Euphoriic infection thread

E

Euphoriic

New Member
Hi johnb35, encounter this error as well.

Here are my Malware and Combofix log respectively.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6708

Windows 6.0.6000
Internet Explorer 7.0.6000.16512

29/05/2011 1:30:33 PM
mbam-log-2011-05-29 (13-30-33).txt

Scan type: Quick scan
Objects scanned: 150095
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\programdata\egonusiecuxaxgi.exe (Trojan.FakeMS) -> 5300 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\egoNuSIECuXAXgI (Trojan.FakeMS) -> Value: egoNuSIECuXAXgI -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\egonusiecuxaxgi.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Andy\AppData\Local\Temp\tmpA45D.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Andy\AppData\Local\Temp\-213E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Andy\AppData\Local\Temp\1363E8.tmp (Trojan.Agent) -> Delete on reboot.
c:\programdata\26468112.exe (Trojan.Agent) -> Delete on reboot.


ComboFix 11-05-27.02 - Andy 29/05/2011 13:51:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.61.1033.18.2047.951 [GMT 10:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 04:13 . 2011-05-29 04:13 -------- d-----w- c:\users\Andy\AppData\Local\temp
2011-05-29 03:34 . 2011-05-29 03:34 -------- d-----w- C:\32788R22FWJFW
2011-05-29 03:21 . 2011-05-29 03:21 -------- d--h--w- c:\users\Andy\AppData\Roaming\Malwarebytes
2011-05-29 03:21 . 2010-12-20 08:09 38224 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 03:21 . 2011-05-29 03:21 -------- d--h--w- c:\programdata\Malwarebytes
2011-05-29 03:21 . 2011-05-29 03:21 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-05-13 21:12 . 2011-05-13 21:12 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 10:55 . 2009-05-18 03:17 26600 ---ha-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-12 10:55 . 2008-04-17 02:12 107368 ---ha-w- c:\windows\system32\GEARAspi.dll
2011-05-12 10:54 . 2011-05-12 10:54 -------- d--h--w- c:\program files\iPod
2011-05-12 10:53 . 2011-05-12 10:55 -------- d--h--w- c:\program files\iTunes
2011-05-12 10:51 . 2011-05-12 10:51 -------- d--h--w- c:\program files\Bonjour
2011-05-06 06:20 . 2011-05-06 06:20 -------- d--h--w- c:\programdata\VistaCodecs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-21 21:59 . 2007-12-25 16:39 45056 ---ha-w- c:\windows\system32\acovcnt.exe
2011-04-06 06:20 . 2011-04-06 06:20 91424 ---ha-w- c:\windows\system32\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20 75040 ---ha-w- c:\windows\system32\jdns_sd.dll
2011-04-06 06:20 . 2011-04-06 06:20 197920 ---ha-w- c:\windows\system32\dnssdX.dll
2011-04-06 06:20 . 2011-04-06 06:20 107808 ---ha-w- c:\windows\system32\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ---ha-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-12-25 33136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-19 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 22:10 47904 ---ha-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2007-12-25 16:43 37232 ---ha-w- c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 16:27 61440 ---ha-w- c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-29 18:49 136176 ---hatw- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 15:22 421160 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 19:49 451872 ---ha-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ---ha-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-06-26 18:10 778240 ---ha-w- c:\program files\PowerForPhone\PowerForPhone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 07:38 421888 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 10:39 4702208 ---ha-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 05:22 1826816 ---ha-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 00:44 248552 ---ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-12-25 15:03 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-08-29 46080]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Ehshisrsbsc;Ehshisrsbsc; [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2007-06-15 304640]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 19:47 451872 ---ha-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221876131-514314933-443054876-1000Core.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 18:49]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221876131-514314933-443054876-1000UA.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 18:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\0h3x3yti.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.http - proxy.changeipaddress.org
FF - prefs.js: network.proxy.http_port - 8231
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Net Usage Item: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B} - %profile%\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ImageShack® Toolbar: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24} - %profile%\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
FF - Ext: IDM CC: [email protected] - c:\users\Andy\AppData\Roaming\IDM\idmmzcc3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-29 14:13
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\ADSM_PData_0150
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-221876131-514314933-443054876-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0d,d9,57,21,ed,c3,ba,8b,1d,a8,19,eb,c3,54,5f,3f,88,7d,1b,ac,5d,
bf,48,76,65,dc,f5,e4,9a,38,f4,6f,3d,bd,01,44,63,9e,b6,6f,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-221876131-514314933-443054876-1000_Classes\CLSID\{d7f2992c-f5f2-49a3-83e4-7ccdfcf4159c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000127
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-29 14:17:59
ComboFix-quarantined-files.txt 2011-05-29 04:17
.
Pre-Run: 67,368,996,864 bytes free
Post-Run: 68,134,191,104 bytes free
.
- - End Of File - - 5DF17295DE9FA22724E83E8DD6FE22C2
 
Last edited by a moderator:
Euphorlic,

Please do the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

infection-found.jpg


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

scan-completed.jpg


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

then do the following.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Driver::
Ehshisrsbsc

Reglock::
[HKEY_USERS\S-1-5-21-221876131-514314933-443054876-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_USERS\S-1-5-21-221876131-514314933-443054876-1000_Classes\CLSID\{d7f2992c-f5f2-49a3-83e4-7ccdfcf4159c}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Then post a hijackthis log by doing the following.

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces
 
Hi John,

I ran tdsskiller and follow your instruction with ComboFixer with the Notepad.

Here are the logs from tdsskiller / combofixer / hijackthis respectively.

2011/05/30 19:12:23.0890 3752 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 19:12:25.0238 3752 ================================================================================
2011/05/30 19:12:25.0238 3752 SystemInfo:
2011/05/30 19:12:25.0238 3752
2011/05/30 19:12:25.0238 3752 OS Version: 6.0.6000 ServicePack: 0.0
2011/05/30 19:12:25.0238 3752 Product type: Workstation
2011/05/30 19:12:25.0239 3752 ComputerName: ANDY
2011/05/30 19:12:25.0239 3752 UserName: Andy
2011/05/30 19:12:25.0239 3752 Windows directory: C:\Windows
2011/05/30 19:12:25.0239 3752 System windows directory: C:\Windows
2011/05/30 19:12:25.0239 3752 Processor architecture: Intel x86
2011/05/30 19:12:25.0239 3752 Number of processors: 2
2011/05/30 19:12:25.0239 3752 Page size: 0x1000
2011/05/30 19:12:25.0239 3752 Boot type: Normal boot
2011/05/30 19:12:25.0239 3752 ================================================================================
2011/05/30 19:12:26.0042 3752 Initialize success
2011/05/30 19:12:35.0547 4788 ================================================================================
2011/05/30 19:12:35.0547 4788 Scan started
2011/05/30 19:12:35.0547 4788 Mode: Manual;
2011/05/30 19:12:35.0547 4788 ================================================================================
2011/05/30 19:12:36.0400 4788 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
2011/05/30 19:12:36.0505 4788 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/30 19:12:36.0615 4788 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/30 19:12:36.0756 4788 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/30 19:12:36.0816 4788 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/30 19:12:36.0966 4788 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/05/30 19:12:37.0086 4788 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/30 19:12:37.0133 4788 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/30 19:12:37.0194 4788 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/30 19:12:37.0240 4788 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/30 19:12:37.0373 4788 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/30 19:12:37.0444 4788 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/30 19:12:37.0490 4788 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/30 19:12:37.0632 4788 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/30 19:12:37.0713 4788 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/30 19:12:37.0766 4788 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
2011/05/30 19:12:37.0848 4788 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/05/30 19:12:38.0001 4788 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/30 19:12:38.0065 4788 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
2011/05/30 19:12:38.0119 4788 AtcL001 (6f2b5af92d0a61ef3f51b6c2ae6189a2) C:\Windows\system32\DRIVERS\l160x86.sys
2011/05/30 19:12:38.0313 4788 AVerHybrid (ebd02c7d89b460459883c79b05ead74f) C:\Windows\system32\drivers\averhbtv.sys
2011/05/30 19:12:38.0459 4788 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/05/30 19:12:38.0681 4788 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/30 19:12:38.0792 4788 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/30 19:12:38.0843 4788 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/30 19:12:38.0902 4788 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/30 19:12:39.0001 4788 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/30 19:12:39.0082 4788 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/30 19:12:39.0122 4788 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/30 19:12:39.0232 4788 BthEnum (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/30 19:12:39.0309 4788 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/30 19:12:39.0360 4788 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/30 19:12:39.0490 4788 BTHPORT (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
2011/05/30 19:12:39.0557 4788 BTHUSB (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/30 19:12:39.0760 4788 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/30 19:12:39.0826 4788 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/30 19:12:39.0937 4788 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/30 19:12:40.0001 4788 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
2011/05/30 19:12:40.0171 4788 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/30 19:12:40.0220 4788 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/30 19:12:40.0266 4788 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/30 19:12:40.0309 4788 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/30 19:12:40.0426 4788 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/30 19:12:40.0506 4788 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/05/30 19:12:40.0666 4788 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/05/30 19:12:40.0746 4788 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/30 19:12:40.0874 4788 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/30 19:12:41.0021 4788 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/30 19:12:41.0094 4788 Ecache (38573398f734b71b06cd2411494f234a) C:\Windows\system32\drivers\ecache.sys
2011/05/30 19:12:41.0254 4788 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/30 19:12:41.0441 4788 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/05/30 19:12:41.0491 4788 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/30 19:12:41.0551 4788 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/05/30 19:12:41.0602 4788 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/05/30 19:12:41.0718 4788 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/30 19:12:41.0768 4788 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/05/30 19:12:41.0821 4788 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/30 19:12:41.0883 4788 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/30 19:12:42.0004 4788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/30 19:12:42.0096 4788 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/05/30 19:12:42.0233 4788 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/30 19:12:42.0284 4788 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/30 19:12:42.0414 4788 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/30 19:12:42.0465 4788 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/30 19:12:42.0592 4788 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/30 19:12:42.0667 4788 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/30 19:12:42.0726 4788 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2011/05/30 19:12:42.0843 4788 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/30 19:12:42.0899 4788 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/30 19:12:43.0060 4788 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/30 19:12:43.0230 4788 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/30 19:12:43.0301 4788 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/30 19:12:43.0446 4788 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/30 19:12:43.0620 4788 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/30 19:12:43.0849 4788 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/30 19:12:43.0900 4788 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/30 19:12:44.0098 4788 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/30 19:12:44.0153 4788 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/30 19:12:44.0291 4788 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/05/30 19:12:44.0349 4788 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/30 19:12:44.0466 4788 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/30 19:12:44.0519 4788 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/30 19:12:44.0570 4788 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/30 19:12:44.0676 4788 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/30 19:12:44.0722 4788 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/05/30 19:12:44.0785 4788 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/05/30 19:12:44.0952 4788 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/30 19:12:45.0152 4788 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/30 19:12:45.0239 4788 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/30 19:12:45.0288 4788 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/30 19:12:45.0421 4788 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/30 19:12:45.0460 4788 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/05/30 19:12:45.0580 4788 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/30 19:12:45.0636 4788 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/05/30 19:12:45.0687 4788 MODEMCSA (7e222a1baaa42c8559db2ce8a12ad828) C:\Windows\system32\drivers\MODEMCSA.sys
2011/05/30 19:12:45.0794 4788 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/30 19:12:45.0836 4788 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/30 19:12:45.0875 4788 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/30 19:12:45.0995 4788 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/05/30 19:12:46.0047 4788 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/30 19:12:46.0098 4788 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/30 19:12:46.0241 4788 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/30 19:12:46.0286 4788 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/30 19:12:46.0330 4788 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/30 19:12:46.0442 4788 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/30 19:12:46.0484 4788 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/30 19:12:46.0538 4788 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/30 19:12:46.0582 4788 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/30 19:12:46.0746 4788 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/05/30 19:12:46.0819 4788 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/05/30 19:12:46.0963 4788 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/30 19:12:47.0003 4788 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/30 19:12:47.0094 4788 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/05/30 19:12:47.0207 4788 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/05/30 19:12:47.0265 4788 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/30 19:12:47.0311 4788 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/05/30 19:12:47.0443 4788 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/05/30 19:12:47.0498 4788 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/05/30 19:12:47.0586 4788 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/30 19:12:47.0737 4788 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/05/30 19:12:47.0863 4788 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/30 19:12:47.0907 4788 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/30 19:12:47.0958 4788 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/30 19:12:48.0080 4788 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/05/30 19:12:48.0139 4788 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/30 19:12:48.0203 4788 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/30 19:12:48.0457 4788 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/05/30 19:12:48.0717 4788 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/05/30 19:12:48.0903 4788 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/30 19:12:48.0973 4788 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/05/30 19:12:49.0029 4788 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/30 19:12:49.0180 4788 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
2011/05/30 19:12:49.0313 4788 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/30 19:12:49.0366 4788 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/05/30 19:12:49.0663 4788 nvlddmkm (e3e9e8cce32ff51c3928f71a0d4dad81) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/30 19:12:49.0999 4788 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/30 19:12:50.0067 4788 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/30 19:12:50.0117 4788 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/30 19:12:50.0382 4788 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/30 19:12:50.0556 4788 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/30 19:12:50.0614 4788 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/05/30 19:12:50.0667 4788 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/30 19:12:50.0795 4788 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/05/30 19:12:50.0849 4788 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/30 19:12:50.0904 4788 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/30 19:12:51.0070 4788 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/30 19:12:51.0372 4788 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/30 19:12:51.0421 4788 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/30 19:12:51.0500 4788 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/30 19:12:51.0654 4788 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/30 19:12:51.0808 4788 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/30 19:12:51.0880 4788 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/30 19:12:51.0929 4788 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/30 19:12:52.0075 4788 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/30 19:12:52.0130 4788 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/30 19:12:52.0191 4788 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/30 19:12:52.0249 4788 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/30 19:12:52.0415 4788 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/30 19:12:52.0550 4788 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/30 19:12:52.0613 4788 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/05/30 19:12:52.0703 4788 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/30 19:12:52.0819 4788 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/05/30 19:12:52.0879 4788 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/05/30 19:12:52.0928 4788 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/05/30 19:12:53.0023 4788 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/30 19:12:53.0144 4788 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/30 19:12:53.0230 4788 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/30 19:12:53.0329 4788 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/30 19:12:53.0433 4788 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/30 19:12:53.0497 4788 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/30 19:12:53.0570 4788 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/30 19:12:53.0640 4788 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
2011/05/30 19:12:53.0768 4788 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/30 19:12:53.0826 4788 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/30 19:12:53.0859 4788 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/30 19:12:53.0922 4788 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/30 19:12:54.0036 4788 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/30 19:12:54.0098 4788 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/30 19:12:54.0159 4788 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/30 19:12:54.0287 4788 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/05/30 19:12:54.0389 4788 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2011/05/30 19:12:54.0648 4788 SNP2UVC (750771bb0f0eda12bbc93f223fe682d4) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/05/30 19:12:54.0812 4788 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/05/30 19:12:54.0904 4788 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
2011/05/30 19:12:55.0027 4788 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/30 19:12:55.0078 4788 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/30 19:12:55.0164 4788 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/30 19:12:55.0241 4788 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/30 19:12:55.0343 4788 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/30 19:12:55.0401 4788 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/30 19:12:55.0462 4788 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/30 19:12:55.0644 4788 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
2011/05/30 19:12:55.0848 4788 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/30 19:12:55.0989 4788 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/30 19:12:56.0036 4788 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/05/30 19:12:56.0090 4788 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/30 19:12:56.0217 4788 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/30 19:12:56.0282 4788 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/30 19:12:56.0456 4788 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
2011/05/30 19:12:56.0548 4788 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/30 19:12:56.0610 4788 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/30 19:12:56.0729 4788 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/30 19:12:56.0783 4788 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/30 19:12:56.0849 4788 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/30 19:12:56.0941 4788 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/30 19:12:57.0086 4788 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/30 19:12:57.0230 4788 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/30 19:12:57.0285 4788 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/30 19:12:57.0422 4788 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/30 19:12:57.0589 4788 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/30 19:12:57.0668 4788 usbccgp (9881b6c8651d715c791ab06a505b17a6) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/30 19:12:57.0727 4788 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/30 19:12:57.0873 4788 usbehci (8f04157bd36e7884be0c20b845b4e1d9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/30 19:12:57.0935 4788 usbhub (4450746076d49ce8a374a916d3595b62) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/30 19:12:57.0994 4788 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/30 19:12:58.0132 4788 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/30 19:12:58.0199 4788 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/30 19:12:58.0332 4788 usbuhci (e59040e7d24007c68eb6ce9f5666be16) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/30 19:12:58.0399 4788 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/30 19:12:58.0555 4788 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/30 19:12:58.0617 4788 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/05/30 19:12:58.0675 4788 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/30 19:12:58.0812 4788 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/30 19:12:58.0868 4788 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/30 19:12:58.0994 4788 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/05/30 19:12:59.0048 4788 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/05/30 19:12:59.0134 4788 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
2011/05/30 19:12:59.0284 4788 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/30 19:12:59.0379 4788 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/30 19:12:59.0437 4788 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 19:12:59.0482 4788 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 19:12:59.0618 4788 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/30 19:12:59.0707 4788 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/30 19:13:00.0047 4788 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/30 19:13:00.0173 4788 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/30 19:13:00.0236 4788 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/30 19:13:00.0388 4788 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/30 19:13:00.0470 4788 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
2011/05/30 19:13:00.0502 4788 ================================================================================
2011/05/30 19:13:00.0502 4788 Scan finished
2011/05/30 19:13:00.0502 4788 ================================================================================
2011/05/30 19:13:00.0523 5568 Detected object count: 0
2011/05/30 19:13:00.0523 5568 Actual detected object count: 0
2011/05/30 19:13:06.0809 5072 Deinitialize success

ComboFix 11-05-29.01 - Andy 30/05/2011 19:26:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.61.1033.18.2047.1197 [GMT 10:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
Command switches used :: c:\users\Andy\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Ehshisrsbsc
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 09:48 . 2011-05-30 09:58 -------- d-----w- c:\users\Andy\AppData\Local\temp
2011-05-30 09:48 . 2011-05-30 09:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 11:25 . 2011-05-29 11:25 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-05-29 11:04 . 2011-05-29 11:04 -------- d-----w- c:\program files\AC3Filter
2011-05-29 11:04 . 2004-05-25 15:06 417792 ----a-w- c:\windows\system32\ac3filter.cpl
2011-05-29 10:44 . 2011-05-29 11:28 -------- d-----w- c:\program files\Easy RealMedia Tools
2011-05-29 03:34 . 2011-05-30 09:17 -------- d-----w- C:\32788R22FWJFW
2011-05-29 03:21 . 2011-05-29 03:21 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
2011-05-29 03:21 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 03:21 . 2011-05-29 03:21 -------- d-----w- c:\programdata\Malwarebytes
2011-05-29 03:21 . 2011-05-29 03:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-13 21:12 . 2011-05-13 21:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 10:55 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-12 10:55 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-12 10:54 . 2011-05-12 10:54 -------- d-----w- c:\program files\iPod
2011-05-12 10:53 . 2011-05-12 10:55 -------- d-----w- c:\program files\iTunes
2011-05-12 10:51 . 2011-05-12 10:51 -------- d-----w- c:\program files\Bonjour
2011-05-06 06:20 . 2011-05-06 06:20 -------- d-----w- c:\programdata\VistaCodecs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 09:58 . 2007-12-25 16:39 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 06:20 . 2011-04-06 06:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-12-25 33136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-19 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 22:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2007-12-25 16:43 37232 ----a-w- c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 16:27 61440 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-29 18:49 136176 ----atw- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 15:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 19:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-06-26 18:10 778240 ----a-w- c:\program files\PowerForPhone\PowerForPhone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 07:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 10:39 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 00:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-12-25 15:03 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-08-29 46080]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2007-06-15 304640]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 19:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221876131-514314933-443054876-1000Core.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 18:49]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221876131-514314933-443054876-1000UA.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 18:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\0h3x3yti.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.http - proxy.changeipaddress.org
FF - prefs.js: network.proxy.http_port - 8231
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Net Usage Item: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B} - %profile%\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ImageShack® Toolbar: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24} - %profile%\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
FF - Ext: IDM CC: [email protected] - c:\users\Andy\AppData\Roaming\IDM\idmmzcc3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-30 19:59
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2296)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\program files\TeraCopy\TeraCopyExt.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvapi.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\conime.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2011-05-30 20:02:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-30 10:02
.
Pre-Run: 67,401,105,408 bytes free
Post-Run: 67,791,347,712 bytes free
.
- - End Of File - - D2DF0DE72E700C3C0FDE341952786C38

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:11:39 PM, on 30/05/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 5537 bytes

Cheers,
 
One more time on the cfscript.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

I also noticed you don't have an active virus scanner installed. I would highly recommend to download and install either AVAST or Microsoft Security Essentials.

AVAST - http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html

MSE - http://www.microsoft.com/security/pc-security/mse.aspx
 
ComboFix 11-05-30.07 - Andy 31/05/2011 18:07:54.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.61.1033.18.2047.883 [GMT 10:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
Command switches used :: c:\users\Andy\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-31 08:29 . 2011-05-31 08:30 -------- d-----w- c:\users\Andy\AppData\Local\temp
2011-05-31 08:29 . 2011-05-31 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 10:10 . 2011-05-30 10:10 388096 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-30 10:10 . 2011-05-30 10:10 -------- d-----w- c:\program files\Trend Micro
2011-05-29 11:25 . 2011-05-29 11:25 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-05-29 11:04 . 2011-05-29 11:04 -------- d-----w- c:\program files\AC3Filter
2011-05-29 11:04 . 2004-05-25 15:06 417792 ----a-w- c:\windows\system32\ac3filter.cpl
2011-05-29 10:44 . 2011-05-29 11:28 -------- d-----w- c:\program files\Easy RealMedia Tools
2011-05-29 03:21 . 2011-05-29 03:21 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
2011-05-29 03:21 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 03:21 . 2011-05-29 03:21 -------- d-----w- c:\programdata\Malwarebytes
2011-05-29 03:21 . 2011-05-29 03:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-13 21:12 . 2011-05-13 21:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 10:55 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-12 10:55 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-12 10:54 . 2011-05-12 10:54 -------- d-----w- c:\program files\iPod
2011-05-12 10:53 . 2011-05-12 10:55 -------- d-----w- c:\program files\iTunes
2011-05-12 10:51 . 2011-05-12 10:51 -------- d-----w- c:\program files\Bonjour
2011-05-06 06:20 . 2011-05-06 06:20 -------- d-----w- c:\programdata\VistaCodecs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 09:58 . 2007-12-25 16:39 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 06:20 . 2011-04-06 06:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-12-25 33136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-19 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 22:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2007-12-25 16:43 37232 ----a-w- c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 16:27 61440 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-29 18:49 136176 ----atw- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 15:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 19:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-06-26 18:10 778240 ----a-w- c:\program files\PowerForPhone\PowerForPhone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 07:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 10:39 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 00:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-12-25 15:03 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-08-29 46080]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2007-06-15 304640]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 19:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221876131-514314933-443054876-1000Core.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 18:49]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221876131-514314933-443054876-1000UA.job
- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 18:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\0h3x3yti.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.http - proxy.changeipaddress.org
FF - prefs.js: network.proxy.http_port - 8231
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Net Usage Item: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B} - %profile%\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ImageShack® Toolbar: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24} - %profile%\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
FF - Ext: IDM CC: [email protected] - c:\users\Andy\AppData\Roaming\IDM\idmmzcc3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-31 18:30
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1504)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Completion time: 2011-05-31 18:32:09
ComboFix-quarantined-files.txt 2011-05-31 08:32
ComboFix2.txt 2011-05-30 10:02
.
Pre-Run: 67,631,947,776 bytes free
Post-Run: 67,267,076,096 bytes free
.
- - End Of File - - 8EA902EA8113CBB7196D319E91DCDCDE
 
Hi,

The system seems to be running fine now, can't seem to find any issues now.
Very weird that I got infected, thought I was careful, but guess I wasn't enough.

Which would you recommend me to use, Avast or MSE ?

Anyways, thank you very much for your help!
 
I use Avast and have no issues. Avast and MSE are the top 2 choices of users on this forum.
 
You must log in or register to reply here.
Back
Top