[Active] Browser redirect issues - hijackthis log included

AtomBomb · Sep 8, 2010

My problem is that when using the search bar in firefox. I am running windows 7 32 bit btw with nod32 for antivirus (which finds nothing). for google some (not all) results lead to the wrong sites, mostly bad news search engines. Occasionally when using the bar to search other sites (not wiki yet though) it will redirect to an entirely different site instead of the results. I have not included a malewarebytes log as I updated it and ran it with no results. I am however including the other requested logs and also a hijackthis log. Any help would be more than appreciated.

GMER -

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-08 02:38:40
Windows 6.1.7600
Running: hzhvw9pp.exe; Driver: C:\Users\Atom\AppData\Local\Temp\pxldqpob.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82805634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82805898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8286F8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8288F3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spmr.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E008000, 0x227A14, 0xE8000020]
.text USBPORT.SYS!DllUnload 8E5B6CA0 5 Bytes JMP 858D81D8
.text peauth.sys 96981C9D 28 Bytes JMP 5C6427C1
.text peauth.sys 96981CC1 28 Bytes JMP 5C6427C1

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[696] kernel32.dll!SetUnhandledExceptionFilter 75283162 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtProtectVirtualMemory 76E25380 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 76E25F00 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!KiUserExceptionDispatcher 76E26448 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[972] ole32.dll!CoCreateInstance 75D957FC 5 Bytes JMP 0047000A
.text C:\Windows\system32\svchost.exe[972] USER32.dll!GetCursorPos 75C7C198 5 Bytes JMP 00A6000A
.text C:\Windows\explorer.exe[6572] ntdll.dll!NtProtectVirtualMemory 76E25380 5 Bytes JMP 0028000A
.text C:\Windows\explorer.exe[6572] ntdll.dll!NtWriteVirtualMemory 76E25F00 5 Bytes JMP 0029000A
.text C:\Windows\explorer.exe[6572] ntdll.dll!KiUserExceptionDispatcher 76E26448 5 Bytes JMP 0027000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [83643ECE] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [83643F22] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8361690E] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [83616F9C] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [836163E6] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [83617178] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [836161D4] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\ataport.SYS[ntoskrnl.exe!KeInsertQueueDpc] 846667E0

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8466E1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\udfs \UdfsCdRom 84F2F1F8
Device \FileSystem\udfs \UdfsDisk 84F2F1F8
Device \Driver\volmgr \Device\VolMgrControl 846681F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B8613016-B79C-4973-9CA1-C3383E66786B} 858001F8
Device \Driver\usbuhci \Device\USBPDO-0 858D91F8
Device \Driver\usbuhci \Device\USBPDO-1 858D91F8
Device \Driver\usbuhci \Device\USBPDO-2 858D91F8
Device \Driver\usbuhci \Device\USBPDO-3 858D91F8
Device \Driver\usbehci \Device\USBPDO-4 85920470
Device \Driver\PCI_PNP7290 \Device\00000056 spmr.sys
Device \Driver\volmgr \Device\HarddiskVolume1 846681F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{9A398067-F41F-4C95-91BB-8F29F51DFC42} 858001F8
Device \Driver\cdrom \Device\CdRom0 8568B1F8
Device \Driver\cdrom \Device\CdRom1 8568B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort0 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort1 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort2 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort3 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort4 8466B1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 8466C1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 8466C1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 8466C1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel3 8466C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 858001F8
Device \Driver\sptd \Device\1990621293 spmr.sys
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 858D91F8
Device \Driver\usbuhci \Device\USBFDO-1 858D91F8
Device \Driver\usbuhci \Device\USBFDO-2 858D91F8
Device \Driver\usbuhci \Device\USBFDO-3 858D91F8
Device \Driver\usbehci \Device\USBFDO-4 85920470
Device \Driver\axtakl49 \Device\Scsi\axtakl491 859F11F8
Device \Driver\axtakl49 \Device\Scsi\axtakl491Port5Path0Target0Lun0 859F11F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 85376EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xBE 0x1F 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xB0 0xF8 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x81 0x7F 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0x6B 0xDB 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xBE 0x1F 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xB0 0xF8 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x81 0x7F 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0x6B 0xDB 0x68 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

AtomBomb · Sep 8, 2010

DDS -

DDS (Ver_10-03-17.01) - NTFSx86
Run by Atom at 2:39:48.11 on Wed 09/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1022.406 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\AUDIODG.EXE
C:\Users\Atom\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\atom\appdata\roaming\mozilla\firefox\profiles\zw8qp9w5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\atom\appdata\roaming\mozilla\firefox\profiles\zw8qp9w5.default\extensions\coc@ble.pl\components\dwmxpcom.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 95896]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-9-15 807936]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

=============== Created Last 30 ================

2010-09-08 02:34:07 0 d-----w- c:\program files\Trend Micro
2010-09-07 16:58:05 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-07 04:47:33 0 d-----w- c:\users\atom\appdata\roaming\SUPERAntiSpyware.com
2010-09-07 04:47:33 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-07 04:47:25 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-07 04:47:05 0 d-----w- c:\users\atom\appdata\roaming\Malwarebytes
2010-09-07 04:46:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 04:46:53 0 d-----w- c:\programdata\Malwarebytes
2010-09-07 04:46:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 04:46:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 22:34:08 125275913 ----a-w- c:\windows\MEMORY.DMP
2010-09-06 01:25:54 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-09-05 18:18:15 0 d-----w- c:\programdata\Adobe
2010-09-05 16:05:27 0 d-----w- c:\programdata\Apple Computer
2010-09-05 16:03:43 0 d-----w- c:\programdata\Apple
2010-09-05 03:31:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-09-04 23:54:30 0 d-----w- c:\programdata\TEMP
2010-09-04 23:53:19 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-09-04 23:53:19 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-09-04 23:53:19 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-09-04 23:53:19 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-09-04 23:53:19 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-09-04 23:53:17 0 d-----w- c:\users\atom\appdata\roaming\Simply Super Software
2010-09-04 23:53:17 0 d-----w- c:\programdata\Simply Super Software
2010-09-04 23:53:17 0 d-----w- c:\program files\Trojan Remover
2010-09-02 14:08:58 0 d-----w- c:\windows\system32\appmgmt
2010-09-01 23:59:45 295922 ----a-w- c:\windows\system32\perfi007.dat
2010-09-01 23:59:43 651768 ----a-w- c:\windows\system32\perfh007.dat
2010-09-01 23:59:43 38104 ----a-w- c:\windows\system32\perfd007.dat
2010-09-01 23:59:43 129468 ----a-w- c:\windows\system32\perfc007.dat
2010-09-01 23:57:33 0 d-----w- c:\windows\de-DE
2010-09-01 23:57:13 0 d-----w- c:\windows\system32\XPSViewer
2010-09-01 23:57:13 0 d-----w- c:\windows\system32\0407
2010-09-01 23:57:12 0 d-----w- c:\windows\system32\drivers\de-DE
2010-09-01 23:57:08 0 d-----w- c:\windows\system32\de
2010-09-01 23:57:01 0 d-----w- c:\windows\system32\wbem\de-DE
2010-09-01 18:24:07 0 d-----w- c:\program files\Aspyr
2010-09-01 18:23:52 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-09-01 18:23:50 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-08-30 23:36:42 0 d-----w- c:\programdata\Electronic Arts
2010-08-30 23:35:32 0 d-----w- c:\program files\Microsoft WSE
2010-08-30 23:34:57 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-08-30 23:11:55 0 d-----w- c:\programdata\DAEMON Tools Pro
2010-08-30 23:11:55 0 d-----w- c:\program files\DAEMON Tools Pro
2010-08-30 23:08:56 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-30 23:08:26 0 d-----w- c:\users\atom\appdata\roaming\DAEMON Tools Pro
2010-08-30 19:05:39 12625408 ----a-w- c:\windows\system32\wmploc.backup
2010-08-30 18:55:45 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-30 16:27:06 0 d-----w- c:\users\atom\appdata\roaming\Rainmeter
2010-08-30 16:26:08 0 d-----w- c:\program files\Rainmeter
2010-08-29 07:10:42 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-29 07:08:43 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-29 07:08:43 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-29 07:08:43 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-29 07:08:43 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-29 07:08:43 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-29 05:53:04 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-08-29 05:53:04 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-29 05:52:58 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-29 05:52:41 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-29 05:52:40 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-29 05:50:55 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-29 05:49:58 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-08-29 05:44:47 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-29 05:44:35 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-29 04:40:07 0 d-----w- c:\programdata\MillieSoft
2010-08-29 04:11:13 0 d-----w- c:\programdata\Sun
2010-08-29 04:10:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 02:45:19 0 d-----w- c:\users\atom\Phantasy Star
2010-08-29 02:42:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2010-08-29 02:41:58 0 d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-08-29 02:24:46 0 d-----w- C:\dell
2010-08-29 00:45:54 0 d-----w- c:\programdata\ESET
2010-08-29 00:45:54 0 d-----w- c:\program files\ESET
2010-08-29 00:40:58 0 d-sh--w- c:\windows\Installer
2010-08-28 23:44:13 0 d-----w- c:\program files\uTorrent
2010-08-28 23:43:55 0 d-----w- c:\users\atom\appdata\roaming\uTorrent
2010-08-18 05:58:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-18 05:58:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-09-01 23:56:26 38104 ----a-w- c:\windows\inf\perflib\0407\perfd.dat
2010-09-01 23:56:26 38104 ----a-w- c:\windows\inf\perflib\0407\perfc.dat
2010-09-01 23:56:26 295922 ----a-w- c:\windows\inf\perflib\0407\perfi.dat
2010-09-01 23:56:26 295922 ----a-w- c:\windows\inf\perflib\0407\perfh.dat
2010-08-30 18:16:37 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-30 18:16:37 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-30 18:16:32 811520 ----a-w- c:\windows\system32\user32.dll
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 2:40:56.08 ===============

AtomBomb · Sep 8, 2010

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:44:51 AM, on 9/8/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 3144 bytes

Bobbye · Sep 8, 2010

Welcome to TechSpot! I will try to help you well enough that you don't blow up! I am checking the logs now. ( sorry- my humor doesn't work very well until I have my second cup of coffee,

When you say you ran Mbam with no results, do you mean that no malware was found or that you did not get the log?

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Bobbye · Sep 8, 2010

You have some processes running that I would like you to stop while we are cleaning. It is possible they can affect the scans: IT appears that you may have a rootkit so we need to have the scans able to access all entries:

Daemon Tools (and any other similar tools if running)> DeFogger CD Emulation

To disable CD Emulation programs using DeFogger please perform these steps:

. Please download DeFogger to your desktop.
Link: http://download.bleepingcomputer.com/jpshortstuff/Defogger.exe

. Once downloaded, double-click on the DeFogger icon to start the tool.

. The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers

. When it prompts you whether or not you want to continue, please click on the Yes button to continue

. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.

DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
To restart when we have finished cleaning:
To enable CD Emulation programs using DeFogger please perform these steps:

. Please download DeFogger to your desktop.

. Once downloaded, double-click on the DeFogger icon to start the tool.

. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers

. When it prompts you whether or not you want to continue, please click on the Yes button to continue

. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.

DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
=======================================
Please temporarily disable and/or take off of Startup:
The Cleaner 5
Trojan Remover
And either uninstall or don't use uTorrent while we are cleaning.
======================================
When you have handled the above:

Please download ComboFix from Here and save to your Desktop.

[1]. Do NOT rename Combofix unless instructed.
[2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3].Close any open browsers.
[4]. Double click combofix.exe & follow the prompts to run.

NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
[5]. If Combofix asks you to install Recovery Console, please allow it.
[6]. If Combofix asks you to update the program, always allow.

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

AtomBomb · Sep 8, 2010

ComboFix Report

ComboFix 10-09-07.03 - Atom 09/08/2010 12:24:18.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1022.509 [GMT -4:00]
Running from: c:\users\Atom\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-08 16:31 . 2010-09-08 16:31 -------- d-----w- c:\users\Atom\AppData\Local\temp
2010-09-08 02:34 . 2010-09-08 02:34 388096 ----a-r- c:\users\Atom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 02:34 . 2010-09-08 02:34 -------- d-----w- c:\program files\Trend Micro
2010-09-07 17:05 . 2010-09-07 17:05 -------- d-----w- c:\users\Atom\AppData\Local\ElevatedDiagnostics
2010-09-07 16:58 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-07 04:47 . 2010-09-07 04:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-07 04:47 . 2010-09-07 04:47 -------- d-----w- c:\users\Atom\AppData\Roaming\Malwarebytes
2010-09-07 04:46 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 04:46 . 2010-09-07 04:46 -------- d-----w- c:\programdata\Malwarebytes
2010-09-07 04:46 . 2010-09-07 04:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 04:46 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 01:25 . 2008-03-18 22:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-09-05 18:20 . 2010-09-05 18:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-05 18:18 . 2010-09-05 18:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-05 18:17 . 2010-09-05 18:40 -------- d-----w- c:\users\Atom\AppData\Local\Adobe
2010-09-05 16:05 . 2010-09-05 16:06 -------- d-----w- c:\program files\QuickTime
2010-09-05 16:05 . 2010-09-05 16:05 -------- d-----w- c:\programdata\Apple Computer
2010-09-05 16:04 . 2010-09-05 16:04 -------- d-----w- c:\program files\Common Files\Apple
2010-09-05 16:03 . 2010-09-05 16:03 -------- d-----w- c:\users\Atom\AppData\Local\Apple
2010-09-05 16:03 . 2010-09-05 16:03 -------- d-----w- c:\program files\Apple Software Update
2010-09-05 16:03 . 2010-09-05 16:03 -------- d-----w- c:\programdata\Apple
2010-09-05 09:44 . 2010-09-05 09:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-09-05 09:44 . 2010-09-05 09:44 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-09-05 09:43 . 2010-09-05 09:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-09-04 23:53 . 2010-09-08 16:14 -------- d-----w- c:\program files\Trojan Remover
2010-09-01 23:59 . 2010-09-01 23:56 295922 ----a-w- c:\windows\system32\perfi007.dat
2010-09-01 23:59 . 2010-09-08 16:30 651768 ----a-w- c:\windows\system32\perfh007.dat
2010-09-01 23:59 . 2010-09-08 16:30 129468 ----a-w- c:\windows\system32\perfc007.dat
2010-09-01 23:59 . 2010-09-01 23:56 38104 ----a-w- c:\windows\system32\perfd007.dat
2010-09-01 23:57 . 2010-09-01 23:57 -------- d-----w- c:\windows\de-DE
2010-09-01 23:57 . 2010-09-01 23:57 -------- d-----w- c:\windows\system32\XPSViewer
2010-09-01 23:57 . 2010-09-01 23:57 -------- d-----w- c:\windows\system32\0407
2010-09-01 23:57 . 2010-09-01 23:57 -------- d-----w- c:\windows\system32\drivers\de-DE
2010-09-01 23:57 . 2010-09-01 23:57 -------- d-----w- c:\windows\system32\de
2010-09-01 23:57 . 2010-09-01 23:57 -------- d-----w- c:\windows\system32\wbem\de-DE
2010-09-01 23:56 . 2010-09-01 23:56 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\de-DE
2010-09-01 18:37 . 2010-09-01 18:37 -------- d-----w- c:\users\Atom\AppData\Local\Aspyr
2010-09-01 18:24 . 2010-09-01 18:24 -------- d-----w- c:\program files\Aspyr
2010-09-01 18:23 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-09-01 18:23 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-08-30 23:54 . 2010-09-02 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 23:36 . 2010-08-30 23:36 -------- d-----w- c:\programdata\Electronic Arts
2010-08-30 23:35 . 2010-08-30 23:35 10134 ----a-r- c:\users\Atom\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-08-30 23:35 . 2010-08-30 23:35 -------- d-----w- c:\program files\Microsoft WSE
2010-08-30 23:34 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-08-30 23:25 . 2010-09-02 17:32 -------- d-----w- c:\program files\Electronic Arts
2010-08-30 23:11 . 2010-08-30 23:17 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-08-30 23:11 . 2010-08-30 23:11 -------- d-----w- c:\programdata\DAEMON Tools Pro
2010-08-30 23:08 . 2010-08-30 23:16 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-30 23:08 . 2010-08-30 23:23 -------- d-----w- c:\users\Atom\AppData\Roaming\DAEMON Tools Pro
2010-08-30 23:08 . 2010-08-30 23:08 -------- d-----w- c:\users\Atom\AppData\Local\ESET
2010-08-30 18:57 . 2010-08-30 18:57 -------- d-----w- c:\program files\Microsoft.NET
2010-08-30 18:55 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-30 16:27 . 2010-08-30 16:33 -------- d-----w- c:\users\Atom\AppData\Roaming\Rainmeter
2010-08-30 16:26 . 2010-08-30 16:27 -------- d-----w- c:\program files\Rainmeter
2010-08-29 08:27 . 2010-08-29 08:27 -------- d-----w- c:\windows\Sun
2010-08-29 07:35 . 2010-08-29 07:35 57560 ----a-w- c:\users\Atom\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 07:10 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-29 07:08 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-29 07:08 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-29 07:08 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-29 07:08 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-29 07:08 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-29 05:53 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-08-29 05:53 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-29 05:52 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-29 05:52 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-29 05:52 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-29 05:50 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-29 05:49 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-08-29 05:44 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-29 05:44 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-29 04:40 . 2010-08-29 04:40 -------- d-----w- c:\programdata\MillieSoft
2010-08-29 04:11 . 2010-08-29 04:11 -------- d-----w- c:\program files\Common Files\Java
2010-08-29 04:10 . 2010-08-29 04:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 04:10 . 2010-08-29 04:10 -------- d-----w- c:\program files\Java
2010-08-29 02:45 . 2010-08-29 02:45 -------- d-----w- c:\users\Atom\Phantasy Star
2010-08-29 02:41 . 2010-08-29 02:41 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-08-29 02:24 . 2010-08-29 02:24 -------- d-----w- C:\dell
2010-08-29 02:20 . 2010-08-30 23:35 -------- d-----w- c:\users\Atom\AppData\Local\Microsoft Games
2010-08-29 01:05 . 2009-02-17 03:12 53248 ----a-w- c:\users\Atom\AppData\Roaming\Mozilla\Firefox\Profiles\zw8qp9w5.default\extensions\coc@ble.pl\components\dwmxpcom.dll
2010-08-29 00:45 . 2010-08-29 00:45 -------- d-----w- c:\program files\ESET
2010-08-29 00:40 . 2010-09-08 02:34 -------- d-sh--w- c:\windows\Installer
2010-08-29 00:03 . 2010-08-29 00:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-08-29 00:03 . 2010-08-29 00:03 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-28 23:44 . 2010-08-29 07:16 -------- d-----w- c:\program files\uTorrent
2010-08-28 23:43 . 2010-09-08 16:15 -------- d-----w- c:\users\Atom\AppData\Roaming\uTorrent
2010-08-18 05:58 . 2010-08-18 05:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-18 05:58 . 2010-08-18 05:58 348160 ----a-w- c:\windows\system32\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 03:31 . 2010-09-05 03:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-09-01 23:57 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-09-01 23:57 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-09-01 23:57 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-09-01 23:57 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-09-01 23:57 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-09-01 23:57 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-09-01 23:56 . 2010-09-01 23:57 38104 ----a-w- c:\windows\inf\PERFLIB\0407\perfd.dat
2010-09-01 23:56 . 2010-09-01 23:57 38104 ----a-w- c:\windows\inf\PERFLIB\0407\perfc.dat
2010-09-01 23:56 . 2010-09-01 23:57 295922 ----a-w- c:\windows\inf\PERFLIB\0407\perfi.dat
2010-09-01 23:56 . 2010-09-01 23:57 295922 ----a-w- c:\windows\inf\PERFLIB\0407\perfh.dat
2010-08-30 18:16 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-30 18:16 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-30 18:16 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-08-29 02:42 . 2010-08-29 02:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2010-08-29 00:04 . 2010-08-29 00:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-08-29 00:04 . 2010-08-29 00:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-07-29 06:30 . 2010-08-29 05:51 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-29 05:51 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25 . 2010-08-29 05:50 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-29 05:50 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-29 05:50 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-29 05:50 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-29 05:50 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-29 05:51 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-29 05:49 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-29 05:49 224256 ----a-w- c:\windows\system32\schannel.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-08-30 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-30 697328]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-09-15 807936]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]

.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Atom\AppData\Roaming\Mozilla\Firefox\Profiles\zw8qp9w5.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\Atom\AppData\Roaming\Mozilla\Firefox\Profiles\zw8qp9w5.default\extensions\coc@ble.pl\components\dwmxpcom.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-08 12:34:44
ComboFix-quarantined-files.txt 2010-09-08 16:34

Pre-Run: 35,322,216,448 bytes free
Post-Run: 35,228,372,992 bytes free

- - End Of File - - 8A85AACC0C07ECF3DD11A9C23E5D66B4

Bobbye · Sep 8, 2010

Please uninstall, disable or stop using the following while I am helping you:
2010-08-28 23:43 .- c:\users\Atom\AppData\Roaming\uTorrent

Can you help me out with this please: on 9/1/2010, you have several entries ending in de-DE: Examples:
c:\windows\de-DE
c:\windows\system32\de
and others
I find Dede games and know the Country Code for Germany is DE. Can you tell me what these are for?

I will have some script set up for you to run through Combofix when I get that information.

AtomBomb · Sep 8, 2010

umm well I really dont want to say this but I did torrent sims 3 which means it might be the german release but in english. otherwise I don't know what is.

AtomBomb · Sep 9, 2010

also I have disabled uTorrent and thought that I had, if there are more issues involving it I will be more than happy to uninstall it. I will say that I have checked after running combofix and the problem has stopped but I would like to make sure that it is permanent and not just essentially hiding.

Bobbye · Sep 9, 2010

Please run this Custom CFScript

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
c:\windows\system32\perfi007.dat
c:\windows\system32\perfh007.dat
c:\windows\system32\perfc007.dat
c:\windows\system32\perfd007.dat
c:\windows\MEMORY.DMP
c:\windows\System32\user32.dll

RegLock:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Folder::
c:\windows\de-DE
c:\ndows\system32\0407
c:\windows\system32\drivers\de-DE
c:\windows\system32\de
c:\windows\system32\wbem\de-DE
c:\windows\system32\Spool\prtprocs\w32x86\de-DE

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\Windows\System32\drivers\atapi.sys
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into your next reply.
===========================================
Run Eset NOD32 Online AntiVirus scan HERE

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the Active X control to install

Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.

Click Start

Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked

Click Scan

Wait for the scan to finish

Re-enable your Antivirus software.

A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

=================================
Why I recommend that you uninstall uTorrent
P2P or 'file sharing Warning:
Even if you are using a "safe" P2P program, it is only the program that is safe.

As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.

Malware writers use these program to include malicious content.

Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.

The 'sharing' also includes malware that the shared system has on it.

Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

AtomBomb · Sep 9, 2010

ComboFix 10-09-08.03 - Atom 09/09/2010 12:26:03.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1022.352 [GMT -4:00]
Running from: c:\users\Atom\Desktop\ComboFix.exe
Command switches used :: c:\users\Atom\Desktop\cfscript.txt

FILE ::
"c:\windows\MEMORY.DMP"
"c:\windows\system32\perfc007.dat"
"c:\windows\system32\perfd007.dat"
"c:\windows\system32\perfh007.dat"
"c:\windows\system32\perfi007.dat"
"c:\windows\System32\user32.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\de-DE
c:\windows\de-DE\bfsvc.exe.mui
c:\windows\de-DE\bootfix.bin
c:\windows\de-DE\explorer.exe.mui
c:\windows\de-DE\fveupdate.exe.mui
c:\windows\de-DE\helppane.exe.mui
c:\windows\de-DE\hh.exe.mui
c:\windows\de-DE\notepad.exe.mui
c:\windows\de-DE\regedit.exe.mui
c:\windows\de-DE\twain_32.dll.mui
c:\windows\de-DE\winhlp32.exe.mui
c:\windows\MEMORY.DMP
c:\windows\system32\de
c:\windows\system32\de\AuthFWSnapIn.Resources.dll
c:\windows\system32\de\AuthFWWizFwk.Resources.dll
c:\windows\system32\de\Narrator.resources.dll
c:\windows\system32\drivers\de-DE
c:\windows\system32\drivers\de-DE\1394ohci.sys.mui
c:\windows\system32\drivers\de-DE\acpi.sys.mui
c:\windows\system32\drivers\de-DE\afd.sys.mui
c:\windows\system32\drivers\de-DE\AGP440.sys.mui
c:\windows\system32\drivers\de-DE\AMDAGP.SYS.mui
c:\windows\system32\drivers\de-DE\amdide.sys.mui
c:\windows\system32\drivers\de-DE\amdk8.sys.mui
c:\windows\system32\drivers\de-DE\amdppm.sys.mui
c:\windows\system32\drivers\de-DE\ataport.sys.mui
c:\windows\system32\drivers\de-DE\atikmdag.sys.mui
c:\windows\system32\drivers\de-DE\b57nd60x.sys.mui
c:\windows\system32\drivers\de-DE\battc.sys.mui
c:\windows\system32\drivers\de-DE\bcm4sbxp.sys.mui
c:\windows\system32\drivers\de-DE\bfe.dll.mui
c:\windows\system32\drivers\de-DE\BrParwdm.sys.mui
c:\windows\system32\drivers\de-DE\BrSerIb.sys.mui
c:\windows\system32\drivers\de-DE\BrSerId.sys.mui
c:\windows\system32\drivers\de-DE\bthenum.sys.mui
c:\windows\system32\drivers\de-DE\bthpan.sys.mui
c:\windows\system32\drivers\de-DE\bthport.sys.mui
c:\windows\system32\drivers\de-DE\BTHUSB.SYS.mui
c:\windows\system32\drivers\de-DE\cdrom.sys.mui
c:\windows\system32\drivers\de-DE\disk.sys.mui
c:\windows\system32\drivers\de-DE\Dot4usb.sys.mui
c:\windows\system32\drivers\de-DE\e100b325.sys.mui
c:\windows\system32\drivers\de-DE\e1e6032.sys.mui
c:\windows\system32\drivers\de-DE\E1G60I32.sys.mui
c:\windows\system32\drivers\de-DE\e1k6032.sys.mui
c:\windows\system32\drivers\de-DE\e1q6032.sys.mui
c:\windows\system32\drivers\de-DE\e1y6032.sys.mui
c:\windows\system32\drivers\de-DE\fltmgr.sys.mui
c:\windows\system32\drivers\de-DE\fvevol.sys.mui
c:\windows\system32\drivers\de-DE\GAGP30KX.SYS.mui
c:\windows\system32\drivers\de-DE\getn62.sys.mui
c:\windows\system32\drivers\de-DE\hdaudbus.sys.mui
c:\windows\system32\drivers\de-DE\HdAudio.sys.mui
c:\windows\system32\drivers\de-DE\hidbth.sys.mui
c:\windows\system32\drivers\de-DE\http.sys.mui
c:\windows\system32\drivers\de-DE\i8042prt.sys.mui
c:\windows\system32\drivers\de-DE\intelppm.sys.mui
c:\windows\system32\drivers\de-DE\IPMIDrv.sys.mui
c:\windows\system32\drivers\de-DE\ipnat.sys.mui
c:\windows\system32\drivers\de-DE\isapnp.sys.mui
c:\windows\system32\drivers\de-DE\k57nd60x.sys.mui
c:\windows\system32\drivers\de-DE\kbdclass.sys.mui
c:\windows\system32\drivers\de-DE\kbdhid.sys.mui
c:\windows\system32\drivers\de-DE\ltmdmnt.sys.mui
c:\windows\system32\drivers\de-DE\luafv.sys.mui
c:\windows\system32\drivers\de-DE\modem.sys.mui
c:\windows\system32\drivers\de-DE\mouclass.sys.mui
c:\windows\system32\drivers\de-DE\mouhid.sys.mui
c:\windows\system32\drivers\de-DE\mountmgr.sys.mui
c:\windows\system32\drivers\de-DE\mpio.sys.mui
c:\windows\system32\drivers\de-DE\msdsm.sys.mui
c:\windows\system32\drivers\de-DE\mssmbios.sys.mui
c:\windows\system32\drivers\de-DE\MTConfig.sys.mui
c:\windows\system32\drivers\de-DE\ndis.sys.mui
c:\windows\system32\drivers\de-DE\ndiscap.sys.mui
c:\windows\system32\drivers\de-DE\ndisuio.sys.mui
c:\windows\system32\drivers\de-DE\ntfs.sys.mui
c:\windows\system32\drivers\de-DE\NV_AGP.SYS.mui
c:\windows\system32\drivers\de-DE\nwifi.sys.mui
c:\windows\system32\drivers\de-DE\ohci1394.sys.mui
c:\windows\system32\drivers\de-DE\pacer.sys.mui
c:\windows\system32\drivers\de-DE\parport.sys.mui
c:\windows\system32\drivers\de-DE\partmgr.sys.mui
c:\windows\system32\drivers\de-DE\parvdm.sys.mui
c:\windows\system32\drivers\de-DE\pci.sys.mui
c:\windows\system32\drivers\de-DE\pcmcia.sys.mui
c:\windows\system32\drivers\de-DE\pnpmem.sys.mui
c:\windows\system32\drivers\de-DE\portcls.sys.mui
c:\windows\system32\drivers\de-DE\processr.sys.mui
c:\windows\system32\drivers\de-DE\pscr.sys.mui
c:\windows\system32\drivers\de-DE\qwavedrv.sys.mui
c:\windows\system32\drivers\de-DE\rdbss.sys.mui
c:\windows\system32\drivers\de-DE\RNDISMP.sys.mui
c:\windows\system32\drivers\de-DE\rndismp6.sys.mui
c:\windows\system32\drivers\de-DE\rndismpx.sys.mui
c:\windows\system32\drivers\de-DE\scfilter.sys.mui
c:\windows\system32\drivers\de-DE\scsiport.sys.mui
c:\windows\system32\drivers\de-DE\serial.sys.mui
c:\windows\system32\drivers\de-DE\sermouse.sys.mui
c:\windows\system32\drivers\de-DE\serscan.sys.mui
c:\windows\system32\drivers\de-DE\SISAGP.SYS.mui
c:\windows\system32\drivers\de-DE\srv.sys.mui
c:\windows\system32\drivers\de-DE\tcpip.sys.mui
c:\windows\system32\drivers\de-DE\tpm.sys.mui
c:\windows\system32\drivers\de-DE\tunnel.sys.mui
c:\windows\system32\drivers\de-DE\UAGP35.SYS.mui
c:\windows\system32\drivers\de-DE\ULIAGPKX.SYS.mui
c:\windows\system32\drivers\de-DE\umbus.sys.mui
c:\windows\system32\drivers\de-DE\usbhub.sys.mui
c:\windows\system32\drivers\de-DE\usbport.sys.mui
c:\windows\system32\drivers\de-DE\usbrpm.sys.mui
c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
c:\windows\system32\drivers\de-DE\vhdmp.sys.mui
c:\windows\system32\drivers\de-DE\VIAAGP.SYS.mui
c:\windows\system32\drivers\de-DE\viac7.sys.mui
c:\windows\system32\drivers\de-DE\volmgrx.sys.mui
c:\windows\system32\drivers\de-DE\volsnap.sys.mui
c:\windows\system32\drivers\de-DE\vwifibus.sys.mui
c:\windows\system32\drivers\de-DE\wacompen.sys.mui
c:\windows\system32\drivers\de-DE\wd.sys.mui
c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
c:\windows\system32\drivers\de-DE\ws2ifsl.sys.mui
c:\windows\system32\drivers\de-DE\yk62x86.sys.mui
c:\windows\system32\perfc007.dat
c:\windows\system32\perfd007.dat
c:\windows\system32\perfh007.dat
c:\windows\system32\perfi007.dat
c:\windows\system32\Spool\prtprocs\w32x86\de-DE
c:\windows\system32\Spool\prtprocs\w32x86\de-DE\LXKPTPRC.DLL.mui
c:\windows\system32\wbem\de-DE
c:\windows\system32\wbem\de-DE\aaclient.mfl
c:\windows\system32\wbem\de-DE\auxiliarydisplaycpl.mfl
c:\windows\system32\wbem\de-DE\cimdmtf.mfl
c:\windows\system32\wbem\de-DE\cimwin32.dll.mui
c:\windows\system32\wbem\de-DE\cimwin32.mfl
c:\windows\system32\wbem\de-DE\cli.mfl
c:\windows\system32\wbem\de-DE\cliegaliases.mfl
c:\windows\system32\wbem\de-DE\csv.xsl
c:\windows\system32\wbem\de-DE\dsprov.mfl
c:\windows\system32\wbem\de-DE\filetrace.mfl
c:\windows\system32\wbem\de-DE\hbaapi.mfl
c:\windows\system32\wbem\de-DE\hform.xsl
c:\windows\system32\wbem\de-DE\htable.xsl
c:\windows\system32\wbem\de-DE\interop.mfl
c:\windows\system32\wbem\de-DE\irmon.mfl
c:\windows\system32\wbem\de-DE\iscsidsc.mfl
c:\windows\system32\wbem\de-DE\iscsiprf.mfl
c:\windows\system32\wbem\de-DE\KrnlProv.dll.mui
c:\windows\system32\wbem\de-DE\krnlprov.mfl
c:\windows\system32\wbem\de-DE\l2gpstore.mfl
c:\windows\system32\wbem\de-DE\Microsoft-Windows-OfflineFiles.mfl
c:\windows\system32\wbem\de-DE\MMFUtil.dll.mui
c:\windows\system32\wbem\de-DE\mof.xsl
c:\windows\system32\wbem\de-DE\mofcomp.exe.mui
c:\windows\system32\wbem\de-DE\mofd.dll.mui
c:\windows\system32\wbem\de-DE\msfeeds.mfl
c:\windows\system32\wbem\de-DE\msfeedsbs.mfl
c:\windows\system32\wbem\de-DE\msi.mfl
c:\windows\system32\wbem\de-DE\mstsc.mfl
c:\windows\system32\wbem\de-DE\mstscax.mfl
c:\windows\system32\wbem\de-DE\NCProv.dll.mui
c:\windows\system32\wbem\de-DE\ncprov.mfl
c:\windows\system32\wbem\de-DE\ntevt.dll.mui
c:\windows\system32\wbem\de-DE\ntevt.mfl
c:\windows\system32\wbem\de-DE\OfflineFilesWmiProvider.mfl
c:\windows\system32\wbem\de-DE\OfflineFilesWmiProvider_Uninstall.mfl
c:\windows\system32\wbem\de-DE\p2p-collab.mfl
c:\windows\system32\wbem\de-DE\p2p-mesh.mfl
c:\windows\system32\wbem\de-DE\p2p-pnrp.mfl
c:\windows\system32\wbem\de-DE\PolicMan.mfl
c:\windows\system32\wbem\de-DE\polproc.mfl
c:\windows\system32\wbem\de-DE\polprocl.mfl
c:\windows\system32\wbem\de-DE\polprou.mfl
c:\windows\system32\wbem\de-DE\powermeterprovider.mfl
c:\windows\system32\wbem\de-DE\powerpolicyprovider.mfl
c:\windows\system32\wbem\de-DE\profileassociationprovider.mfl
c:\windows\system32\wbem\de-DE\RacWmiProv.mfl
c:\windows\system32\wbem\de-DE\rdpcore.mfl
c:\windows\system32\wbem\de-DE\rdpencom.mfl
c:\windows\system32\wbem\de-DE\rdpinit.mfl
c:\windows\system32\wbem\de-DE\rdpshell.mfl
c:\windows\system32\wbem\de-DE\regevent.mfl
c:\windows\system32\wbem\de-DE\rsop.mfl
c:\windows\system32\wbem\de-DE\scrcons.exe.mui
c:\windows\system32\wbem\de-DE\ScrCons.mfl
c:\windows\system32\wbem\de-DE\secrcw32.mfl
c:\windows\system32\wbem\de-DE\sensorscpl.mfl
c:\windows\system32\wbem\de-DE\ServDeps.dll.mui
c:\windows\system32\wbem\de-DE\ServiceModel.mfl
c:\windows\system32\wbem\de-DE\ServiceModel35.mfl
c:\windows\system32\wbem\de-DE\smtpcons.mfl
c:\windows\system32\wbem\de-DE\sppwmi.mfl
c:\windows\system32\wbem\de-DE\sr.mfl
c:\windows\system32\wbem\de-DE\subscrpt.mfl
c:\windows\system32\wbem\de-DE\system.mfl
c:\windows\system32\wbem\de-DE\tsallow.mfl
c:\windows\system32\wbem\de-DE\tscfgwmi.mfl
c:\windows\system32\wbem\de-DE\UserProfileWmiProvider.mfl
c:\windows\system32\wbem\de-DE\vds.mfl
c:\windows\system32\wbem\de-DE\vdswmi.dll.mui
c:\windows\system32\wbem\de-DE\vss.mfl
c:\windows\system32\wbem\de-DE\vsswmi.dll.mui
c:\windows\system32\wbem\de-DE\wbemcntl.dll.mui
c:\windows\system32\wbem\de-DE\WbemCons.mfl
c:\windows\system32\wbem\de-DE\wbemcore.dll.mui
c:\windows\system32\wbem\de-DE\wbemtest.exe.mui
c:\windows\system32\wbem\de-DE\wcncsvc.mfl
c:\windows\system32\wbem\de-DE\wfs.mfl
c:\windows\system32\wbem\de-DE\WgxInstalledGame.mfl
c:\windows\system32\wbem\de-DE\whqlprov.mfl
c:\windows\system32\wbem\de-DE\win32_printer.mfl
c:\windows\system32\wbem\de-DE\win32_tpm.dll.mui
c:\windows\system32\wbem\de-DE\wininit.mfl
c:\windows\system32\wbem\de-DE\winlogon.mfl
c:\windows\system32\wbem\de-DE\WinMgmt.exe.mui
c:\windows\system32\wbem\de-DE\WinMgmtR.dll.mui
c:\windows\system32\wbem\de-DE\wmi.mfl
c:\windows\system32\wbem\de-DE\WmiApRes.dll.mui
c:\windows\system32\wbem\de-DE\WmiApRpl.dll.mui
c:\windows\system32\wbem\de-DE\WmiApSrv.exe.mui
c:\windows\system32\wbem\de-DE\WMIC.exe.mui
c:\windows\system32\wbem\de-DE\wmipcima.mfl
c:\windows\system32\wbem\de-DE\wmipdfs.mfl
c:\windows\system32\wbem\de-DE\wmipdskq.mfl
c:\windows\system32\wbem\de-DE\WmiPerfClass.dll.mui
c:\windows\system32\wbem\de-DE\WmiPerfInst.dll.mui
c:\windows\system32\wbem\de-DE\WMIPICMP.dll.mui
c:\windows\system32\wbem\de-DE\wmipicmp.mfl
c:\windows\system32\wbem\de-DE\wmipiprt.mfl
c:\windows\system32\wbem\de-DE\wmipjobj.mfl
c:\windows\system32\wbem\de-DE\wmipsess.mfl
c:\windows\system32\wbem\de-DE\WMIsvc.dll.mui
c:\windows\system32\wbem\de-DE\wmitimep.mfl
c:\windows\system32\wbem\de-DE\wmiutils.dll.mui
c:\windows\system32\wbem\de-DE\wmpnetwk.mfl
c:\windows\system32\wbem\de-DE\wscenter.mfl
c:\windows\system32\wbem\de-DE\WUDFx.mfl
c:\windows\system32\wbem\de-DE\xml.xsl
c:\windows\system32\wbem\de-DE\xwizards.mfl

.
((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.

2010-09-09 16:32 . 2010-09-09 16:32 -------- d-----w- c:\users\Atom\AppData\Local\temp
2010-09-09 16:32 . 2010-09-09 16:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-09 16:32 . 2010-09-09 16:32 -------- d-----w- c:\users\Mcx1-GIR2\AppData\Local\temp
2010-09-09 16:32 . 2010-09-09 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-08 02:34 . 2010-09-08 02:34 388096 ----a-r- c:\users\Atom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-08 02:34 . 2010-09-08 02:34 -------- d-----w- c:\program files\Trend Micro
2010-09-07 17:05 . 2010-09-07 17:05 -------- d-----w- c:\users\Atom\AppData\Local\ElevatedDiagnostics
2010-09-07 16:58 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-07 04:47 . 2010-09-07 04:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-07 04:47 . 2010-09-07 04:47 -------- d-----w- c:\users\Atom\AppData\Roaming\Malwarebytes
2010-09-07 04:46 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 04:46 . 2010-09-07 04:46 -------- d-----w- c:\programdata\Malwarebytes
2010-09-07 04:46 . 2010-09-07 04:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 04:46 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 01:25 . 2008-03-18 22:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-09-05 18:20 . 2010-09-05 18:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-05 18:18 . 2010-09-05 18:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-05 18:17 . 2010-09-05 18:40 -------- d-----w- c:\users\Atom\AppData\Local\Adobe
2010-09-05 16:05 . 2010-09-05 16:06 -------- d-----w- c:\program files\QuickTime
2010-09-05 16:05 . 2010-09-05 16:05 -------- d-----w- c:\programdata\Apple Computer
2010-09-05 16:04 . 2010-09-05 16:04 -------- d-----w- c:\program files\Common Files\Apple
2010-09-05 16:03 . 2010-09-05 16:03 -------- d-----w- c:\users\Atom\AppData\Local\Apple
2010-09-05 16:03 . 2010-09-05 16:03 -------- d-----w- c:\program files\Apple Software

AtomBomb · Sep 9, 2010

Update
2010-09-05 16:03 . 2010-09-05 16:03 -------- d-----w- c:\programdata\Apple
2010-09-05 09:44 . 2010-09-05 09:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-09-05 09:44 . 2010-09-05 09:44 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-09-05 09:43 . 2010-09-05 09:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-09-04 23:53 . 2010-09-08 16:14 -------- d-----w- c:\program files\Trojan Remover
2010-09-01 23:57 . 2010-09-01 23:57 -------- d-----w- c:\windows\system32\XPSViewer
2010-09-01 23:57 . 2010-09-01 23:57 -------- d-----w- c:\windows\system32\0407
2010-09-01 18:37 . 2010-09-01 18:37 -------- d-----w- c:\users\Atom\AppData\Local\Aspyr
2010-09-01 18:24 . 2010-09-01 18:24 -------- d-----w- c:\program files\Aspyr
2010-09-01 18:23 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-09-01 18:23 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-08-30 23:54 . 2010-09-02 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 23:36 . 2010-08-30 23:36 -------- d-----w- c:\programdata\Electronic Arts
2010-08-30 23:35 . 2010-08-30 23:35 10134 ----a-r- c:\users\Atom\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-08-30 23:35 . 2010-08-30 23:35 -------- d-----w- c:\program files\Microsoft WSE
2010-08-30 23:34 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-08-30 23:25 . 2010-09-02 17:32 -------- d-----w- c:\program files\Electronic Arts
2010-08-30 23:11 . 2010-08-30 23:17 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-08-30 23:11 . 2010-08-30 23:11 -------- d-----w- c:\programdata\DAEMON Tools Pro
2010-08-30 23:08 . 2010-08-30 23:16 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-30 23:08 . 2010-08-30 23:23 -------- d-----w- c:\users\Atom\AppData\Roaming\DAEMON Tools Pro
2010-08-30 23:08 . 2010-08-30 23:08 -------- d-----w- c:\users\Atom\AppData\Local\ESET
2010-08-30 18:57 . 2010-08-30 18:57 -------- d-----w- c:\program files\Microsoft.NET
2010-08-30 18:55 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-30 16:27 . 2010-08-30 16:33 -------- d-----w- c:\users\Atom\AppData\Roaming\Rainmeter
2010-08-30 16:26 . 2010-08-30 16:27 -------- d-----w- c:\program files\Rainmeter
2010-08-29 08:27 . 2010-08-29 08:27 -------- d-----w- c:\windows\Sun
2010-08-29 07:35 . 2010-08-29 07:35 57560 ----a-w- c:\users\Atom\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 07:10 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-29 07:08 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-29 07:08 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-29 07:08 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-29 07:08 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-29 07:08 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-29 05:53 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-08-29 05:53 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-29 05:52 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-29 05:52 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-29 05:52 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-29 05:50 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-29 05:49 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-08-29 05:44 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-29 05:44 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-29 04:40 . 2010-08-29 04:40 -------- d-----w- c:\programdata\MillieSoft
2010-08-29 04:11 . 2010-08-29 04:11 -------- d-----w- c:\program files\Common Files\Java
2010-08-29 04:10 . 2010-08-29 04:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 04:10 . 2010-08-29 04:10 -------- d-----w- c:\program files\Java
2010-08-29 02:45 . 2010-08-29 02:45 -------- d-----w- c:\users\Atom\Phantasy Star
2010-08-29 02:41 . 2010-08-29 02:41 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-08-29 02:24 . 2010-08-29 02:24 -------- d-----w- C:\dell
2010-08-29 02:20 . 2010-08-30 23:35 -------- d-----w- c:\users\Atom\AppData\Local\Microsoft Games
2010-08-29 01:05 . 2009-02-17 03:12 53248 ----a-w- c:\users\Atom\AppData\Roaming\Mozilla\Firefox\Profiles\zw8qp9w5.default\extensions\coc@ble.pl\components\dwmxpcom.dll
2010-08-29 00:45 . 2010-08-29 00:45 -------- d-----w- c:\program files\ESET
2010-08-29 00:40 . 2010-09-08 02:34 -------- d-sh--w- c:\windows\Installer
2010-08-29 00:03 . 2010-08-29 00:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-08-29 00:03 . 2010-08-29 00:03 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-28 23:44 . 2010-08-29 07:16 -------- d-----w- c:\program files\uTorrent
2010-08-28 23:43 . 2010-09-08 17:01 -------- d-----w- c:\users\Atom\AppData\Roaming\uTorrent
2010-08-18 05:58 . 2010-08-18 05:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-18 05:58 . 2010-08-18 05:58 348160 ----a-w- c:\windows\system32\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 03:31 . 2010-09-05 03:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-09-01 23:57 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-09-01 23:57 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-09-01 23:57 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-09-01 23:57 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-09-01 23:57 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-09-01 23:57 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-09-01 23:56 . 2010-09-01 23:57 38104 ----a-w- c:\windows\inf\PERFLIB\0407\perfd.dat
2010-09-01 23:56 . 2010-09-01 23:57 38104 ----a-w- c:\windows\inf\PERFLIB\0407\perfc.dat
2010-09-01 23:56 . 2010-09-01 23:57 295922 ----a-w- c:\windows\inf\PERFLIB\0407\perfi.dat
2010-09-01 23:56 . 2010-09-01 23:57 295922 ----a-w- c:\windows\inf\PERFLIB\0407\perfh.dat
2010-08-30 18:16 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-30 18:16 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-30 18:16 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-08-29 02:42 . 2010-08-29 02:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2010-08-29 00:04 . 2010-08-29 00:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-08-29 00:04 . 2010-08-29 00:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-07-29 06:30 . 2010-08-29 05:51 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-29 05:51 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25 . 2010-08-29 05:50 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-29 05:50 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-29 05:50 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-29 05:50 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-29 05:50 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-29 05:51 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-29 05:49 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-29 05:49 224256 ----a-w- c:\windows\system32\schannel.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-08-30 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-08_16.31.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-29 02:10 . 2010-09-09 16:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-29 02:10 . 2010-09-08 16:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-29 02:10 . 2010-09-09 16:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-08-29 02:10 . 2010-09-08 16:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-08-29 02:10 . 2010-09-09 16:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-08-29 02:10 . 2010-09-08 16:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-08-28 23:45 . 2010-09-08 16:26 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-28 23:45 . 2010-09-09 16:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:03 . 2010-09-08 16:38 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-09-08 07:28 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-08-29 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-30 697328]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-09-15 807936]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]

.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Atom\AppData\Roaming\Mozilla\Firefox\Profiles\zw8qp9w5.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\Atom\AppData\Roaming\Mozilla\Firefox\Profiles\zw8qp9w5.default\extensions\coc@ble.pl\components\dwmxpcom.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
Completion time: 2010-09-09 12:36:18
ComboFix-quarantined-files.txt 2010-09-09 16:36
ComboFix2.txt 2010-09-08 16:34

Pre-Run: 33,045,364,736 bytes free
Post-Run: 33,000,157,184 bytes free

- - End Of File - - 5B94B48AFC621A3F378EC70AD45F659A

AtomBomb · Sep 9, 2010

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7175a32ff538d84085e8267a7acb0a95
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-09 07:13:29
# local_time=2010-09-09 03:13:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 35602923 0 0
# compatibility_mode=8199 23494077 100 100 0 28893146 0 0
# scanned=78942
# found=0
# cleaned=0
# scan_time=1477
# nod_component=V3 Build:0x30000000

Bobbye · Sep 9, 2010

Multilingual User Interface File: MUI: do you have an operating system both in English and in German?
The MUI allows the Windows interface to be changed to different languages.

Or did you enable the additional language pack in German in Windows 7 by selecting Control Panel → Clock, Language, and Region → Change display language → Keyboards and Languages and clicking the Install/uninstall languages... button.

AtomBomb · Sep 9, 2010

yeah, I have been working on making this a multi language machine as it is sometimes a public computer.

Bobbye · Sep 10, 2010

multi language machine as it is sometimes a public computer.

Please explain 'public computer.'

My question:

Can you help me out with this please: on 9/1/2010, you have several entries ending in de-DE: Examples:
c:\windows\de-DE
c:\windows\system32\de
and others
I find Dede games and know the Country Code for Germany is DE. Can you tell me what these are for?

Your reply:

I really dont want to say this but I did torrent sims 3 which means it might be the german release but in english. otherwise I don't know what is.

I asked you about the de-/DE entry. That would have been the time to tell me about the multi-language. You did not so I moved the drivers in German. Please see if you can reset the German drivers. If you can't, I'm going to have to restore them all:
How do I select, or change, a user interface language? See Regional and Language Options overview
Select the appropriate menus and dialogs language from the Regional Options applet in Control Panel. The menus and dialogs drop-down list will display all the installed languages. Note that the user interface language is a per-user setting.

AtomBomb · Sep 11, 2010

I'm fine I was able to reinstall the drivers myself. thanks for all of your help though, computer is running great now.

Bobbye · Sep 12, 2010

Reviewing the script I wrote for you to run in Combofix, I see I put one entry in the wrong category. Please just run this CFScript again

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
FCopy::
C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\Windows\System32\drivers\atapi.sys
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Scan with HijackThis once more and if there are no entries to be removed, I'll have you remove the cleaning tools.

TechSpot

[Active] Browser redirect issues - hijackthis log included

AtomBomb Newcomer, in training

Attached Files:

dds attach.zip

AtomBomb Newcomer, in training

AtomBomb Newcomer, in training

Bobbye Helper on the Fringe

Bobbye Helper on the Fringe

AtomBomb Newcomer, in training

Bobbye Helper on the Fringe

AtomBomb Newcomer, in training

AtomBomb Newcomer, in training

Bobbye Helper on the Fringe

AtomBomb Newcomer, in training

AtomBomb Newcomer, in training

AtomBomb Newcomer, in training

Bobbye Helper on the Fringe

AtomBomb Newcomer, in training

Bobbye Helper on the Fringe

AtomBomb Newcomer, in training

Bobbye Helper on the Fringe