Solved Bad Image Error when anything and everything runs

[ericd8027]

From everything I can see, I have the same issue that was resolved in this forum: https://www.techspot.com/vb/topic160740.html

Here are my logs:

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5889

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

2/26/2011 11:01:53 PM
mbam-log-2011-02-26 (23-01-53).txt

Scan type: Quick scan
Objects scanned: 162655
Time elapsed: 10 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------------------------------
GMER:


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-27 08:09:34
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0
Running: zy19m40e.exe; Driver: C:\Users\Eric\AppData\Local\Temp\uwldapob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C0588DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

-----------------------------------------------------------------------------------------------------

DDS:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Eric at 8:31:36.62 on Sun 02/27/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2038.990 [GMT -5:00]

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\AsusService.exe
C:\Program Files\asus\TouchSuite\AsusUacSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\asus\MailServer\MailServerWatchDog.exe
C:\Program Files\asus\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\asus\Eee Docking Touch\Eee Docking Touch.exe
C:\Windows\AsScrPro.exe
C:\Program Files\asus\TouchHomeKey\TouchHomeKey.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\asus\LivCam\LivCam.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\asus\MailServer\MailServer.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\igfxsrvc.exe
C:\Users\Eric\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\ctfmon.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Eric\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Start Memos] c:\program files\asus\memos\StartMemos.exe
uRun: [Google Update] "c:\users\eric\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Glary Memory Optimizer] "c:\program files\glary utilities\memdefrag.exe" /autostart
uRun: [RadioSure] c:\users\eric\appdata\local\radiosure\RadioSure.exe /hidden
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [MailServerWatchDog] c:\program files\asus\mailserver\MailServerWatchDog.exe
mRun: [ASUS WebStorage] c:\program files\asus\asus webstorage\service\AsusWSService.exe MySyncFolder
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Eee Docking Touch] c:\program files\asus\eee docking touch\Eee Docking Touch.exe autorun
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [TouchHomeKey] c:\program files\asus\touchhomekey\TouchHomeKey.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [LivCam] "c:\program files\asus\livcam\LivCam.exe"
mRun: [PenWrite] c:\program files\asus\penwrite\PenWrite.exe AutoRun
mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\eric\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\shelltraydll.dll c:\progra~1\google\google~4\GO36F4~1.DLL

============= SERVICES / DRIVERS ===============

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-1-8 11448]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-26 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-26 301528]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsla035d486;MpKsla035d486;c:\programdata\microsoft\microsoft antimalware\definition updates\{b44d8d03-9522-4543-8064-e965171de237}\MpKsla035d486.sys [2011-2-26 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-1-8 219136]
R2 AsusUacSvc;Asus process privilege adjust service;c:\program files\asus\touchsuite\AsusUacSvc.exe [2010-1-8 28848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-26 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-26 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-2-26 42184]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\asus\game park\gameconsole\OberonGameConsoleService.exe [2010-1-8 44312]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-6 51712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 usbsmi;USB2.0 UVC WebCam ;c:\windows\system32\drivers\SMIksdrv.sys [2009-12-30 181760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-16 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-10-6 43944]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-17 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-2-16 30192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]

=============== Created Last 30 ================

2011-02-27 02:39:18 -------- d-----w- c:\users\eric\appdata\roaming\Malwarebytes
2011-02-27 02:39:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 02:39:06 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-27 02:39:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 02:38:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 02:35:07 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{b44d8d03-9522-4543-8064-e965171de237}\MpKsla035d486.sys
2011-02-27 02:34:45 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{b44d8d03-9522-4543-8064-e965171de237}\mpengine.dll
2011-02-27 00:19:05 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-27 00:19:03 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-27 00:18:23 40648 ----a-w- c:\windows\avastSS.scr
2011-02-27 00:18:11 -------- d-----w- c:\program files\AVAST Software
2011-02-27 00:18:11 -------- d-----w- c:\progra~2\AVAST Software
2011-02-26 19:42:26 20 ----a-w- c:\windows\system32\SHELLTRAYDLL.DLL
2011-02-24 12:22:53 -------- d-----w- c:\program files\Calibre2
2011-02-24 03:50:19 -------- d-----w- c:\program files\common files\xing shared
2011-02-24 03:48:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-24 03:48:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-23 19:24:26 -------- d-----w- c:\windows\system32\SPReview
2011-02-23 19:22:27 -------- d-----w- c:\windows\system32\EventProviders
2011-02-23 19:13:31 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-23 19:13:10 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-02-23 19:13:09 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-02-23 19:13:08 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-02-23 19:11:59 1115136 ----a-w- c:\windows\system32\RacEngn.dll
2011-02-23 19:10:59 113664 ----a-w- c:\windows\system32\SessEnv.dll
2011-02-23 19:09:59 690680 ----a-w- c:\windows\system32\ci.dll
2011-02-23 19:08:58 413696 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-02-23 19:07:59 327680 ----a-w- c:\windows\system32\wimserv.exe
2011-02-23 19:06:59 73216 ----a-w- c:\windows\system32\cabinet.dll
2011-02-23 19:04:09 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-02-23 19:04:09 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-02-23 19:04:09 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-02-23 19:04:09 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-23 19:03:34 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-02-23 19:03:08 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-02-23 19:03:08 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-02-23 19:01:27 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-02-23 19:01:25 257024 ----a-w- c:\windows\system32\dpx.dll
2011-02-23 18:44:18 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-02-23 11:59:37 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 11:59:36 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 22:08:36 -------- d-----w- c:\users\eric\appdata\roaming\AVG10
2011-02-22 22:06:13 -------- d--h--w- c:\progra~2\Common Files
2011-02-22 22:03:53 -------- d-----w- c:\progra~2\AVG10
2011-02-22 22:02:37 -------- d-----w- c:\program files\AVG
2011-02-22 21:52:01 -------- d-----w- c:\users\eric\appdata\roaming\YoWindow
2011-02-22 20:12:02 -------- d-----w- c:\program files\Synaptics
2011-02-22 03:48:34 -------- d-----w- c:\users\eric\appdata\roaming\DriverFinder
2011-02-22 03:44:18 -------- d-----w- c:\users\eric\appdata\local\eSupport.com
2011-02-22 01:49:07 -------- d-----w- c:\users\eric\appdata\local\StickyNotes
2011-02-22 01:44:34 -------- d-----w- c:\users\eric\appdata\roaming\MobilityFlow
2011-02-22 01:34:51 -------- d-----w- c:\progra~2\MFAData
2011-02-21 19:04:10 -------- d-----w- c:\users\eric\appdata\local\ElevatedDiagnostics
2011-02-21 13:39:08 -------- d-----w- c:\users\eric\appdata\local\Diagnostics
2011-02-20 14:59:48 -------- d-----w- c:\users\eric\appdata\roaming\AsusInternetRadio.FE3DA72B022E78FEBEB750602F72A2E5E345080B.1
2011-02-19 19:10:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 18:56:11 -------- d-----w- c:\users\eric\appdata\roaming\OpenOffice.org
2011-02-19 01:38:37 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-02-19 01:22:17 -------- d-----w- c:\program files\DivX
2011-02-19 01:19:27 -------- d-----w- c:\progra~2\DivX
2011-02-18 23:59:59 -------- d-----w- c:\users\eric\appdata\roaming\eBookConverter
2011-02-18 23:09:02 -------- d-----w- c:\windows\system32\x64
2011-02-18 21:27:49 -------- d-----w- c:\users\eric\appdata\local\Microsoft Corporation
2011-02-18 20:29:05 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-02-18 16:07:29 -------- d-----w- c:\windows\en
2011-02-18 16:04:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-02-18 01:04:32 -------- d-----w- c:\program files\eBookConverter
2011-02-17 19:10:02 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-02-17 18:57:55 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-17 18:57:54 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-17 18:57:52 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-17 18:49:03 15712 ----a-w- c:\program files\common files\windows live\.cache\57d6e2371cbced30f\MeshBetaRemover.exe
2011-02-17 18:48:59 469256 ----a-w- c:\program files\common files\windows live\.cache\5252c1291cbced30e\InstallManager_WLE_WLE.exe
2011-02-17 18:48:41 525656 ----a-w- c:\program files\common files\windows live\.cache\48cc69c51cbced30d\DXSETUP.exe
2011-02-17 18:48:40 94040 ----a-w- c:\program files\common files\windows live\.cache\48cc69c51cbced30d\DSETUP.dll
2011-02-17 18:48:40 1691480 ----a-w- c:\program files\common files\windows live\.cache\48cc69c51cbced30d\dsetup32.dll
2011-02-17 18:48:33 525656 ----a-w- c:\program files\common files\windows live\.cache\418f95c41cbced30c\DXSETUP.exe
2011-02-17 18:48:31 1691480 ----a-w- c:\program files\common files\windows live\.cache\418f95c41cbced30c\dsetup32.dll
2011-02-17 18:48:30 94040 ----a-w- c:\program files\common files\windows live\.cache\418f95c41cbced30c\DSETUP.dll
2011-02-17 18:46:15 -------- d-----w- c:\users\eric\appdata\local\Windows Live
2011-02-17 14:51:53 -------- d-----w- c:\users\eric\appdata\local\Logos4
2011-02-17 12:58:57 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 12:58:14 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-02-17 12:57:51 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-17 12:56:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-17 12:55:47 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-17 12:55:46 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-02-17 12:55:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-17 12:38:38 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-17 12:38:37 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-17 12:38:37 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-17 03:54:55 -------- d-----w- c:\users\eric\appdata\roaming\GlarySoft
2011-02-17 02:07:47 -------- d-----w- c:\program files\OpenOffice.org 3
2011-02-17 01:52:36 -------- d-----w- c:\users\eric\Calibre Library
2011-02-17 01:51:54 -------- d-----w- c:\users\eric\appdata\roaming\calibre
2011-02-17 01:23:45 -------- d-----w- c:\users\eric\appdata\local\GVNotifierWPF
2011-02-17 01:23:28 -------- d-----w- c:\users\eric\appdata\local\Amazon
2011-02-17 01:18:31 -------- d-----w- c:\users\eric\appdata\local\RadioSure
2011-02-16 23:58:23 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-02-16 23:57:33 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{dc737c9c-eaf7-48c2-90ba-364791399511}\gapaengine.dll
2011-02-16 23:53:28 -------- d-----w- c:\users\eric\appdata\local\Studio_pomaran?a_d.o.o__O
2011-02-16 23:49:21 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-16 23:47:42 -------- d-----w- c:\program files\GIMP 2
2011-02-16 20:20:05 -------- d-----w- c:\users\eric\appdata\local\Thunderbird
2011-02-16 19:36:57 -------- d-----w- c:\users\eric\appdata\roaming\GameConsole
2011-02-16 19:36:23 -------- d-sh--w- c:\users\eric\appdata\roaming\.#
2011-02-16 19:33:43 -------- d-----w- c:\users\eric\appdata\roaming\Motorola
2011-02-16 19:27:36 -------- d-----w- c:\users\eric\appdata\roaming\TouchGate2Doorway
2011-02-16 19:25:29 -------- d-----w- c:\windows\system32\log
2011-02-16 19:10:07 -------- d-----w- c:\users\eric\appdata\local\Kobo
2011-02-16 18:52:20 -------- d-----w- c:\program files\Kobo
2011-02-16 18:52:00 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{877697aa-0553-430e-aa75-988e64467fad}\mpengine.dll
2011-02-16 18:51:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-16 18:42:40 -------- d-----w- c:\users\eric\appdata\local\Google
2011-02-16 18:41:32 -------- d-----w- c:\users\eric\appdata\local\Apps
2011-02-16 18:41:31 -------- d-----w- c:\users\eric\appdata\local\Deployment
2011-02-16 18:28:22 6144 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2011-02-16 18:27:19 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-02-16 18:26:50 -------- d-----w- c:\program files\SoftStylus
2011-02-16 18:26:50 -------- d-----w- c:\progra~2\Motorola
2011-02-16 18:25:53 -------- d-----w- c:\windows\ConfigSetRoot
2011-02-16 18:21:58 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-02-16 18:20:24 -------- d-----w- c:\program files\Microsoft
2011-02-16 18:17:06 -------- d-----w- c:\program files\common files\Windows Live
2011-02-16 18:15:46 -------- d-sh--w- C:\Recovery
2011-02-04 07:26:50 684544 ----a-w- c:\windows\yowindow.scr

==================== Find3M ====================

2011-02-23 19:48:14 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-22 19:58:40 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-02-22 19:58:18 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-02-22 19:58:16 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-02-22 19:58:01 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2011-02-22 19:58:00 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-12-02 22:13:42 37376 ----a-w- c:\windows\system32\libusb0.dll

============= FINISH: 8:36:21.19 ===============
--------------------------------------------------------------------------------------------------------

Attach:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 2/16/2011 1:16:01 PM
System Uptime: 2/26/2011 9:21:11 PM (11 hours ago)

Motherboard: ASUSTeK Computer INC. | | T101MT
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz | CPU 1 | 1667/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 80 GiB total, 46.024 GiB free.
D: is FIXED (NTFS) - 54 GiB total, 53.919 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbe5c8db4
Device ID: ROOT\LEGACY_MPKSLBE5C8DB4\0000
Manufacturer:
Name: MpKslbe5c8db4
PNP Device ID: ROOT\LEGACY_MPKSLBE5C8DB4\0000
Service: MpKslbe5c8db4

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl55877d98
Device ID: ROOT\LEGACY_MPKSL55877D98\0000
Manufacturer:
Name: MpKsl55877d98
PNP Device ID: ROOT\LEGACY_MPKSL55877D98\0000
Service: MpKsl55877d98

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslc7c61473
Device ID: ROOT\LEGACY_MPKSLC7C61473\0000
Manufacturer:
Name: MpKslc7c61473
PNP Device ID: ROOT\LEGACY_MPKSLC7C61473\0000
Service: MpKslc7c61473

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl19030ddb
Device ID: ROOT\LEGACY_MPKSL19030DDB\0000
Manufacturer:
Name: MpKsl19030ddb
PNP Device ID: ROOT\LEGACY_MPKSL19030DDB\0000
Service: MpKsl19030ddb

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslc860a1f2
Device ID: ROOT\LEGACY_MPKSLC860A1F2\0000
Manufacturer:
Name: MpKslc860a1f2
PNP Device ID: ROOT\LEGACY_MPKSLC860A1F2\0000
Service: MpKslc860a1f2

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl804923ee
Device ID: ROOT\LEGACY_MPKSL804923EE\0000
Manufacturer:
Name: MpKsl804923ee
PNP Device ID: ROOT\LEGACY_MPKSL804923EE\0000
Service: MpKsl804923ee

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl396bdae7
Device ID: ROOT\LEGACY_MPKSL396BDAE7\0000
Manufacturer:
Name: MpKsl396bdae7
PNP Device ID: ROOT\LEGACY_MPKSL396BDAE7\0000
Service: MpKsl396bdae7

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl432bb97c
Device ID: ROOT\LEGACY_MPKSL432BB97C\0000
Manufacturer:
Name: MpKsl432bb97c
PNP Device ID: ROOT\LEGACY_MPKSL432BB97C\0000
Service: MpKsl432bb97c

==== System Restore Points ===================

RP37: 2/24/2011 7:18:51 AM - Installed calibre
RP38: 2/25/2011 7:09:18 PM - Windows Update
RP39: 2/26/2011 6:54:57 PM - Removed AVG 2011
RP40: 2/26/2011 7:01:09 PM - Removed AVG 2011
RP41: 2/26/2011 7:17:52 PM - avast! Free Antivirus Setup

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Amazon Kindle For PC
ASUS VIBE
ASUS WebStorage
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Calculator
calibre
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
CyberLink YouCam
D3DX10
ebi.BookReader3J
Eee Docking Touch 3.8.1
Eee PC TouchSuite
FontResizer
FotoFun_3.3.0.0
Game Park Console
Google Chrome
Google Desktop
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Google Updater
GVNotifier
Hotkey Service
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Kobo
LivCam
LiveUpdate
Logos 4 Prerequisites
Logos Bible Software 4
Malwarebytes' Anti-Malware
Memos 3.2.0.0
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office Language Pack 2007 - Dutch/Nederlands
Microsoft Office Language Pack 2007 - French/Français
Microsoft Office Language Pack 2007 - German/Deutsch
Microsoft Office Language Pack 2007 - Italian/Italiano
Microsoft Office Live Add-in 1.3
Microsoft Office O MUI (Dutch) 2007
Microsoft Office O MUI (French) 2007
Microsoft Office O MUI (German) 2007
Microsoft Office O MUI (Italian) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office SharePoint Designer MUI (Dutch) 2007
Microsoft Office SharePoint Designer MUI (French) 2007
Microsoft Office SharePoint Designer MUI (German) 2007
Microsoft Office SharePoint Designer MUI (Italian) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Dutch) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Office X MUI (Dutch) 2007
Microsoft Office X MUI (French) 2007
Microsoft Office X MUI (German) 2007
Microsoft Office X MUI (Italian) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Mozilla Thunderbird (3.1.7)
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
Notepad
OpenOffice.org 3.3
PenWrite v1.9.20.1
RadioSure
Ralink RT2860 Wireless LAN Card
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
runtime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype web features
SoftStylus
Super Hybrid Engine
Synaptics Pointing Device Driver
Touch Gate 1.0.2.2
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
USB2.0 UVC WebCam
Windows 7 Upgrade Advisor
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

==== Event Viewer Messages From Past Week ========

2/27/2011 2:20:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.99.185.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x80072f76 Error description: The requested header was not found
2/26/2011 9:22:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/26/2011 9:22:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
2/26/2011 9:16:25 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
2/26/2011 9:01:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/26/2011 6:34:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/26/2011 10:18:51 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2/24/2011 2:56:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2355.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
2/24/2011 2:56:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2355.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
2/24/2011 2:08:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
2/23/2011 2:21:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2292.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/23/2011 2:21:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2292.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/23/2011 2:21:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2292.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/23/2011 1:11:25 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
2/21/2011 6:33:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x800705b4 Error description: This operation returned because the timeout period expired. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

==== End Of File ===========================

Thanks for all the help in advance!

 

[Bobbye]

Welcome to TechSpot, Eric. I'll try to clear up the image problem.
But nothing is ever 'exactly' the same so I would appreciate it if you would explain your problem in your words. I don't have time to refer to that thread and read all the content.
================================
I do note that you have 3 antivirus programs running> Avast, AVG and MSE. That will make your system more vulnerable. Please remove one of them. Reboot the computer when finished.

 

[ericd8027]

Bad Image Error

Thanks for taking on my problem. Whenever I start a program I get a message that says:

c:\windows\system32\ShellTrayDll.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

----------------------------

Also, I looked at my "Add/Remove Programs" and Avast and MSE are the only one's listed. What should I do?

 

[Bobbye]

ShellTrayDll.dll is malware. Combofix should remove it:

Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe

• Double click combofix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
  
  

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes it will open a text window. Please paste that log in your next reply.

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the cli[board, you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

I'll check the previous logs while you run these scans.

 

[Bobbye]

Avast and MSE are the only one's listed

Decide which you want to keep and remove the other:
Avast Removal

Microsoft Security EssentialsWindows Vista or Windows7

1. .Click
   
2. . In the Search programs and files text box, type Appwiz.cpl, and then press ENTER.
3. . Right-click Microsoft Security Essentials> click Uninstall.
4. . Restart the computer.

AVG Remover:32bit
AVG Remover:64 bit

AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
Note:

• AVG user settings will be removed.
• Virus Vault contents will be removed.
• All other items related to AVG installation and use will be removed.
• You will be asked during the removal procedure to restart your computer. Please do so.
• Make sure there is no open work in process prior toto launching AVG Remover.

Use the appropriate download for your system for the AVG Remover:

 

[ericd8027]

Combofix text box & Eset

I was able to run combofix. The output was:

C:\combofix\pev.cfxxe
The specified service does not exist as an installed service.

====================

I tried running eset and have been able to do much of anything with this through Internet Explorer or Chrome with IE Tab enabled.

When I click on "Eset Online Scanner" it sends me to the terms of use page and I click accept. At that point it goes to a page and displays nothing.

I tried downloading the program and when I got to the terms of use, I checked the box accepting the conditions, click on the "Start" and nothing happens. I can continue to click the "Start" and nothing happens. I can leave it alone and nothing happens.

===================

After running ComboFix the error box has disappeared for everything that I have tried opening thus far. So at the least, that has been very nice and thank you very much so far.

 

[Bobbye]

Don't thank me yet Eric! Let's try and get Combofix running:

Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

============================================
I want you to download Combofix again> with one important change: Rename combofix.exe to your_name.exe BEFORE saving it to your desktop. It will be ericd.exe Do NOT run it yet.
======================================
Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.There are 4 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

• Rkill.com
• Rkill.scr
• Rkill.pif
• Rkill.exe
• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.

• Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
• A black window should pop up, press any key to close once the fix is completed.
• A log file called exehelperlog.txt will be created and should open at the end of the scan)
• A copy of that log will also be saved in the directory where you ran exeHelper.com
• Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
========================================================
Double click on ericd.exe to run the Combofix scan.

Leave the log in your next reply.

 

[ericd8027]

When I perform the first step I get this text box:

C:\Users\Eric\Desktop\ComboFix.exe

The specified service does not exist as an installed service.

After that the uninstall does not run.

 

[Bobbye]

It does not appear that you did this:

I want you to download Combofix again> with one important change: Rename combofix.exe to ericd.exe BEFORE saving it to your desktop. It will be Do NOT run it yet.

If you had, there would not be a combofix.exe file.

 

[ericd8027]

Okay...I realized I got confused and tried to do things out of order.

Rkill.com = does not have option to run as administrator. when I try to run normally, I get the same text error box.
Rkill.scr = option to "test", "configure", or "install". When "install" it brings up screen saver
Rkill.pif = broken hyperlink
Rkill.exe = when "run as administrator" same text error box appears

Because "rkill" has not been able to run, I have not done the following steps:

Uninstall ComboFix and all Backups of the files it deleted
Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
============================================
I want you to download Combofix again> with one important change: Rename combofix.exe to your_name.exe BEFORE saving it to your desktop. It will be ericd.exe Do NOT run it yet.
======================================

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.
Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
A black window should pop up, press any key to close once the fix is completed.
A log file called exehelperlog.txt will be created and should open at the end of the scan)
A copy of that log will also be saved in the directory where you ran exeHelper.com
Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
========================================================
Double click on ericd.exe to run the Combofix scan.

 

[Bobbye]

The Offender:
c:\windows\system32\SHELLTRAYDLL.DLL

It's a wonderful feeling when that light bulb goes off in your head and you understand something!! In my searching to identify SHELLTRAYDLL.DLL, almost every site available was for a MAC. So I'm thinking this fits into the message you got> this isn't a Windows file!

So I'm going to have you search and delete it:
Right click on the Taskbar> Explore> then go up to Tools> Click on Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'hide protected system files(recommended'> you will get a confirmation notice when you click on Apply> Click on Yes> OK.

Click on My Computer> Double click on Local Drive(C)> Windows> System 32> Look on the right screen for SHELLTRAYDLL.DLL> Do a right click> Delete on the file.

Go back into Tools> Folder Options View tab> reverse what you did: Click on 'do not show hidden files and folders'> Check 'Hide protected system files(Recommended'> Apply> OK.
Exit Windows explorer.

Reboot the computer. See if the error message is gone.

ImportantIt is possible that a process on Startup is checked which would use this file. If you get another error message, it should be different> I need to know exactly what it says.

 

[ericd8027]

Bobeye;

I did the following steps:

Right click on the Taskbar> Explore> then go up to Tools> Click on Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'hide protected system files(recommended'> you will get a confirmation notice when you click on Apply> Click on Yes> OK.

Click on My Computer> Double click on Local Drive(C)> Windows> System 32> Look on the right screen for SHELLTRAYDLL.DLL

You told me to delete "SHELLTRAYDLL.DLL", unfortunately, I have been unable to find that file. The list goes from SHELL.DLL (date modified 7/13/2009) to shell32.dll (11/20/2010) to shellstyle.dll (7/13/2009) to shfolder.dll.

 

[ericd8027]

I know I know very little about all this stuff, but part of me is wondering if ComboFix removed that file...if that is just absolutely bogus...completely forget I threw out such an idea, and I will stop trying to turn on my light bulb up here.

 

[Bobbye]

Can you tell me what your status is now regarding malware?

 

[ericd8027]

It is the same as before trying to find and delete "shelltraydll.dll"

When starting up, ComboFix still attempts to finish its process, I am unable install or uninstall any program.

 

[Bobbye]

About the only thing we haven' done is scan for a rootkit! So let's give that a try:

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result. Please post the log.
• A reboot is required after disinfection.

Try doing a C:\ComboFix.txt. On the outside chance that there was a scan and it did make a log!

 

[ericd8027]

Bobbye;

I just downloaded and extracted to my desktop. I went into the folder and attempted to run tdsskiller.exe and I received the same exact error message.


Eric

 

[ericd8027]

Would running in "safe mode" possibly change anything?

 

[Bobbye]

Safe Mode might work. Try Combofix in Safe Mode first.

 

[ericd8027]

After logging in to my computer through safemode, I received this log output from ComboFix:


ComboFix 11-02-28.07 - Eric 03/01/2011 20:10:18.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2038.949 [GMT -5:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Eric\AppData\Roaming\.#
c:\windows\system32\SHELLTRAYDLL.DLL

----- BITS: Possible infected sites -----

hxxp://resources.assets.logos.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Appinfo


((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.

2011-03-11 12:46 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB44CECD-49A3-4550-B220-B64E35686B82}\mpengine.dll
2011-03-09 15:49 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 15:49 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 15:49 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 15:49 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 15:49 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:49 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:49 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-04 17:48 . 2011-03-04 17:48 -------- d-----w- c:\programdata\CyberLink
2011-03-02 01:29 . 2011-03-02 01:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-27 02:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 02:39 . 2011-02-27 02:39 -------- d-----w- c:\programdata\Malwarebytes
2011-02-27 02:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 02:38 . 2011-02-27 02:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 00:18 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-02-27 00:18 . 2011-03-01 21:54 -------- d-----w- c:\program files\AVAST Software
2011-02-27 00:18 . 2011-02-27 00:18 -------- d-----w- c:\programdata\AVAST Software
2011-02-24 12:22 . 2011-02-24 12:25 -------- d-----w- c:\program files\Calibre2
2011-02-24 03:50 . 2011-02-24 03:50 -------- d-----w- c:\program files\Common Files\xing shared
2011-02-24 03:48 . 2011-02-24 03:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-24 03:48 . 2011-02-24 03:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-24 03:48 . 2011-02-24 03:50 -------- d-----w- c:\program files\Real
2011-02-23 19:24 . 2011-02-23 19:24 -------- d-----w- c:\windows\system32\SPReview
2011-02-23 19:22 . 2011-02-23 19:22 -------- d-----w- c:\windows\system32\EventProviders
2011-02-23 19:13 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-23 19:13 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-02-23 19:13 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-02-23 19:13 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-02-23 19:11 . 2010-11-20 12:21 1115136 ----a-w- c:\windows\system32\RacEngn.dll
2011-02-23 19:10 . 2010-11-20 12:21 113664 ----a-w- c:\windows\system32\SessEnv.dll
2011-02-23 19:09 . 2010-11-20 12:24 690680 ----a-w- c:\windows\system32\ci.dll
2011-02-23 19:08 . 2010-11-20 12:19 312832 ----a-w- c:\windows\system32\hgcpl.dll
2011-02-23 19:07 . 2010-11-20 12:17 327680 ----a-w- c:\windows\system32\wimserv.exe
2011-02-23 19:04 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-23 19:04 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-02-23 19:04 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-02-23 19:04 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-02-23 19:03 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-02-23 19:03 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-02-23 19:03 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-02-23 19:01 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-02-23 19:01 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-02-23 18:44 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-02-23 11:59 . 2011-01-07 07:46 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 11:59 . 2011-01-07 07:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 22:06 . 2011-02-22 22:06 -------- d--h--w- c:\programdata\Common Files
2011-02-22 20:12 . 2011-02-22 20:12 -------- d-----w- c:\program files\Synaptics
2011-02-22 01:34 . 2011-02-22 22:02 -------- d-----w- c:\programdata\MFAData
2011-02-21 23:18 . 2011-02-21 23:19 -------- d-----w- c:\program files\CyberLink
2011-02-19 19:12 . 2011-02-19 19:12 -------- d-----w- c:\program files\Common Files\Java
2011-02-19 19:10 . 2011-02-19 19:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 19:09 . 2011-02-19 19:09 -------- d-----w- c:\program files\Java
2011-02-19 01:38 . 2011-02-20 14:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-02-19 01:22 . 2011-02-20 14:51 -------- d-----w- c:\program files\DivX
2011-02-19 01:19 . 2011-02-20 14:51 -------- d-----w- c:\programdata\DivX
2011-02-18 23:09 . 2011-02-18 23:09 -------- d-----w- c:\windows\system32\x64
2011-02-18 20:29 . 2011-02-18 20:29 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-02-18 16:07 . 2011-02-18 16:07 -------- d-----w- c:\windows\en
2011-02-18 16:04 . 2011-02-18 16:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-02-18 14:39 . 2011-02-18 14:39 -------- d-----w- c:\users\Krista
2011-02-18 01:04 . 2011-02-22 04:35 -------- d-----w- c:\program files\eBookConverter
2011-02-17 19:10 . 2010-09-23 05:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-02-17 18:57 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-17 18:57 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-17 18:57 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-17 18:49 . 2011-02-19 22:08 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-17 12:58 . 2011-01-05 03:51 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 12:58 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-02-17 12:57 . 2011-01-05 05:55 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-17 12:56 . 2011-01-07 06:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-17 12:55 . 2011-01-07 05:43 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-17 12:55 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-02-17 12:55 . 2011-01-07 07:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-17 12:38 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-17 12:38 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-17 12:38 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-17 10:01 . 2010-01-08 20:30 -------- d-----w- c:\users\Default\AppData\Roaming\ASUS
2011-02-17 10:01 . 2010-01-08 20:24 -------- d-----w- c:\users\Default\AppData\Local\Adobe
2011-02-17 10:01 . 2010-01-08 20:23 -------- d-----w- c:\users\Default\AppData\Roaming\ASUS WebStorage
2011-02-17 10:01 . 2010-01-08 19:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-02-17 10:01 . 2010-01-08 19:49 -------- d-----w- c:\users\Default\AppData\Local\Broadcom
2011-02-17 10:01 . 2010-01-08 19:47 -------- d-----w- c:\users\Default\AppData\Roaming\InstallShield
2011-02-17 02:07 . 2011-02-17 02:08 -------- d-----w- c:\program files\OpenOffice.org 3
2011-02-16 23:47 . 2011-02-16 23:49 -------- d-----w- c:\program files\GIMP 2
2011-02-16 20:19 . 2011-02-19 01:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-02-16 19:33 . 2011-02-16 19:33 -------- d-----w- c:\programdata\FLEXnet
2011-02-16 19:25 . 2011-02-16 19:25 -------- d-----w- c:\windows\system32\log
2011-02-16 18:52 . 2011-02-23 18:21 -------- d-----w- c:\programdata\Google Updater
2011-02-16 18:52 . 2011-02-16 19:00 -------- d-----w- c:\program files\Kobo
2011-02-16 18:52 . 2011-02-20 14:55 -------- d-----w- c:\program files\Google
2011-02-16 18:51 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-16 18:28 . 1999-03-06 12:38 6144 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2011-02-16 18:27 . 2011-02-16 18:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-16 18:26 . 2011-02-16 18:27 -------- d-----w- c:\program files\SoftStylus
2011-02-16 18:26 . 2011-02-16 18:26 -------- d-----w- c:\programdata\Motorola
2011-02-16 18:25 . 2011-02-16 18:25 -------- d-----w- c:\windows\ConfigSetRoot
2011-02-16 18:23 . 2011-02-17 19:10 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-16 18:21 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-02-16 18:20 . 2011-02-16 18:23 -------- d-----w- c:\program files\Microsoft
2011-02-16 18:19 . 2011-02-18 16:04 -------- d-----w- c:\program files\Windows Live
2011-02-16 18:17 . 2011-02-16 18:17 -------- d-----w- c:\program files\Common Files\Windows Live
2011-02-16 18:16 . 2011-02-16 18:16 -------- d-----w- c:\windows\WLlog
2011-02-16 18:16 . 2011-02-20 14:37 -------- d-----w- c:\users\Eric
2011-02-16 18:15 . 2011-02-16 18:15 -------- d-----w- C:\Recovery

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 13:32 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-23 19:48 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-22 19:58 . 2009-08-07 14:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-02-22 19:58 . 2009-11-20 02:44 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-02-22 19:58 . 2009-11-20 02:44 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-02-22 19:58 . 2009-11-20 02:45 230448 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-02-22 19:58 . 2009-11-20 02:44 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2011-02-22 19:58 . 2009-11-20 02:44 173352 ----a-w- c:\windows\system32\SynCOM.dll
2011-02-04 07:26 . 2011-02-04 07:26 684544 ----a-w- c:\windows\yowindow.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start Memos"="c:\program files\Asus\Memos\StartMemos.exe" [2009-12-14 11952]
"Google Update"="c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-02-16 136176]
"RadioSure"="c:\users\Eric\AppData\Local\RadioSure\RadioSure.exe" [2011-02-08 1710592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"MailServerWatchDog"="c:\program files\asus\MailServer\MailServerWatchDog.exe" [2009-08-13 94896]
"ASUS WebStorage"="c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Eee Docking Touch"="c:\program files\ASUS\Eee Docking Touch\Eee Docking Touch.exe" [2009-12-30 414896]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-08 3058304]
"TouchHomeKey"="c:\program files\asus\TouchHomeKey\TouchHomeKey.exe" [2009-09-05 257200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"PenWrite"="c:\program files\ASUS\PenWrite\PenWrite.exe" [2010-01-20 543920]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-08 2018032]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-16 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-02-24 273544]

c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 spldr;Security Processor Loader Driver; [x]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
R1 MpKsl19030ddb;MpKsl19030ddb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25CB34D-56BF-423F-985C-4551FB1C0652}\MpKsl19030ddb.sys [x]
R1 MpKsl396bdae7;MpKsl396bdae7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E899B4E1-2C29-41B4-882A-DDA4427823BF}\MpKsl396bdae7.sys [x]
R1 MpKsl432bb97c;MpKsl432bb97c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25CB34D-56BF-423F-985C-4551FB1C0652}\MpKsl432bb97c.sys [x]
R1 MpKsl55877d98;MpKsl55877d98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E899B4E1-2C29-41B4-882A-DDA4427823BF}\MpKsl55877d98.sys [x]
R1 MpKsl804923ee;MpKsl804923ee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50E9307C-5269-4028-97FB-24494EBC2C8A}\MpKsl804923ee.sys [x]
R1 MpKslbe5c8db4;MpKslbe5c8db4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E0E7117-C332-4B0D-ADC8-3448C8FB7398}\MpKslbe5c8db4.sys [x]
R1 MpKslc7c61473;MpKslc7c61473;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25CB34D-56BF-423F-985C-4551FB1C0652}\MpKslc7c61473.sys [x]
R1 MpKslc860a1f2;MpKslc860a1f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{726DE056-CDF9-45EA-BD19-81E22466BED6}\MpKslc860a1f2.sys [x]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 63488]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 AsusUacSvc;Asus process privilege adjust service;c:\program files\asus\TouchSuite\AsusUacSvc.exe [2009-10-16 28848]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 136176]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
R2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3179520]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 35328]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 164864]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 10240]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 80256]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2010-11-20 50176]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 728448]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-16 30192]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 332160]
R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 65536]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 233344]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-11-20 130432]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 28032]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-11-20 116096]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 MsRPC;MsRPC; [x]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 143744]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 26624]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 309248]
R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 114176]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 204800]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 usbsmi;USB2.0 UVC WebCam ;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-12-25 181760]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 160128]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2010-11-20 1203200]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 22400]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 194800]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14208]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-11-20 53120]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 78336]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 74752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 31232]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 223232]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 96768]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 108544]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-11-20 39936]
S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\system32\DRIVERS\vwifibus.sys [2009-07-13 19968]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Contents of the 'Scheduled Tasks' folder

2011-03-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-16 18:52]

2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 18:59]

2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 18:59]

2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195645845-3431307071-4131870380-1000Core.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 18:42]

2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195645845-3431307071-4131870380-1000UA.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 18:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-Glary Memory Optimizer - c:\program files\Glary Utilities\memdefrag.exe
HKLM-Run-SynAsusAcpi - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-AppInfo
SafeBoot-sacsvr
SafeBoot-vmms
AddRemove-USB2.0 UVC WebCam - c:\windows\system32\RemoveSM37X.exe USB\VID_13D3&PID_5111&MI_00 USB\VID_13D3&PID_5115&MI_00 USB\VID_13D3&PID_5126&MI_00 USB\VID_13D3&PID_5116&MI_00



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 16:22
Windows 6.1.7601 Service Pack 1 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1504)
c:\progra~1\ASUS\ASUSWE~1\service\ASUSWS~1.DLL
c:\program files\ASUS\ASUS WebStorage\LogicNP.EZShellExtensions.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\conhost.exe
c:\users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\rundll32.exe
c:\users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2011-03-13 16:28:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-13 20:28

Pre-Run: 50,394,693,632 bytes free
Post-Run: 50,306,002,944 bytes free

- - End Of File - - AE0BE3E3FFD7BF1506815F3354D7C226

 

[Bobbye]

Okay, this isn't going to work! i don't know what's going on with the Services and Drivers, but there are screens and screens of them running. None of the entries is setting up right.

You're going to need to go online for this:
Please go to VirSCAN.org FREE on-line scan service:
If busy, you can use one of the following: ( you only need one)
VirusTotal
Jotti

• 
  [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
  
  

  [B]C:\combofix\pev.cfxxe[/B]

  [2]. At the upload site, click once inside the window next to Browse.
  [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
  [4]. Click on the Upload button.
  This will perform a scan across multiple different virus scanning engines.
  Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  Important: Wait for all of the scanning engines to complete.
  [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
  [6]. Paste the contents of the Clipboard in your next reply.

If there is a notation that there is a more recent scan available, please click on that
Did you run DDS in Normal Mode or Safe Mode?

 

[ericd8027]

A few things...

Okay, so I did a little research on my own about my computer and also noticed a significant change. This is all for a bit of heads up for you in case it helps any.

1) Asus EEE pc's were shipped WITH malware already onboard. So, I am assuming that this unit came with the wonderful friend hitching a ride.

2) I was having massive issues with my built-in mouse (no right click function except through an external usb mouse; also, could not log in without the usb mouse or using the "mouse click button" [between the "Alt" and "Ctrl" buttons on the right side of the keyboard). I say "was" because after ComboFix finished running I now have full functionality of my built-in mouse.

3) I have attempted to run "C:\combofix\pev.cfxxe" through the supplied online scanners and they were not accepting the file. They said that the file did not exist.

When I use "combofix.exe" here is the link:

http://www.virscan.org/report/0fe3625cacf2321986b83670218ec654.html

4) DDS was run in normal mode...NOT in Safe Mode.

5) Should I run tdsskiller in Safe Mode? As it will still not run in regular mode.

6) Lastly, since Safe Mode provided some luck, should I, in Safe Mode, try to go through the initial 8-steps for malware removal again? Or are there any I should go through again?

 

[Bobbye]

I would prefer that all of the scan be done in Normal Mode- if possible.

 

[ericd8027]

TDSSKiller (only could run in safemode) Report:


2011/03/19 15:29:16.0058 2004 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/19 15:29:16.0245 2004 ================================================================================
2011/03/19 15:29:16.0245 2004 SystemInfo:
2011/03/19 15:29:16.0245 2004
2011/03/19 15:29:16.0245 2004 OS Version: 6.1.7601 ServicePack: 1.0
2011/03/19 15:29:16.0245 2004 Product type: Workstation
2011/03/19 15:29:16.0245 2004 ComputerName: OLIVAW
2011/03/19 15:29:16.0245 2004 UserName: Eric
2011/03/19 15:29:16.0245 2004 Windows directory: C:\windows
2011/03/19 15:29:16.0245 2004 System windows directory: C:\windows
2011/03/19 15:29:16.0245 2004 Processor architecture: Intel x86
2011/03/19 15:29:16.0245 2004 Number of processors: 2
2011/03/19 15:29:16.0245 2004 Page size: 0x1000
2011/03/19 15:29:16.0245 2004 Boot type: Safe boot with network
2011/03/19 15:29:16.0245 2004 ================================================================================
2011/03/19 15:29:16.0651 2004 Initialize success
2011/03/19 15:29:19.0864 2036 ================================================================================
2011/03/19 15:29:19.0864 2036 Scan started
2011/03/19 15:29:19.0864 2036 Mode: Manual;
2011/03/19 15:29:19.0864 2036 ================================================================================
2011/03/19 15:29:20.0301 2036 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
2011/03/19 15:29:20.0426 2036 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
2011/03/19 15:29:20.0519 2036 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
2011/03/19 15:29:20.0675 2036 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/03/19 15:29:20.0847 2036 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/03/19 15:29:20.0909 2036 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/03/19 15:29:21.0034 2036 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\windows\system32\drivers\afd.sys
2011/03/19 15:29:21.0112 2036 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
2011/03/19 15:29:21.0237 2036 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/03/19 15:29:21.0331 2036 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
2011/03/19 15:29:21.0393 2036 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
2011/03/19 15:29:21.0455 2036 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
2011/03/19 15:29:21.0533 2036 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/03/19 15:29:21.0580 2036 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/03/19 15:29:21.0658 2036 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
2011/03/19 15:29:21.0721 2036 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/03/19 15:29:21.0799 2036 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
2011/03/19 15:29:21.0861 2036 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
2011/03/19 15:29:21.0955 2036 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/03/19 15:29:22.0017 2036 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/03/19 15:29:22.0079 2036 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys
2011/03/19 15:29:22.0173 2036 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/03/19 15:29:22.0251 2036 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
2011/03/19 15:29:22.0360 2036 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
2011/03/19 15:29:22.0594 2036 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/03/19 15:29:22.0688 2036 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/03/19 15:29:22.0781 2036 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/03/19 15:29:22.0859 2036 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/03/19 15:29:22.0937 2036 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/03/19 15:29:22.0984 2036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/03/19 15:29:23.0047 2036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/03/19 15:29:23.0125 2036 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/03/19 15:29:23.0187 2036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/03/19 15:29:23.0249 2036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/03/19 15:29:23.0296 2036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/03/19 15:29:23.0390 2036 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
2011/03/19 15:29:23.0437 2036 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/03/19 15:29:23.0499 2036 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/03/19 15:29:23.0593 2036 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\windows\System32\Drivers\BTHport.sys
2011/03/19 15:29:23.0686 2036 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\windows\System32\Drivers\BTHUSB.sys
2011/03/19 15:29:23.0749 2036 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
2011/03/19 15:29:24.0092 2036 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/03/19 15:29:24.0154 2036 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
2011/03/19 15:29:24.0248 2036 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/03/19 15:29:24.0310 2036 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/03/19 15:29:24.0419 2036 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/03/19 15:29:24.0482 2036 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
2011/03/19 15:29:24.0544 2036 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/03/19 15:29:24.0607 2036 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/03/19 15:29:24.0685 2036 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
2011/03/19 15:29:24.0778 2036 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/03/19 15:29:24.0919 2036 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
2011/03/19 15:29:24.0997 2036 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/03/19 15:29:25.0059 2036 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/03/19 15:29:25.0184 2036 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/03/19 15:29:25.0293 2036 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
2011/03/19 15:29:25.0480 2036 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/03/19 15:29:25.0667 2036 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/03/19 15:29:25.0745 2036 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
2011/03/19 15:29:25.0870 2036 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/03/19 15:29:25.0933 2036 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/03/19 15:29:25.0995 2036 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/03/19 15:29:26.0104 2036 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/03/19 15:29:26.0167 2036 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/03/19 15:29:26.0245 2036 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/03/19 15:29:26.0338 2036 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/03/19 15:29:26.0432 2036 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/03/19 15:29:26.0494 2036 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
2011/03/19 15:29:26.0588 2036 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/03/19 15:29:26.0650 2036 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
2011/03/19 15:29:26.0713 2036 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/03/19 15:29:26.0853 2036 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/03/19 15:29:26.0931 2036 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
2011/03/19 15:29:26.0993 2036 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
2011/03/19 15:29:27.0056 2036 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/03/19 15:29:27.0103 2036 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/03/19 15:29:27.0181 2036 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/03/19 15:29:27.0290 2036 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
2011/03/19 15:29:27.0415 2036 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
2011/03/19 15:29:27.0493 2036 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
2011/03/19 15:29:27.0602 2036 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
2011/03/19 15:29:27.0836 2036 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
2011/03/19 15:29:28.0117 2036 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/03/19 15:29:28.0179 2036 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
2011/03/19 15:29:28.0475 2036 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/03/19 15:29:28.0881 2036 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/03/19 15:29:29.0162 2036 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
2011/03/19 15:29:29.0474 2036 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
2011/03/19 15:29:29.0677 2036 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/03/19 15:29:29.0848 2036 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/03/19 15:29:30.0113 2036 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
2011/03/19 15:29:30.0285 2036 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/03/19 15:29:30.0441 2036 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/03/19 15:29:30.0503 2036 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
2011/03/19 15:29:30.0613 2036 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
2011/03/19 15:29:30.0675 2036 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
2011/03/19 15:29:30.0737 2036 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
2011/03/19 15:29:30.0815 2036 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
2011/03/19 15:29:31.0112 2036 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
2011/03/19 15:29:31.0190 2036 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
2011/03/19 15:29:31.0268 2036 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
2011/03/19 15:29:31.0471 2036 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/03/19 15:29:31.0627 2036 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/03/19 15:29:31.0705 2036 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/03/19 15:29:31.0783 2036 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/03/19 15:29:31.0845 2036 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/03/19 15:29:31.0907 2036 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/03/19 15:29:31.0985 2036 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/03/19 15:29:32.0110 2036 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/03/19 15:29:32.0204 2036 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/03/19 15:29:32.0266 2036 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/03/19 15:29:32.0360 2036 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
2011/03/19 15:29:32.0422 2036 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/03/19 15:29:32.0485 2036 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
2011/03/19 15:29:32.0563 2036 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
2011/03/19 15:29:33.0374 2036 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/03/19 15:29:33.0577 2036 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
2011/03/19 15:29:33.0717 2036 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/03/19 15:29:33.0842 2036 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/03/19 15:29:33.0967 2036 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/03/19 15:29:34.0076 2036 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
2011/03/19 15:29:34.0201 2036 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
2011/03/19 15:29:34.0388 2036 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/03/19 15:29:34.0544 2036 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/03/19 15:29:34.0762 2036 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
2011/03/19 15:29:35.0027 2036 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/03/19 15:29:35.0261 2036 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/03/19 15:29:35.0464 2036 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/03/19 15:29:35.0698 2036 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/03/19 15:29:35.0932 2036 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
2011/03/19 15:29:36.0197 2036 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/03/19 15:29:36.0431 2036 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/03/19 15:29:36.0634 2036 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/03/19 15:29:36.0868 2036 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/03/19 15:29:37.0102 2036 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
2011/03/19 15:29:37.0352 2036 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/03/19 15:29:37.0601 2036 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/03/19 15:29:37.0820 2036 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
2011/03/19 15:29:38.0007 2036 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
2011/03/19 15:29:38.0241 2036 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
2011/03/19 15:29:38.0491 2036 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/03/19 15:29:38.0693 2036 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
2011/03/19 15:29:38.0959 2036 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/03/19 15:29:39.0161 2036 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/03/19 15:29:39.0333 2036 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/03/19 15:29:39.0505 2036 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
2011/03/19 15:29:39.0707 2036 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/03/19 15:29:39.0817 2036 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
2011/03/19 15:29:39.0926 2036 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
2011/03/19 15:29:40.0019 2036 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
2011/03/19 15:29:40.0175 2036 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
2011/03/19 15:29:40.0425 2036 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/03/19 15:29:40.0597 2036 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
2011/03/19 15:29:40.0784 2036 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/03/19 15:29:41.0002 2036 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
2011/03/19 15:29:41.0174 2036 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
2011/03/19 15:29:41.0314 2036 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/03/19 15:29:41.0423 2036 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/03/19 15:29:41.0501 2036 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/03/19 15:29:41.0891 2036 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/03/19 15:29:41.0954 2036 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/03/19 15:29:42.0063 2036 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/03/19 15:29:42.0266 2036 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/03/19 15:29:42.0484 2036 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/03/19 15:29:42.0593 2036 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/03/19 15:29:42.0656 2036 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/03/19 15:29:42.0718 2036 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/03/19 15:29:42.0796 2036 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/03/19 15:29:42.0890 2036 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/03/19 15:29:42.0937 2036 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/03/19 15:29:43.0030 2036 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
2011/03/19 15:29:43.0093 2036 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/03/19 15:29:43.0155 2036 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/03/19 15:29:43.0233 2036 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/03/19 15:29:43.0327 2036 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/03/19 15:29:43.0389 2036 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
2011/03/19 15:29:43.0498 2036 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
2011/03/19 15:29:43.0607 2036 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/03/19 15:29:43.0919 2036 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/03/19 15:29:44.0309 2036 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
2011/03/19 15:29:44.0606 2036 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
2011/03/19 15:29:44.0949 2036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/03/19 15:29:45.0152 2036 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/03/19 15:29:45.0214 2036 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/03/19 15:29:45.0292 2036 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/03/19 15:29:45.0448 2036 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/03/19 15:29:45.0495 2036 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/03/19 15:29:45.0573 2036 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
2011/03/19 15:29:45.0635 2036 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/03/19 15:29:45.0760 2036 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
2011/03/19 15:29:45.0838 2036 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/03/19 15:29:45.0901 2036 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/03/19 15:29:45.0994 2036 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/03/19 15:29:46.0103 2036 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/03/19 15:29:46.0244 2036 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\windows\system32\DRIVERS\srv.sys
2011/03/19 15:29:46.0306 2036 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\windows\system32\DRIVERS\srv2.sys
2011/03/19 15:29:46.0384 2036 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\windows\system32\DRIVERS\srvnet.sys
2011/03/19 15:29:46.0493 2036 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/03/19 15:29:46.0571 2036 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
2011/03/19 15:29:46.0681 2036 SynTP (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys
2011/03/19 15:29:46.0868 2036 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\drivers\tcpip.sys
2011/03/19 15:29:47.0102 2036 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\DRIVERS\tcpip.sys
2011/03/19 15:29:47.0195 2036 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
2011/03/19 15:29:47.0289 2036 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
2011/03/19 15:29:47.0351 2036 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
2011/03/19 15:29:47.0414 2036 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
2011/03/19 15:29:47.0492 2036 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
2011/03/19 15:29:47.0679 2036 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/03/19 15:29:47.0757 2036 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
2011/03/19 15:29:47.0851 2036 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
2011/03/19 15:29:47.0929 2036 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/03/19 15:29:47.0991 2036 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
2011/03/19 15:29:48.0131 2036 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
2011/03/19 15:29:48.0209 2036 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
2011/03/19 15:29:48.0287 2036 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/03/19 15:29:48.0365 2036 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys
2011/03/19 15:29:48.0459 2036 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
2011/03/19 15:29:48.0521 2036 usbehci (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys
2011/03/19 15:29:48.0584 2036 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
2011/03/19 15:29:48.0662 2036 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/03/19 15:29:48.0709 2036 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/03/19 15:29:48.0787 2036 usbsmi (6496f6a34fca3d68fdbcdfb269c1c046) C:\windows\system32\DRIVERS\SMIksdrv.sys
2011/03/19 15:29:48.0880 2036 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/03/19 15:29:48.0958 2036 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
2011/03/19 15:29:49.0021 2036 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
2011/03/19 15:29:49.0145 2036 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
2011/03/19 15:29:49.0223 2036 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/03/19 15:29:49.0286 2036 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/03/19 15:29:49.0364 2036 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
2011/03/19 15:29:49.0426 2036 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
2011/03/19 15:29:49.0489 2036 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/03/19 15:29:49.0551 2036 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
2011/03/19 15:29:49.0613 2036 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
2011/03/19 15:29:49.0676 2036 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/03/19 15:29:49.0754 2036 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
2011/03/19 15:29:49.0816 2036 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/03/19 15:29:49.0894 2036 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/03/19 15:29:49.0957 2036 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/03/19 15:29:50.0066 2036 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/03/19 15:29:50.0144 2036 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/19 15:29:50.0191 2036 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/19 15:29:50.0315 2036 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/03/19 15:29:50.0393 2036 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/03/19 15:29:50.0596 2036 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/03/19 15:29:50.0674 2036 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/03/19 15:29:50.0986 2036 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
2011/03/19 15:29:51.0127 2036 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/03/19 15:29:51.0314 2036 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
2011/03/19 15:29:51.0376 2036 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/03/19 15:29:51.0563 2036 ================================================================================
2011/03/19 15:29:51.0563 2036 Scan finished
2011/03/19 15:29:51.0579 2036 ================================================================================

 

[Bobbye]

Okay, we've been at this for 3 weeks and it seems we've made little progress. So we need to 'regroup' and decide what you can and can't do.

1. Has there been any change in the system that you have noticed?
2. Can you get into Normal Mode at all? If no, what happens when you try?
3. There is some problem with Combofix and the drivers that hasn't been pinned down, so I need to see as much as possible and it won't be in Safe Mode.
4."Asus EEE pc's were shipped WITH malware already onboard."> Have you checked to see if your model is any of the following?

Model number: EEEBOXB202-B; UPC code: 610839761807
Model number: EEEBOXB202-W; UPC code: 610839761814
Model number: EBXB202BLK/VW161D; UPC code: 610839530526
Model number: EBXB202WHT/VW161D-W; UPC code: 610839531202
Model number: EBXB202BLK/VK191T; UPC code: 610839547753

The article I found is dated October 9, 2008

You should also know that this machine shipped with a large number of Bundled Applications: To name some of them:

Firefox web browser;
Thunderbird email client;
Skype phone / conferencing application;
Star Office Suite;
PDF Viewer;
Media Player;
Educational Software (including GCompris for younger children, paint and teach yourself chines software);
DVD player (although an external drive is required to play DVDs).
Star office
Photo edit for Picasa2
KDE Photo Manager application.
There are also shortcuts to web-based applications, particularly those from Google such as Google docs and Google Maps etc..

Any thast you don't use should be uninstalled. I have a Dell Mini with Win 7 Starter and it had so much trash on it that it was hard to find the good stuff!
===============-===================
Please try again to run Combofix in Normal Mode.
========================================
Your Windows 7 is 32bit, right? Please see if you can run HijackThis in Normal Mode.

Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.