Trojan:Win32/Alureon.EP removal help please

by Cheungman on Sat 21 May 2011, 5:37 am

Hi this virus became known to me yesterday and on microsoft security essentials it says in history that it was allowed. Now when i'm running the scans they pick up other trojans but not this one. I followed another thread on this exact problem but I wanted help straight from someone. Ill post the OTL logs. Also at the same time my Catalyst control center's host application wont work. I dont know if its correlated or not but it happened on the same day of the virus infection.

Thanks in advance.

by Cheungman on Sat 21 May 2011, 5:38 am

OTL logfile created on: 5/20/2011 2:33:28 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ron\Desktop\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 358.94 Gb Free Space | 77.08% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 14:32:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\Downloads\OTL.exe
PRC - [2011/05/06 13:15:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/06 19:50:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (SafeList) ==========

MOD - [2011/05/20 14:32:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\Downloads\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/19 22:18:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/04/19 22:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/30 22:47:51 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/06 19:50:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/10 20:42:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/19 22:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/19 21:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/30 14:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/07/25 18:36:50 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/09 06:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/20 23:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/28 03:04:38 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/16 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/07 16:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/08/16 13:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.53.2

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/06 13:15:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/06 13:15:11 | 000,000,000 | ---D | M]

[2010/07/20 15:12:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Extensions
[2011/05/20 01:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\hm5l1lc5.default\extensions
[2011/05/20 01:30:38 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\hm5l1lc5.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/05/20 01:30:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\hm5l1lc5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/20 01:30:38 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\hm5l1lc5.default\extensions\battlefieldplay4free@ea.com
[2010/11/12 11:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/16 12:21:12 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/22 10:42:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/22 20:35:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 11:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/06 13:15:08 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll
[2011/05/06 13:15:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 22:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 18:22:16 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{1af1d8e9-9849-11df-a487-485b3939b2e2}\Shell - "" = AutoRun
O33 - MountPoints2\{1af1d8e9-9849-11df-a487-485b3939b2e2}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{20e8cf19-e119-11df-9c00-485b3939b2e2}\Shell - "" = AutoRun
O33 - MountPoints2\{20e8cf19-e119-11df-9c00-485b3939b2e2}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{afc10d60-6b8f-11df-82c7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{afc10d60-6b8f-11df-82c7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/29 22:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{f4c42235-a67f-11df-857d-485b3939b2e2}\Shell - "" = AutoRun
O33 - MountPoints2\{f4c42235-a67f-11df-857d-485b3939b2e2}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 11:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/05/20 10:58:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/20 10:58:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/20 10:58:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/20 10:58:29 | 000,000,000 | --SD | C] -- C:\commy
[2011/05/20 10:58:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/20 10:58:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/20 10:57:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/20 10:57:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/20 08:41:03 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Malwarebytes
[2011/05/20 08:40:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/20 08:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/20 08:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/20 08:40:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/20 08:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/20 01:15:45 | 000,000,000 | -H-D | C] -- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/14 01:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/14 01:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/05/14 01:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/05/11 13:46:28 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/05/11 13:46:27 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/11 13:46:27 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/04/30 03:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/04/22 18:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/20 11:22:59 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/20 11:22:59 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/20 11:03:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/20 11:03:38 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/20 08:40:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 01:18:05 | 000,000,392 | ---- | M] () -- C:\ProgramData\37412600
[2011/05/20 01:15:52 | 000,000,136 | ---- | M] () -- C:\ProgramData\~37412600r
[2011/05/20 01:15:52 | 000,000,112 | ---- | M] () -- C:\ProgramData\~37412600
[2011/05/14 12:18:15 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/14 12:18:15 | 000,617,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/14 12:18:15 | 000,104,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/06 13:15:30 | 000,002,056 | ---- | M] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/22 19:09:53 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 10:58:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/20 10:58:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/20 10:58:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/20 10:58:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/20 10:58:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/20 08:40:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 01:15:52 | 000,000,136 | ---- | C] () -- C:\ProgramData\~37412600r
[2011/05/20 01:15:52 | 000,000,112 | ---- | C] () -- C:\ProgramData\~37412600
[2011/05/20 01:15:36 | 000,000,392 | ---- | C] () -- C:\ProgramData\37412600
[2011/05/06 13:15:12 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/06 19:50:28 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/06 19:50:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/25 15:55:39 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/16 12:23:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/22 10:41:30 | 000,000,000 | -H-- | C] () -- C:\Users\Ron\AppData\Local\prvlcl.dat
[2010/07/20 16:50:35 | 000,037,796 | ---- | C] () -- C:\Windows\scunin.dat
[2010/05/29 22:22:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/29 22:14:54 | 000,034,820 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/05/29 22:13:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/05/29 22:13:54 | 000,028,386 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/03 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 5/20/2011 2:33:28 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ron\Desktop\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 358.94 Gb Free Space | 77.08% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ABF311C-6AA8-B234-196A-6DEE5A43E34A}" = ccc-utility64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4044201A-8576-2999-1166-96C5593F3CFF}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{82ED9FB2-55AF-4A61-A6F3-506CEE112779}" = Motorola Mobile Drivers Installation 4.7.1
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8F790958-2107-48F2-88E0-B352A0C225AB}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AD569236-7D43-BB31-BC99-E51E2DD85328}" = AMD Fuel
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{D87047B9-BBC5-9941-00B4-719B9E56CACC}" = ATI AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F757A09E-71FB-B75D-20B1-B3E27CD8DEA1}" = WMV9/VC-1 Video Playback
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28FA3609-B6E2-4BCA-B089-F5122AC417C5}" = Belkin N Wireless USB Adapter Setup
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{418D5410-7A7B-315F-0CF9-A76BC6C131DC}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{6201BACA-81B5-8AB0-3B93-0F76BB6F4389}" = CCC Help English
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{720E93BE-744E-225B-786F-227C2677352F}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBB7F293-12A9-821C-9409-013CD8E824EC}" = Application Profiles
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E975F19C-C852-5DF8-BC76-E88359CB82DF}" = AMD VISION Engine Control Center
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Applian FLV Player2.0.25" = Applian FLV Player
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BitLord" = BitLord 1.1
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DjVuLibre+DjView" = DjVuLibre+DjView
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 9.9" = FL Studio 9.9
"GoldWave v5.55" = GoldWave v5.55
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 20" = Team Fortress Classic
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 34330" = Total War: SHOGUN 2
"VLC media player" = VLC media player 1.1.2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

by Cheungman on Sun 22 May 2011, 4:30 pm

bump, please i'd like some help

by Cheungman on Wed 25 May 2011, 12:33 pm

Could someone please help, I need to be able to secure my pc and I can't do it myself.

by Cheungman on Sat 28 May 2011, 2:52 am

by **Belahzur** on Tue 31 May 2011, 7:10 am

Hello.
Did you run aswMBR?

by Cheungman on Thu 02 Jun 2011, 3:17 am

No I haven't, I will try to find it.

by **Belahzur** on Thu 02 Jun 2011, 9:27 am

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

by Cheungman on Sun 05 Jun 2011, 1:59 pm

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-04 22:58:41
-----------------------------
22:58:41.992 OS Version: Windows x64 6.1.7600
22:58:41.992 Number of processors: 2 586 0x602
22:58:41.992 ComputerName: RON-PC UserName: Ron
22:58:43.458 Initialize success
22:58:44.784 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:58:44.784 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA39C Size: 476940MB BusType: 3
22:58:46.797 Disk 0 MBR read successfully
22:58:46.797 Disk 0 MBR scan
22:58:46.797 Disk 0 Windows 7 default MBR code
22:58:46.812 Service scanning
22:58:47.779 Disk 0 trace - called modules:
22:58:47.826 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80046b22c0]<<
22:58:47.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049a0060]
22:58:47.842 3 CLASSPNP.SYS[fffff880013ab43f] -> nt!IofCallDriver -> [0xfffffa8004936e40]
22:58:47.857 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004919060]
22:58:47.857 \Driver\atapi[0xfffffa8004745850] -> IRP_MJ_CREATE -> 0xfffffa80046b22c0
22:58:47.873 Scan finished successfully
22:58:58.497 Disk 0 MBR has been saved successfully to "C:\Users\Ron\Desktop\MBR.dat"
22:58:58.528 The log file has been saved successfully to "C:\Users\Ron\Desktop\aswMBR.txt"

by **Belahzur** on Mon 06 Jun 2011, 1:06 am

Hello.

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

by Cheungman on Mon 06 Jun 2011, 2:39 am

2011/06/05 11:37:10.0481 3864 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 11:37:10.0859 3864 ================================================================================
2011/06/05 11:37:10.0859 3864 SystemInfo:
2011/06/05 11:37:10.0859 3864
2011/06/05 11:37:10.0860 3864 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/05 11:37:10.0860 3864 Product type: Workstation
2011/06/05 11:37:10.0860 3864 ComputerName: RON-PC
2011/06/05 11:37:10.0861 3864 UserName: Ron
2011/06/05 11:37:10.0861 3864 Windows directory: C:\Windows
2011/06/05 11:37:10.0861 3864 System windows directory: C:\Windows
2011/06/05 11:37:10.0861 3864 Running under WOW64
2011/06/05 11:37:10.0861 3864 Processor architecture: Intel x64
2011/06/05 11:37:10.0861 3864 Number of processors: 2
2011/06/05 11:37:10.0861 3864 Page size: 0x1000
2011/06/05 11:37:10.0861 3864 Boot type: Normal boot
2011/06/05 11:37:10.0861 3864 ================================================================================
2011/06/05 11:37:12.0726 3864 Initialize success
2011/06/05 11:37:15.0152 0860 ================================================================================
2011/06/05 11:37:15.0152 0860 Scan started
2011/06/05 11:37:15.0152 0860 Mode: Manual;
2011/06/05 11:37:15.0152 0860 ================================================================================
2011/06/05 11:37:15.0805 0860 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/05 11:37:15.0852 0860 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/05 11:37:15.0934 0860 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/05 11:37:16.0039 0860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/05 11:37:16.0136 0860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/05 11:37:16.0192 0860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/05 11:37:16.0300 0860 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/05 11:37:16.0335 0860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/05 11:37:16.0405 0860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/05 11:37:16.0544 0860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/05 11:37:16.0595 0860 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/06/05 11:37:16.0679 0860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/05 11:37:17.0113 0860 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/05 11:37:17.0348 0860 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/05 11:37:17.0442 0860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/05 11:37:17.0515 0860 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/05 11:37:17.0550 0860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/05 11:37:17.0592 0860 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/05 11:37:17.0635 0860 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/05 11:37:17.0737 0860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/05 11:37:17.0767 0860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/05 11:37:17.0804 0860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 11:37:17.0880 0860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/05 11:37:18.0013 0860 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
2011/06/05 11:37:18.0052 0860 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/05 11:37:18.0137 0860 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/05 11:37:18.0260 0860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/05 11:37:18.0314 0860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/05 11:37:18.0406 0860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/05 11:37:18.0520 0860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/05 11:37:18.0635 0860 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 11:37:18.0672 0860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/05 11:37:18.0726 0860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/05 11:37:18.0752 0860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/05 11:37:18.0769 0860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/05 11:37:18.0782 0860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/05 11:37:18.0796 0860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/05 11:37:18.0823 0860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/05 11:37:18.0863 0860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 11:37:18.0948 0860 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 11:37:19.0001 0860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/05 11:37:19.0073 0860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/05 11:37:19.0144 0860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/05 11:37:19.0195 0860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/05 11:37:19.0227 0860 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/05 11:37:19.0242 0860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/05 11:37:19.0288 0860 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/05 11:37:19.0345 0860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/05 11:37:19.0429 0860 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 11:37:19.0484 0860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/05 11:37:19.0536 0860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/05 11:37:19.0618 0860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 11:37:19.0731 0860 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 11:37:19.0836 0860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/05 11:37:19.0965 0860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/05 11:37:19.0982 0860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/05 11:37:20.0024 0860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/05 11:37:20.0102 0860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 11:37:20.0134 0860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 11:37:20.0222 0860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 11:37:20.0252 0860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 11:37:20.0346 0860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 11:37:20.0390 0860 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 11:37:20.0477 0860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/05 11:37:20.0512 0860 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 11:37:20.0591 0860 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/05 11:37:20.0650 0860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/05 11:37:20.0726 0860 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/05 11:37:20.0779 0860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/05 11:37:20.0858 0860 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/05 11:37:20.0923 0860 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 11:37:20.0978 0860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/05 11:37:20.0994 0860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/05 11:37:21.0011 0860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/05 11:37:21.0078 0860 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 11:37:21.0159 0860 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/05 11:37:21.0220 0860 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 11:37:21.0288 0860 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/05 11:37:21.0350 0860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/05 11:37:21.0410 0860 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/05 11:37:21.0445 0860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/05 11:37:21.0472 0860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/05 11:37:21.0494 0860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 11:37:21.0512 0860 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 11:37:21.0552 0860 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/05 11:37:21.0588 0860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/05 11:37:21.0660 0860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/05 11:37:21.0720 0860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/05 11:37:21.0785 0860 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/05 11:37:21.0844 0860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/05 11:37:21.0916 0860 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/05 11:37:21.0956 0860 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/05 11:37:22.0024 0860 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/05 11:37:22.0113 0860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/05 11:37:22.0202 0860 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/06/05 11:37:22.0326 0860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/05 11:37:22.0383 0860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/05 11:37:22.0441 0860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/05 11:37:22.0476 0860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/05 11:37:22.0498 0860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/05 11:37:22.0531 0860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/05 11:37:22.0606 0860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/05 11:37:22.0637 0860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/05 11:37:22.0778 0860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/05 11:37:22.0815 0860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/05 11:37:22.0947 0860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/05 11:37:22.0995 0860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/05 11:37:23.0079 0860 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/05 11:37:23.0227 0860 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/05 11:37:23.0268 0860 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/05 11:37:23.0369 0860 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/05 11:37:23.0407 0860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/05 11:37:23.0481 0860 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/05 11:37:23.0546 0860 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/05 11:37:23.0612 0860 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/05 11:37:23.0646 0860 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/05 11:37:23.0676 0860 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/05 11:37:23.0730 0860 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/05 11:37:23.0788 0860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/05 11:37:23.0806 0860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/05 11:37:23.0826 0860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/05 11:37:23.0904 0860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/05 11:37:24.0015 0860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/05 11:37:24.0049 0860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/05 11:37:24.0080 0860 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/05 11:37:24.0161 0860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/05 11:37:24.0198 0860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/05 11:37:24.0273 0860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/05 11:37:24.0325 0860 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/06/05 11:37:24.0418 0860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/05 11:37:24.0492 0860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/05 11:37:24.0571 0860 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/05 11:37:24.0652 0860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/05 11:37:24.0715 0860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/05 11:37:24.0777 0860 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/05 11:37:24.0801 0860 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/05 11:37:24.0839 0860 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/05 11:37:24.0906 0860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/05 11:37:24.0943 0860 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/05 11:37:25.0049 0860 netr28ux (c553716f6f7bca3444cee52dfb7c9016) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/06/05 11:37:25.0121 0860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/05 11:37:25.0220 0860 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/05 11:37:25.0356 0860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/05 11:37:25.0387 0860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/05 11:37:25.0427 0860 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/05 11:37:25.0531 0860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/05 11:37:25.0584 0860 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/06/05 11:37:25.0857 0860 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/05 11:37:26.0093 0860 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/05 11:37:26.0123 0860 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/05 11:37:26.0141 0860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/05 11:37:26.0168 0860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/05 11:37:26.0272 0860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/05 11:37:26.0306 0860 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/05 11:37:26.0337 0860 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/05 11:37:26.0418 0860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/05 11:37:26.0455 0860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/05 11:37:26.0477 0860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/05 11:37:26.0548 0860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/05 11:37:26.0726 0860 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/05 11:37:26.0766 0860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/05 11:37:26.0869 0860 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/05 11:37:26.0930 0860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/05 11:37:27.0017 0860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/05 11:37:27.0065 0860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/05 11:37:27.0081 0860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/05 11:37:27.0174 0860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/05 11:37:27.0207 0860 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/05 11:37:27.0241 0860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/05 11:37:27.0278 0860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/05 11:37:27.0353 0860 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/05 11:37:27.0385 0860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/05 11:37:27.0411 0860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/05 11:37:27.0490 0860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/05 11:37:27.0528 0860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/05 11:37:27.0555 0860 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/05 11:37:27.0637 0860 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/05 11:37:27.0711 0860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/05 11:37:27.0787 0860 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/05 11:37:27.0878 0860 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/05 11:37:27.0937 0860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/05 11:37:28.0002 0860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/05 11:37:28.0047 0860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/05 11:37:28.0066 0860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/05 11:37:28.0147 0860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/05 11:37:28.0210 0860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/05 11:37:28.0233 0860 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/05 11:37:28.0284 0860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/05 11:37:28.0338 0860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/05 11:37:28.0371 0860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/05 11:37:28.0420 0860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/05 11:37:28.0492 0860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/05 11:37:28.0619 0860 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/06/05 11:37:28.0619 0860 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/06/05 11:37:28.0632 0860 sptd - detected LockedFile.Multi.Generic (1)
2011/06/05 11:37:28.0721 0860 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/06/05 11:37:28.0793 0860 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/05 11:37:28.0871 0860 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/05 11:37:28.0953 0860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/05 11:37:29.0029 0860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/05 11:37:29.0201 0860 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/05 11:37:29.0256 0860 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/05 11:37:29.0303 0860 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/05 11:37:29.0375 0860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/05 11:37:29.0411 0860 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/05 11:37:29.0437 0860 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/05 11:37:29.0505 0860 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/05 11:37:29.0583 0860 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/05 11:37:29.0658 0860 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/05 11:37:29.0700 0860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/05 11:37:29.0734 0860 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/05 11:37:29.0829 0860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/05 11:37:29.0870 0860 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/05 11:37:29.0937 0860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/05 11:37:29.0990 0860 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/05 11:37:30.0085 0860 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/06/05 11:37:30.0133 0860 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/05 11:37:30.0215 0860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/05 11:37:30.0254 0860 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/05 11:37:30.0330 0860 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/05 11:37:30.0351 0860 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/05 11:37:30.0435 0860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/05 11:37:30.0467 0860 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/05 11:37:30.0496 0860 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/05 11:37:30.0609 0860 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/05 11:37:30.0691 0860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/05 11:37:30.0762 0860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/05 11:37:30.0804 0860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/05 11:37:30.0882 0860 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/05 11:37:31.0008 0860 VIAHdAudAddService (db88ca4f876c7dcaeec29bab9e31ffc1) C:\Windows\system32\drivers\viahduaa.sys
2011/06/05 11:37:31.0068 0860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/05 11:37:31.0137 0860 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/05 11:37:31.0172 0860 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/05 11:37:31.0214 0860 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/05 11:37:31.0285 0860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/05 11:37:31.0318 0860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/06/05 11:37:31.0357 0860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/05 11:37:31.0426 0860 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 11:37:31.0455 0860 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 11:37:31.0537 0860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/05 11:37:31.0614 0860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/05 11:37:31.0762 0860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/05 11:37:31.0800 0860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/05 11:37:31.0921 0860 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/05 11:37:31.0980 0860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/05 11:37:32.0075 0860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/05 11:37:32.0152 0860 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/05 11:37:32.0236 0860 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/05 11:37:32.0308 0860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/05 11:37:32.0316 0860 ================================================================================
2011/06/05 11:37:32.0316 0860 Scan finished
2011/06/05 11:37:32.0316 0860 ================================================================================
2011/06/05 11:37:32.0326 0900 Detected object count: 1
2011/06/05 11:37:32.0326 0900 Actual detected object count: 1
2011/06/05 11:37:38.0991 0900 LockedFile.Multi.Generic(sptd) - User select action: Skip

by **Belahzur** on Tue 07 Jun 2011, 7:34 am

Hello.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

by Cheungman on Sat 11 Jun 2011, 3:48 am

ComboFix 11-06-10.05 - Ron 06/10/2011 12:30:32.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2966 [GMT -4:00]
Running from: c:\users\Ron\Desktop\commy.exe
Command switches used :: /stepdel
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ron\AppData\Roaming\Adobe\plugs
c:\users\Ron\AppData\Roaming\Adobe\shed
c:\users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Ron\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\arp.exe . . . . Failed to delete
c:\windows\system32\ksuser.dll . . . . Failed to delete
c:\windows\system32\msconfig.exe . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\SysWow64\arp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 16:39 . 2011-06-10 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 15:16 . 2011-05-09 19:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DDD6207-7F78-4D71-A4C2-1D3939B8BA7C}\mpengine.dll
2011-05-20 18:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-20 18:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-20 15:20 . 2011-05-20 15:20 -------- d-----w- c:\program files (x86)\ESET
2011-05-20 14:31 . 2011-01-26 17:22 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A6F6144-455F-4E26-93E9-8049D0452A8E}\gapaengine.dll
2011-05-20 12:41 . 2011-05-20 12:41 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes
2011-05-20 12:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-20 12:40 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 05:27 . 2011-05-14 05:27 -------- d-----w- c:\programdata\ATI
2011-05-14 05:26 . 2011-05-14 05:26 -------- d-----w- c:\program files\ATI Technologies
2011-05-11 17:46 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 17:46 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 17:46 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 19:00 . 2010-10-11 19:41 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 02:44 . 2011-04-20 02:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:30 . 2011-04-20 02:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2011-04-20 02:09 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-20 02:07 . 2010-04-07 02:15 795648 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:03 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-20 02:02 . 2011-04-20 02:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-20 01:59 . 2011-04-20 01:59 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-20 01:49 . 2010-04-07 01:54 4951552 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-20 01:46 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-20 01:45 . 2011-04-20 01:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-20 01:40 . 2011-04-20 01:40 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-20 01:38 . 2011-04-20 01:38 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-20 01:31 . 2011-04-20 01:31 5440000 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-20 01:27 . 2010-04-07 01:46 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 366080 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-20 01:22 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2010-04-07 01:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-20 01:21 . 2011-04-20 01:21 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-20 01:21 . 2011-04-20 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-20 01:21 . 2011-04-20 01:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-04-14 01:59 . 2011-04-14 01:59 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-04-14 01:59 . 2011-04-14 01:59 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-14 01:58 . 2011-04-14 01:58 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-04-07 00:29 . 2011-04-07 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-07 00:29 . 2011-04-06 23:50 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-06 23:50 . 2011-04-06 23:50 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-06 02:09 . 2011-04-06 02:09 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-06 02:09 . 2011-04-06 02:09 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-06 02:09 . 2011-04-06 02:09 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-30 18:46 . 2011-03-30 18:46 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-03-29 02:28 . 2011-03-29 02:28 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-20 365568]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\hm5l1lc5.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2011-06-10 12:44:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 16:44
.
Pre-Run: 382,159,892,480 bytes free
Post-Run: 382,244,642,816 bytes free
.
- - End Of File - - 489679F116C98677D0B30FAB39DDFD1A

by Cheungman on Sat 11 Jun 2011, 6:18 am

Looks like the same thing to me but here is the Combofix.txt

ComboFix 11-06-10.05 - Ron 06/10/2011 12:30:32.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2966 [GMT -4:00]
Running from: c:\users\Ron\Desktop\commy.exe
Command switches used :: /stepdel
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ron\AppData\Roaming\Adobe\plugs
c:\users\Ron\AppData\Roaming\Adobe\shed
c:\users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Ron\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\arp.exe . . . . Failed to delete
c:\windows\system32\ksuser.dll . . . . Failed to delete
c:\windows\system32\msconfig.exe . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\SysWow64\arp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 16:39 . 2011-06-10 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 15:16 . 2011-05-09 19:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DDD6207-7F78-4D71-A4C2-1D3939B8BA7C}\mpengine.dll
2011-05-20 18:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-20 18:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-20 15:20 . 2011-05-20 15:20 -------- d-----w- c:\program files (x86)\ESET
2011-05-20 14:31 . 2011-01-26 17:22 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A6F6144-455F-4E26-93E9-8049D0452A8E}\gapaengine.dll
2011-05-20 12:41 . 2011-05-20 12:41 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes
2011-05-20 12:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-20 12:40 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 05:27 . 2011-05-14 05:27 -------- d-----w- c:\programdata\ATI
2011-05-14 05:26 . 2011-05-14 05:26 -------- d-----w- c:\program files\ATI Technologies
2011-05-11 17:46 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 17:46 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 17:46 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 19:00 . 2010-10-11 19:41 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 02:44 . 2011-04-20 02:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:30 . 2011-04-20 02:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2011-04-20 02:09 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-20 02:07 . 2010-04-07 02:15 795648 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:03 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-20 02:02 . 2011-04-20 02:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-20 01:59 . 2011-04-20 01:59 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-20 01:49 . 2010-04-07 01:54 4951552 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-20 01:46 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-20 01:45 . 2011-04-20 01:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-20 01:40 . 2011-04-20 01:40 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-20 01:38 . 2011-04-20 01:38 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-20 01:31 . 2011-04-20 01:31 5440000 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-20 01:27 . 2010-04-07 01:46 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 366080 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-20 01:22 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2010-04-07 01:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-20 01:21 . 2011-04-20 01:21 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-20 01:21 . 2011-04-20 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-20 01:21 . 2011-04-20 01:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-04-14 01:59 . 2011-04-14 01:59 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-04-14 01:59 . 2011-04-14 01:59 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-14 01:58 . 2011-04-14 01:58 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-04-07 00:29 . 2011-04-07 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-07 00:29 . 2011-04-06 23:50 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-06 23:50 . 2011-04-06 23:50 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-06 02:09 . 2011-04-06 02:09 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-06 02:09 . 2011-04-06 02:09 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-06 02:09 . 2011-04-06 02:09 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-30 18:46 . 2011-03-30 18:46 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-03-29 02:28 . 2011-03-29 02:28 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-20 365568]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\hm5l1lc5.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2011-06-10 12:44:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 16:44
.
Pre-Run: 382,159,892,480 bytes free
Post-Run: 382,244,642,816 bytes free
.
- - End Of File - - 489679F116C98677D0B30FAB39DDFD1A

by **Belahzur** on Sun 12 Jun 2011, 2:12 am

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

by Cheungman on Sun 12 Jun 2011, 12:02 pm

ComboFix 11-06-10.05 - Ron 06/11/2011 19:11:44.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2730 [GMT -4:00]
Running from: c:\users\Ron\Desktop\commy.exe
Command switches used :: c:\users\Ron\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 23:17 . 2011-06-11 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 17:40 . 2011-05-09 19:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B0A43FC-7C56-47C4-934A-6CAD18CEAB6A}\mpengine.dll
2011-06-10 21:46 . 2011-06-10 21:46 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2011-05-20 18:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-20 18:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-20 15:20 . 2011-05-20 15:20 -------- d-----w- c:\program files (x86)\ESET
2011-05-20 14:31 . 2011-01-26 17:22 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A6F6144-455F-4E26-93E9-8049D0452A8E}\gapaengine.dll
2011-05-20 12:41 . 2011-05-20 12:41 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes
2011-05-20 12:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 12:40 . 2011-05-20 12:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-20 12:40 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 05:27 . 2011-05-14 05:27 -------- d-----w- c:\programdata\ATI
2011-05-14 05:26 . 2011-05-14 05:26 -------- d-----w- c:\program files\ATI Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 19:00 . 2010-10-11 19:41 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 02:44 . 2011-04-20 02:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:30 . 2011-04-20 02:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2011-04-20 02:09 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-20 02:07 . 2010-04-07 02:15 795648 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:03 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-20 02:02 . 2011-04-20 02:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-20 01:59 . 2011-04-20 01:59 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-20 01:49 . 2010-04-07 01:54 4951552 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-20 01:46 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-20 01:45 . 2011-04-20 01:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-20 01:40 . 2011-04-20 01:40 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-20 01:38 . 2011-04-20 01:38 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-20 01:31 . 2011-04-20 01:31 5440000 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-20 01:27 . 2010-04-07 01:46 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 366080 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-20 01:22 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2010-04-07 01:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-20 01:21 . 2011-04-20 01:21 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-20 01:21 . 2011-04-20 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-20 01:21 . 2011-04-20 01:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-04-14 01:59 . 2011-04-14 01:59 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-04-14 01:59 . 2011-04-14 01:59 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-14 01:58 . 2011-04-14 01:58 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-04-09 06:45 . 2011-05-11 17:46 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 17:46 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 17:46 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-07 00:29 . 2011-04-07 00:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-07 00:29 . 2011-04-06 23:50 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-06 23:50 . 2011-04-06 23:50 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-06 02:09 . 2011-04-06 02:09 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-06 02:09 . 2011-04-06 02:09 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-06 02:09 . 2011-04-06 02:09 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-30 18:46 . 2011-03-30 18:46 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-03-29 02:28 . 2011-03-29 02:28 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-06-11 04:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-06-09 04:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-06-11 04:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-09 04:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-09 04:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-11 04:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:10 . 2011-05-20 15:05 45108 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-10 16:42 45108 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-20 18:49 . 2011-06-10 16:42 16752 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2222643377-2805064991-2700677253-1001_UserData.bin
+ 2009-07-14 04:46 . 2011-06-10 16:48 79920 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-07-20 18:51 . 2011-06-10 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 18:51 . 2011-06-11 23:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 18:51 . 2011-06-11 23:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-20 18:51 . 2011-06-10 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-10 16:41 . 2011-06-10 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-11 23:18 . 2011-06-11 23:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-10 16:41 . 2011-06-10 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-11 23:18 . 2011-06-11 23:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-06-08 18:49 617222 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-06-10 16:45 617222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-06-08 18:49 104496 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-06-10 16:45 104496 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-06-10 16:40 447380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-11 23:17 447380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-20 21:34 . 2011-06-11 23:17 448148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2222643377-2805064991-2700677253-1001-8192.dat
- 2010-07-20 21:34 . 2011-06-10 16:40 448148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2222643377-2805064991-2700677253-1001-8192.dat
- 2009-07-14 02:34 . 2011-06-10 16:38 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-06-11 17:51 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-20 365568]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\hm5l1lc5.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2011-06-11 19:22:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 23:22
.
Pre-Run: 337,127,780,352 bytes free
Post-Run: 374,261,633,024 bytes free
.
- - End Of File - - A2D8068B40ED6881767D5300FBD81C04

by **Belahzur** on Tue 14 Jun 2011, 3:44 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

by Cheungman on Wed 15 Jun 2011, 12:47 pm

Ok so I ran the scan and it deleted 2 trojans (java variant I think and some other one) and I accidentally checked the uninstall program after finished so I lost the log. Now I am trying to run it again but I can't get past the accept terms page. Every time I try to continue it brings me to a blank page with an icon of a photo on the top left corner.

by **Belahzur** on Thu 16 Jun 2011, 5:21 am

Ah nevermind then, how is the machine running now?

by Cheungman on Thu 16 Jun 2011, 9:03 am

Well it seems to be running normally. I mean didn't have a problem with speed or anything so it's hard to notice. I was mostly worried about security but it seems to have worked. Thanks a lot I really appreciate you helping me out.

by Sponsored content Today at 7:54 am

Trojan:Win32/Alureon.EP removal help please

Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please

Re: Trojan:Win32/Alureon.EP removal help please