | 000,075,264 | ---- | M] () -- C:\Users\Eddie\Desktop\SystemLook.exe
[2011/05/20 00:07:15 | 000,606,104 | ---- | M] () -- C:\Users\Eddie\Desktop\unhide.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/02/23 20:55:14 | 000,000,402 | -HS- | M] () -- C:\Users\Eddie\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/05/19 23:47:42 | 000,012,340 | -HS- | M] () -- C:\ProgramData\3wi85bql8bp08d3y5

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP06A4C76

< End of report >

yugao · 2011/05/23

Extras:

OTL Extras logfile created on: 5/22/2011 10:00:00 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Eddie\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.19 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 65.36% Memory free
6.37 Gb Paging File | 5.14 Gb Available in Paging File | 80.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397.26 Gb Total Space | 754.79 Gb Free Space | 54.02% Space Free | Partition Type: NTFS

Computer Name: EDDIE-PC | User Name: Eddie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4275705012-1076300711-2835624944-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31ECA0DA-4EE0-8C1E-484A-C304BAA9179A}" = Catalyst Control Center Graphics Previews Common
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3878A9A3-2448-7607-01EA-0DB9E31B7242}" = Catalyst Control Center Graphics Previews Vista
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39DB116F-E088-486F-B13C-8925ECE7A6E5}" = 3D Sound Back Beta0.1
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera
"{71D5559C-85E5-5206-3B1C-A8A9DDDE4AC9}" = AMD Drag and Drop Transcoding
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{75670A63-A18E-5066-0A78-93F6865BA3AA}" = ccc-core-static
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{845FDC75-F31E-A75A-4300-593CAB195847}" = ccc-utility
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{91140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94FB5B63-A65F-7E5D-560D-A79FB29EA52F}" = Catalyst Control Center InstallProxy
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9699C9AA-8990-904D-FD1B-D931E437434D}" = CCC Help English
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, FranÃ§ais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_944" = Adobe Acrobat 9.4.4 - CPSID_83708
"{ACFB6965-D714-3786-6B50-58E21223CB96}" = ATI AVIVO Codecs
"{AD33AF2C-6485-4106-B012-1D9CDC88A454}" = MySQL Server 5.1
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E937F8DA-8C7F-ADFE-7EA5-7C1CAAB23C05}" = HydraVision
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17BDA6E-D4B2-4CBE-B138-1CE3C8068525}" = Aion
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Afterburner" = MSI Afterburner 2.1.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ImgBurn" = ImgBurn
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"LogonStudio Vista" = LogonStudio Vista
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MouseSuite98" = Mouse Suite
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"nbi-tomcat-6.0.20.0.0" = Apache Tomcat 6.0.20
"Office14.STANDARDR" = Microsoft Office Standard 2010
"Postal 2_is1" = Portal 2
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.9
"Webroot Software" = Webroot Software
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4275705012-1076300711-2835624944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

yugao · 2011/05/23

There is also this issue.

When I try to start Windows Defender an error msg pops up "The specified service does not exist as an installed service. (Error Code:0x80070424).

broni · 2011/05/23

Which Antivirus would you recommend me to keep? Webroot Antivirus with Spy Sweeper, or ESET NOD32 Antivirus?
Click to expand...

I'd probably prefer Eset, but in any case, you have to uninstall one of them now.
You can't be running two AV programs.

You didn't say what the current issues are.
I'd like to know before I review your OTL logs.

yugao · 2011/05/23

Ok I uninstalled Webroot AV.

The only issue left is when I try to start Windows Defender an error msg pops up "The specified service does not exist as an installed service. (Error Code:0x80070424).

I believe everything else is working as expected.

Thanks!

broni · 2011/05/23

Good

I wouldn't worry about Windows Defender a bit.
It's totally worthless program and you'd do better by disabling it altogether.

Now, it's my bed time, so I'll take a look at your OTL logs tomorrow after work, but you should be in pretty good shape by now.

Good Night

Log in or Sign up

Solved Windows 7 Google Redirect

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

yugao Inactive Thread Starter

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Windows 7 Google Redirect

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

yugao Inactive Thread Starter

yugao Inactive Thread Starter

broni Moderator Malware Analyst

yugao Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches