Solved Constant drop in FPS in almost every MMO that I played. (logs included)

Status
Not open for further replies.

MalwareNewbie

Posts: 10   +0
Every time I start playing a MMO, my FPS would be normal and steady, but later on there will be a huge tremendous drop in my FPS for 5 minutes then it goes back to normal and repeat. For example, I would get a constant 99FPS on 1.6, but a little later it would drop to 20-30 FPS for 5 minutes then go back up. This situation also happened in Bioshock single player mode.

Mbam Logs

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6069

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/15/2011 4:29:34 PM
mbam-log-2011-03-15 (16-29-34).txt

Scan type: Quick scan
Objects scanned: 155098
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\55677939 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

Gmer Logs
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-15 16:47:55
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\00000082 WDC_WD50 rev.12.0
Running: 7g0u16k8.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwldifow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 8620B1F8
Device \Driver\atapi \Device\Ide\IdePort1 8620B1F8
Device \Driver\alql8wb7 \Device\Scsi\alql8wb71 87C3B1F8
Device \Driver\alql8wb7 \Device\Scsi\alql8wb71Port5Path0Target0Lun0 87C3B1F8
Device \FileSystem\Ntfs \Ntfs 8620E1F8

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----

DDS logs


DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 16:50:11.90 on 03/15/2011 Tue
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Trend Micro Internet Security Pro *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\IOI\ButtonMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\Mamba\RazerTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [googletalk] c:\users\michael\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Steam] "c:\program files\steam2\Steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ButtonMonitor] c:\program files\ioi\ButtonMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Razer Mamba Driver] c:\program files\razer\mamba\RazerTray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\my_aut~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {56AE0D82-F326-430B-A969-118E73D932B3} = 68.94.156.1,68.94.157.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\6vkuwr3k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wordsmith.org/
FF - prefs.js: keyword.URL - hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={28CE2055-8015-4796-A589-884C3F057463}&Version=3.6.3&Vintage=20100209&Defaultbrowserid=15&Productid=1704&Vendorid=3852&Offerid=6693&searchterm=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true); FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-8-8 146448]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-14 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-14 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-14 61960]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-2-14 2304]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-8-10 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-8-8 283152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-19 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f610cba8061f;Google Update Service (gupdate1c9f610cba8061f);c:\program files\google\update\GoogleUpdate.exe [2009-6-25 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-26 30192]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-8-8 51792]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-8-8 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-8-8 689416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva346;XDva346;c:\windows\system32\XDva346.sys [2010-4-18 70728]
.
=============== Created Last 30 ================
.
2011-03-15 23:18:29 -------- d-----w- c:\users\michael\appdata\roaming\Malwarebytes
2011-03-15 23:18:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 23:18:20 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-15 23:18:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:18:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 06:43:29 -------- d-----w- c:\users\michael\appdata\roaming\Avira
2011-03-15 06:41:29 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-15 06:41:29 -------- d-----w- c:\program files\Avira
2011-03-15 06:41:29 -------- d-----w- c:\progra~2\Avira
2011-03-15 01:59:45 -------- d-----w- C:\Perfect World Entertainment
2011-03-11 09:30:06 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2fef1a64-392f-462e-9b83-7fa1a58ac745}\mpengine.dll
2011-03-06 16:00:17 -------- d-----w- c:\program files\Gravity
2011-02-17 22:43:55 -------- d-----w- c:\users\michael\appdata\local\Turbine
2011-02-17 22:42:25 -------- d-----w- c:\users\michael\appdata\local\ApplicationHistory
2011-02-17 22:40:51 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-17 22:29:49 -------- d-----w- c:\program files\Turbine
2011-02-17 04:34:07 -------- d-----w- c:\users\michael\Tracing
2011-02-17 03:12:22 -------- d-----w- C:\Riot Games
2011-02-16 06:05:21 -------- d-----w- c:\progra~2\NVIDIA Corporation
2011-02-16 06:04:24 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-16 06:04:24 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-16 06:04:24 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-16 06:04:24 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-02-16 06:04:24 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-16 06:04:24 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-16 06:04:24 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-16 06:04:24 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-16 06:04:24 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-16 06:04:24 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-16 02:44:35 -------- d-----w- C:\Atlus Online
2011-02-15 08:50:48 -------- d-----w- c:\program files\common files\Software Update Utility
2011-02-15 00:20:07 -------- d-----w- c:\program files\Stunlock Studios
2011-02-15 00:15:05 -------- d-----w- c:\program files\Microsoft XNA
2011-02-14 23:52:22 2304 ----a-w- c:\windows\system32\HtsysmNT.sys
.
==================== Find3M ====================
.
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 05:06:44 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 05:06:34 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 05:06:14 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-08 05:06:02 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-08 05:06:02 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 03:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
.
============= FINISH: 16:51:01.38 ===============

Attach Logs
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
.
Motherboard: ECS | | MCP61PM-GM
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2200/235mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 206.544 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 5.185 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agere Systems PCI-SV92PP Soft Modem
AIM 7
AIM Toolbar
Akamai NetSession Interface
Alien Swarm
ALZip
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
Bandisoft MPEG-1 Decoder
BioShock
BioShock 2
Bloodline Champions
Bonjour
Borderlands
Browser Address Error Redirector
Browser Highlighter - Firefox
Compatibility Pack for the 2007 Office system
Condition Zero
Counter-Strike
Counter-Strike: Source
Diablo II
DivX Setup
Download Updater (AOL LLC)
Dragon Saga
Dungeons & Dragons Online ョ: Eberron Unlimited ・v01.13.01.801
Dystopia
ffdshow
Garena
Gateway Connect
Gateway Games
Gateway Recovery Center Installer
GGPO
Google Chrome
Google Desktop
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 1.52
ijji
ijji - Gunz
ijji FireFox Launcher 1.0
ijji REACTOR
IrisOnline
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Junk Mail filter update
Killing Floor
LabelPrint
League of Legends
LogMeIn Hamachi
LSI PCI-SV92PP Soft Modem
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
mIRC
Mozilla Firefox (3.6.15)
MSVCRT
My.Freeze.com NetAssistant
My.Freeze.com NetAssistant for Firefox
Nexon Game Manager
NVIDIA 3D Vision Driver 266.58
NVIDIA Control Panel 266.58
NVIDIA Drivers
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
Pando Media Booster
PandoraSaga version 1.0
PDF Settings
Portal
Power2Go 5.0
Prototype(TM)
PVSonyDll
Python 2.7
QuickTime
Railroad Tycoon 2: Platinum
Razer Mamba
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sid Meier's Civilization III: Complete
Sid Meier's Civilization IV
Sid Meier's Pirates!
Skype? 5.1
Smart Copy
Starcraft
Steam
Stronghold
Stronghold 2
Stronghold Crusader + Extreme
Stronghold Legends
SUPERAntiSpyware Free Edition
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 5
Trend Micro Internet Security Pro
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Viewpoint Media Player
Warcraft III
Warcraft III: All Products
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinPcap 4.0.2
WinRAR archiver
Xfire (remove only)
Yahoo! Software Update
Yahoo! Toolbar
YVD
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll help with the malware.

Please run the following: Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
===============================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2
http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Additionally, if you are using any file sharing programs, please disable or uninstall while I am helping you.
==================='
FPF=?
 
Thanks for the reply, here are the logs.

eset logs


C:\Program Files\Garena\plugins\UI\GEngine.dll probably a variant of Win32/Agent.LIJKDGU trojan
C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application

Combofix logs

ComboFix 11-03-16.01 - Michael 6/2011 Wed 19:03:05.1.4 - x86
Running from: c:\users\Michael\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Trend Micro Internet Security Pro *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Roaming\Kaspersky_Key_Finder_(KKF
c:\users\Michael\AppData\Roaming\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_V1.5_Url_k2iwexdtd4ybmkjvxm5z2u3smrbe2qb5\1.5.0.0\user.config
c:\windows\system32\Config.ini
c:\windows\system32\service
c:\windows\system32\service\09082010_TIS17_SfFniAU.log
c:\windows\system32\service\12092010_TIS17_SfFniAU.log
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 02:11 . 2011-03-17 02:11 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-03-17 02:11 . 2011-03-17 02:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 05:46 . 2011-03-16 05:46 -------- d-----w- c:\program files\ESET
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-03-15 23:18 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\programdata\Malwarebytes
2011-03-15 23:18 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 06:43 . 2011-03-15 06:43 -------- d-----w- c:\users\Michael\AppData\Roaming\Avira
2011-03-15 06:41 . 2011-03-16 23:12 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 06:41 . 2011-03-15 06:41 -------- d-----w- c:\programdata\Avira
2011-03-15 06:41 . 2011-03-15 06:41 -------- d-----w- c:\program files\Avira
2011-03-15 06:41 . 2011-01-10 21:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-15 01:59 . 2011-03-15 01:59 -------- d-----w- C:\Perfect World Entertainment
2011-03-13 23:14 . 2011-03-13 23:14 -------- d-----w- c:\program files\Common Files\Skype
2011-03-11 09:30 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FEF1A64-392F-462E-9B83-7FA1A58AC745}\mpengine.dll
2011-03-06 16:00 . 2011-03-06 16:00 -------- d-----w- c:\program files\Gravity
2011-02-17 22:43 . 2011-02-17 22:45 -------- d-----w- c:\users\Michael\AppData\Local\Turbine
2011-02-17 22:42 . 2011-02-20 00:08 -------- d-----w- c:\users\Michael\AppData\Local\ApplicationHistory
2011-02-17 22:40 . 2011-02-17 22:40 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-17 22:29 . 2011-02-17 22:29 -------- d-----w- c:\program files\Turbine
2011-02-17 04:34 . 2011-03-15 23:16 -------- d-----w- c:\users\Michael\Tracing
2011-02-17 03:12 . 2011-02-17 03:12 -------- d-----w- C:\Riot Games
2011-02-16 06:05 . 2011-02-16 06:05 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-02-16 06:04 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-16 06:04 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-16 06:04 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-16 06:04 . 2011-01-08 03:27 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-02-16 06:04 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-16 06:04 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-16 06:04 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-16 06:04 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-16 06:04 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-16 06:04 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-16 02:44 . 2011-02-16 02:44 -------- d-----w- C:\Atlus Online
2011-02-15 08:50 . 2011-02-15 08:50 -------- d-----w- c:\program files\Common Files\Software Update Utility
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2009-11-21 16:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 05:06 . 2011-01-08 05:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 05:06 . 2011-01-08 05:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 05:06 . 2011-01-08 05:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-08 05:06 . 2011-01-08 05:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-08 05:06 . 2011-01-08 05:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 03:27 . 2011-02-16 06:04 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2008-12-26 05:08 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2008-02-26 17:34 1965672 ----a-w- c:\windows\system32\nvapi.dll
2010-08-31 01:59 . 2008-08-20 20:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-30 01:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]
"googletalk"="c:\users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-14 2002160]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"Steam"="c:\program files\steam2\Steam.exe" [2010-11-21 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"ButtonMonitor"="c:\program files\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-03-15 3274584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-16 198160]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-03-13 492840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-01-23 01:15 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [x]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [x]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f610cba8061f;Google Update Service (gupdate1c9f610cba8061f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-31 30192]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 TKFsAc;TKFsAc;c:\windows\system32\TKFsAc2k.sys [x]
R3 TKFsAv;TKFsAv;c:\windows\system32\TKFsAv2k.sys [x]
R3 TKFsFt;TKFsFt;c:\windows\system32\TKFsFt2k.sys [x]
R3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k.sys [x]
R3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp.sys [x]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-08-09 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-08-09 689416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva143;XDva143;c:\windows\system32\XDva143.sys [x]
R3 XDva208;XDva208;c:\windows\system32\XDva208.sys [x]
R3 XDva223;XDva223;c:\windows\system32\XDva223.sys [x]
R3 XDva296;XDva296;c:\windows\system32\XDva296.sys [x]
R3 XDva310;XDva310;c:\windows\system32\XDva310.sys [x]
R3 XDva311;XDva311;c:\windows\system32\XDva311.sys [x]
R3 XDva323;XDva323;c:\windows\system32\XDva323.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
R3 XDva344;XDva344;c:\windows\system32\XDva344.sys [x]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [2010-04-18 70728]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R3 XDva351;XDva351;c:\windows\system32\XDva351.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-13 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-08-09 146448]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2010-11-04 2304]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-08-09 283152]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SSMDRV
*NewlyCreated* - UWLDIFOW
*Deregistered* - uwldifow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 03:47]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 03:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: {56AE0D82-F326-430B-A969-118E73D932B3} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6vkuwr3k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wordsmith.org/
FF - prefs.js: keyword.URL - hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={28CE2055-8015-4796-A589-884C3F057463}&Version=3.6.3&Vintage=20100209&Defaultbrowserid=15&Productid=1704&Vendorid=3852&Offerid=6693&searchterm=
FF - prefs.js: keyword.enabled - false
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref(dom.disable_open_during_load, true); FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-NCsoft Launcher - c:\program files\NCSoft\Launcher\NCLauncher.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-osiiuuhi - c:\users\Michael\AppData\Local\wmdqtmuec\xxsbuuetssd.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-16 19:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-684128119-126982121-4194404797-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,53,22,0d,d8,58,0c,cf,b0,ef,e9,92,a2,c2,27,0c,92,e8,56,29,e2,
00,02,4c,cd,08,02,46,8b,3b,3d,d7,09,39,3e,33,e2,41,d2,3f,c6,f4,e6,98,93,6c,\
"rkeysecu"=hex:07,7e,47,d4,24,3a,12,ad,28,c6,ed,e1,7f,28,d3,4b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-16 19:14:35
ComboFix-quarantined-files.txt 2011-03-17 02:14
.
Pre-Run: 225,238,740,992 bytes free
Post-Run: 225,188,323,328 bytes free
.
- - End Of File - - 60E8343D1902A483080514C0E73507D6
 
I think it's the hot spot shield's problem. Every time I close hot spot shield from the notification tray, it reopens itself after 3-5 minutes.

It stopped reopening itself after two times.

It reopened again after 30 minutes.
 
You're using Vista with SP1- is that correct? And you have an AMD processor?

Hot Spot Shield may be part of it but not all. You have quite a lot of other entries I'm going to move.

Do you want me to include the entries for HSS in the script I'm writing for you to run through Combofix?

You have 2 antivirus programs running:
AV: AntiVir Desktop
AV: Trend Micro Internet Security Pro


Please uninstall one of them. Reboot the computer when through.
 
Yup, I'm using Vista with SP1 and I have an AMD processor, and I don't know what entry means, but do what you think is best for me.

Uninstalling Trend AV.

Also could I just uninstall HSS? Haven't been using it much anyways.
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it: Be sure to scroll down to include ALL lines.
Code:
File::
c:\windows\system32\TKFsAc2k.sys 
c:\windows\system32\TKFsAv2k.sys 
c:\windows\system32\TKFsFt2k.sys 
c:\windows\system32\TKRgAc2k.sys 
c:\windows\system32\TKRgFtXp.sys 
c:\windows\system32\XDva143.sys  
c:\windows\system32\XDva208.sys 
c:\windows\system32\XDva223.sys 
c:\windows\system32\XDva296.sys 
c:\windows\system32\XDva310.sys 
c:\windows\system32\XDva311.sys 
c:\windows\system32\XDva323.sys 
c:\windows\system32\XDva337.sys 
c:\windows\system32\XDva343.sys 
c:\windows\system32\XDva344.sys 
c:\windows\system32\XDva349.sys 
c:\windows\system32\XDva351.sys 
c:\windows\system32\XDva370.sys 
c:\windows\system32\XDva375.sys 
FileLook::
c:\windows\system32\XDva346.sys
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
DDS::
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

RegNull::
[HKEY_USERS\S-1-5-21-684128119-126982121-4194404797-1000\Software\SecuROM\License information*]

Driver::
TKFsAc
TKFsAv
TKFsFt
TKRgAc
TKRgFt
XDva143
XDva208
XDva223
XDva296
XDva310
XDva311
XDva323
XDva337
XDva343
XDva344
XDva349
XDva351
XDva370
XDva375
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
 
My computer restarted after the scan, and after the restart Combofix produced the logs.

ComboFix Logs

ComboFix 11-03-18.01 - Michael 8/2011 Fri 15:04:19.2.4 - x86
Running from: c:\users\Michael\Downloads\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\TKFsAc2k.sys"
"c:\windows\system32\TKFsAv2k.sys"
"c:\windows\system32\TKFsFt2k.sys"
"c:\windows\system32\TKRgAc2k.sys"
"c:\windows\system32\TKRgFtXp.sys"
"c:\windows\system32\XDva143.sys"
"c:\windows\system32\XDva208.sys"
"c:\windows\system32\XDva223.sys"
"c:\windows\system32\XDva296.sys"
"c:\windows\system32\XDva310.sys"
"c:\windows\system32\XDva311.sys"
"c:\windows\system32\XDva323.sys"
"c:\windows\system32\XDva337.sys"
"c:\windows\system32\XDva343.sys"
"c:\windows\system32\XDva344.sys"
"c:\windows\system32\XDva349.sys"
"c:\windows\system32\XDva351.sys"
"c:\windows\system32\XDva370.sys"
"c:\windows\system32\XDva375.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\askbardis\bar\bin\askBar.dll
c:\program files\divx\divx update\DivXUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TKFSAC
-------\Legacy_TKFSAV
-------\Legacy_TKFSFT
-------\Legacy_TKRGAC
-------\Legacy_TKRGFT
-------\Legacy_XDVA143
-------\Legacy_XDVA208
-------\Legacy_XDVA223
-------\Legacy_XDVA296
-------\Legacy_XDVA310
-------\Legacy_XDVA311
-------\Legacy_XDVA323
-------\Legacy_XDVA337
-------\Legacy_XDVA343
-------\Legacy_XDVA344
-------\Legacy_XDVA349
-------\Legacy_XDVA351
-------\Legacy_XDVA370
-------\Service_TKFsAc
-------\Service_TKFsAv
-------\Service_TKFsFt
-------\Service_TKRgAc
-------\Service_TKRgFt
-------\Service_XDva143
-------\Service_XDva208
-------\Service_XDva223
-------\Service_XDva296
-------\Service_XDva310
-------\Service_XDva311
-------\Service_XDva323
-------\Service_XDva337
-------\Service_XDva343
-------\Service_XDva344
-------\Service_XDva349
-------\Service_XDva351
-------\Service_XDva370
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 22:13 . 2011-03-18 22:16 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-03-18 22:13 . 2011-03-18 22:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-03-15 23:18 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\programdata\Malwarebytes
2011-03-15 23:18 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 06:43 . 2011-03-15 06:43 -------- d-----w- c:\users\Michael\AppData\Roaming\Avira
2011-03-15 06:41 . 2011-03-16 23:12 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 06:41 . 2011-03-15 06:41 -------- d-----w- c:\programdata\Avira
2011-03-15 06:41 . 2011-03-15 06:41 -------- d-----w- c:\program files\Avira
2011-03-15 06:41 . 2011-01-10 21:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-15 01:59 . 2011-03-15 01:59 -------- d-----w- C:\Perfect World Entertainment
2011-03-13 23:14 . 2011-03-13 23:14 -------- d-----w- c:\program files\Common Files\Skype
2011-03-11 09:30 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FEF1A64-392F-462E-9B83-7FA1A58AC745}\mpengine.dll
2011-03-06 16:00 . 2011-03-06 16:00 -------- d-----w- c:\program files\Gravity
2011-02-17 22:43 . 2011-02-17 22:45 -------- d-----w- c:\users\Michael\AppData\Local\Turbine
2011-02-17 22:42 . 2011-02-20 00:08 -------- d-----w- c:\users\Michael\AppData\Local\ApplicationHistory
2011-02-17 22:40 . 2011-02-17 22:40 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-17 22:29 . 2011-02-17 22:29 -------- d-----w- c:\program files\Turbine
2011-02-17 04:34 . 2011-03-18 15:30 -------- d-----w- c:\users\Michael\Tracing
2011-02-17 03:12 . 2011-02-17 03:12 -------- d-----w- C:\Riot Games
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2009-11-21 16:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 05:06 . 2011-01-08 05:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 05:06 . 2011-01-08 05:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 05:06 . 2011-01-08 05:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-08 05:06 . 2011-01-08 05:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-08 05:06 . 2011-01-08 05:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 03:27 . 2011-02-16 06:04 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-02-16 06:04 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-02-16 06:04 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-16 06:04 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2011-02-16 06:04 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-16 06:04 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-16 06:04 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-16 06:04 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-02-16 06:04 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-16 06:04 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2011-02-16 06:04 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2008-12-26 05:08 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2008-02-26 17:34 1965672 ----a-w- c:\windows\system32\nvapi.dll
2010-08-31 01:59 . 2008-08-20 20:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\XDva346.sys ---
Company: www.wiselogic.co.kr
File Description: Windows Kernel
File Version: 1.02
Product Name:
Copyright: Copyright (C)WiseLogic 2004
Original Filename: XTrapD12.Sys
File size: 70728
Created time: 2010-04-18 08:50
Modified time: 2010-04-18 08:50
MD5: FFAF5B4048F0100445B0DCD66CA9DAA8
SHA1: 60DBC374B3E3FD92156E84E9076005C046A934C9
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]
"googletalk"="c:\users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-14 2002160]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"Steam"="c:\program files\steam2\Steam.exe" [2010-11-21 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"ButtonMonitor"="c:\program files\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-03-15 3274584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-16 198160]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-03-18 492840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-01-23 01:15 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [x]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [x]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f610cba8061f;Google Update Service (gupdate1c9f610cba8061f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-31 30192]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [2010-04-18 70728]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-13 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2010-11-04 2304]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 03:47]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 03:47]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: {56AE0D82-F326-430B-A969-118E73D932B3} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6vkuwr3k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wordsmith.org/
FF - prefs.js: keyword.URL - hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={28CE2055-8015-4796-A589-884C3F057463}&Version=3.6.3&Vintage=20100209&Defaultbrowserid=15&Productid=1704&Vendorid=3852&Offerid=6693&searchterm=
FF - prefs.js: keyword.enabled - false
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref(dom.disable_open_during_load, true); FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-03-18 15:26:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-18 22:25
ComboFix2.txt 2011-03-17 02:14
.
Pre-Run: 226,271,395,840 bytes free
Post-Run: 226,490,089,472 bytes free
.
- - End Of File - - CB2A8AF48A16123D5496FA2A75213058
 
Before I finish you up, please answer the following:

1. Has there been any improvement in the system?
2. For the 3rd time, what is FPS?
3. Did you want to uninstall Hot Spot Shield?
4. Do you plane to reinstall AVG when we're finished?
 
1. Yes, thank you. :D
2. I think this is the first time that you asked me, I saw your first post with "FPF=?". FPS = Frame per second.
3. Yup.
4. Nope, I plan on keeping Avira.
 
Thank you for that! I knew MMO but couldn't figure the FPS out!

Please run this Custom CFScript:
  1. . Close any open browsers.
  2. . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. . Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
c:\windows\System32\Drivers\avgldx86.sys
c:\windows\System32\Drivers\avgtdix.sys
c:\program files\AVG\AVG9\avgemc.exe
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\program files\Viewpoint\Common\ViewpointService.exe 
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
Driver::
AvgLdx86  
AvgTdiX  
avg9emc  
avg9wd  
Viewpoint Manager Service
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
I removed the HotSpot Shield entries I saw. You need to complete the uninstall in Add/Remove Programs. Please include any Viewpoint entries for uninstall.

Once uninstalled, use Windows Explorer to find the program files and do a right click> Delete on the program folders.

Click on Start> Run> type services.msc> enter> double click on Viewpoint Service> Change Startup type to Disabled> Stop the Service.
 
I couldn't find Viewpoint in my services, and the file with hot spot shield after I executed ComboFix with the script and uninstalled Hot spot shield.

ComboFix Logs

ComboFix 11-03-24.03 - Michael 5/2011 Fri 3:19.3.4 - x86
Running from: c:\users\Michael\Downloads\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\AVG\AVG9\avgemc.exe"
"c:\program files\AVG\AVG9\avgwdsvc.exe"
"c:\program files\Hotspot Shield\bin\openvpnas.exe"
"c:\program files\Hotspot Shield\HssWPR\hsssrv.exe"
"c:\program files\Viewpoint\Common\ViewpointService.exe"
"c:\windows\System32\Drivers\avgldx86.sys"
"c:\windows\System32\Drivers\avgtdix.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGLDX86
-------\Legacy_AVGTDIX
-------\Service_avg9emc
-------\Service_avg9wd
-------\Service_AvgLdx86
-------\Service_AvgTdiX
-------\Service_Viewpoint Manager Service
-------\Service_HotspotShieldService
-------\Service_HssSrv
.
.
((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-25 10:30 . 2011-03-25 10:36 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-03-25 10:30 . 2011-03-25 10:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-25 10:30 . 2011-03-25 10:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-23 00:58 . 2011-03-23 00:58 -------- d-----w- c:\programdata\Tencent
2011-03-23 00:58 . 2011-03-23 00:58 -------- d-----w- c:\users\Michael\AppData\Local\Tencent
2011-03-23 00:57 . 2011-03-23 00:57 106496 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-03-23 00:33 . 2011-03-23 00:33 106496 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-03-23 00:32 . 2011-03-23 00:57 -------- d-----w- c:\program files\Common Files\Tencent
2011-03-23 00:32 . 2011-03-23 00:54 -------- d-----w- c:\program files\Tencent
2011-03-23 00:32 . 2011-03-23 00:58 -------- d-----w- c:\users\Michael\AppData\Roaming\Tencent
2011-03-23 00:32 . 2011-03-23 00:56 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-03-15 23:18 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\programdata\Malwarebytes
2011-03-15 23:18 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 06:43 . 2011-03-15 06:43 -------- d-----w- c:\users\Michael\AppData\Roaming\Avira
2011-03-15 06:41 . 2011-03-16 23:12 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 06:41 . 2011-03-15 06:41 -------- d-----w- c:\programdata\Avira
2011-03-15 06:41 . 2011-03-15 06:41 -------- d-----w- c:\program files\Avira
2011-03-15 06:41 . 2011-01-10 21:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-15 01:59 . 2011-03-15 01:59 -------- d-----w- C:\Perfect World Entertainment
2011-03-13 23:14 . 2011-03-13 23:14 -------- d-----w- c:\program files\Common Files\Skype
2011-03-11 09:30 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FEF1A64-392F-462E-9B83-7FA1A58AC745}\mpengine.dll
2011-03-06 16:00 . 2011-03-06 16:00 -------- d-----w- c:\program files\Gravity
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2009-11-21 16:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 05:06 . 2011-01-08 05:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 05:06 . 2011-01-08 05:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 05:06 . 2011-01-08 05:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-08 05:06 . 2011-01-08 05:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-08 05:06 . 2011-01-08 05:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 03:27 . 2011-02-16 06:04 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-02-16 06:04 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-02-16 06:04 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-16 06:04 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2011-02-16 06:04 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-16 06:04 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-16 06:04 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-16 06:04 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-02-16 06:04 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-16 06:04 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2011-02-16 06:04 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2008-12-26 05:08 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2008-02-26 17:34 1965672 ----a-w- c:\windows\system32\nvapi.dll
2010-08-31 01:59 . 2008-08-20 20:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]
"googletalk"="c:\users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-14 2002160]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"Steam"="c:\program files\steam2\Steam.exe" [2010-11-21 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"ButtonMonitor"="c:\program files\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-03-15 3274584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-16 198160]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-03-25 492840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-01-23 01:15 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f610cba8061f;Google Update Service (gupdate1c9f610cba8061f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
R3 CFcatchme;CFcatchme;c:\users\Michael\AppData\Local\Temp\CFcatchme.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-31 30192]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [2010-04-18 70728]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-13 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2010-11-04 2304]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 03:47]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 03:47]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: {56AE0D82-F326-430B-A969-118E73D932B3} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6vkuwr3k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wordsmith.org/
FF - prefs.js: keyword.URL - hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={28CE2055-8015-4796-A589-884C3F057463}&Version=3.6.3&Vintage=20100209&Defaultbrowserid=15&Productid=1704&Vendorid=3852&Offerid=6693&searchterm=
FF - prefs.js: keyword.enabled - false
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref(dom.disable_open_during_load, true); FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-03-25 03:44:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-25 10:44
ComboFix2.txt 2011-03-18 22:26
ComboFix3.txt 2011-03-17 02:14
.
Pre-Run: 234,610,765,824 bytes free
Post-Run: 234,504,237,056 bytes free
.
- - End Of File - - 1939FF4583328869B1E089A5961E2E96
 
Your ISP is AT&T in TX. But I notice you installed Tecent on 3/23/2011. You shouldn't be downloading new programs and getting data while I'm trying to clean the system.

Tecent is China's largest and most used Internet service portal.. Are you aware of this? Did you install the program?
2011-03-23 00:58 . 2011-03-23 00:58 -------- d-----w- c:\programdata\Tencent
2011-03-23 00:58 . 2011-03-23 00:58 -------- d-----w- c:\users\Michael\AppData\Local\Tencent
2011-03-23 00:57 . 2011-03-23 00:57 106496 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-03-23 00:33 . 2011-03-23 00:33 106496 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-03-23 00:32 . 2011-03-23 00:57 -------- d-----w- c:\program files\Common Files\Tencent
2011-03-23 00:32 . 2011-03-23 00:54 -------- d-----w- c:\program files\Tencent
2011-03-23 00:32 . 2011-03-23 00:58 -------- d-----w- c:\users\Michael\AppData\Roaming\Tencent
 
Oh, sorry. I was trying to install QQ, an instant messenger often used by people in China, but I uninstalled it now because I have no use of it anymore.
 
Time has gotten away with both of us! Please give me a quick update on the system.

I have just a few things in script for you to run:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code:
File::
c:\users\Michael\AppData\Local\Temp\CFcatchme.sys
c:\program files\Hotspot Shield\bin\hsswd.exe
Driver::
CFcatchme
HssWd
FileLook::
c:\windows\system32\XDva375.sys
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================================
Click on Start< Run> type in services.msc> enter> Double click on HssWd(full name is Hotspot Shield Monitoring Service)> Change Staaretup type to Disabled> Stop the Service> Exit Services.

I'm not going to delete the Service. Should you decide to run it in the future, return to the Services and change the startup type to either Manual or Automatic. When you reboot, the Service should restart.
====================================
Let's make sure the security programs are okay: Security Check

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Sorry, for the late reply.

ComboFix Logs


ComboFix 11-04-08.02 - Michael 9/2011 Sat 4:04.4.4 - x86
Running from: c:\users\Michael\Downloads\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Hotspot Shield\bin\hsswd.exe"
"c:\users\Michael\AppData\Local\Temp\CFcatchme.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CFCATCHME
-------\Service_CFcatchme
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 11:14 . 2011-04-09 11:19 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-04-09 11:14 . 2011-04-09 11:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-04-09 11:14 . 2011-04-09 11:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-01 07:14 . 2011-04-01 07:16 -------- d-----w- c:\users\Michael\AppData\Roaming\.minecraft
2011-03-23 00:58 . 2011-03-23 00:58 -------- d-----w- c:\programdata\Tencent
2011-03-23 00:58 . 2011-03-23 00:58 -------- d-----w- c:\users\Michael\AppData\Local\Tencent
2011-03-23 00:57 . 2011-03-23 00:57 106496 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-03-23 00:33 . 2011-03-23 00:33 106496 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-03-23 00:32 . 2011-03-23 00:57 -------- d-----w- c:\program files\Common Files\Tencent
2011-03-23 00:32 . 2011-03-23 00:54 -------- d-----w- c:\program files\Tencent
2011-03-23 00:32 . 2011-03-23 00:58 -------- d-----w- c:\users\Michael\AppData\Roaming\Tencent
2011-03-23 00:32 . 2011-03-23 00:56 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-03-15 23:18 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\programdata\Malwarebytes
2011-03-15 23:18 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 06:43 . 2011-03-15 06:43 -------- d-----w- c:\users\Michael\AppData\Roaming\Avira
2011-03-15 06:41 . 2011-03-16 23:12 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 06:41 . 2011-03-15 06:41 -------- d-----w- c:\programdata\Avira
2011-03-15 06:41 . 2011-03-15 06:41 -------- d-----w- c:\program files\Avira
2011-03-15 06:41 . 2011-01-10 21:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-15 01:59 . 2011-03-15 01:59 -------- d-----w- C:\Perfect World Entertainment
2011-03-13 23:14 . 2011-03-13 23:14 -------- d-----w- c:\program files\Common Files\Skype
2011-03-11 09:30 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FEF1A64-392F-462E-9B83-7FA1A58AC745}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2009-11-21 16:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-31 01:59 . 2008-08-20 20:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]
"googletalk"="c:\users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-14 2002160]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"Steam"="c:\program files\steam2\Steam.exe" [2010-11-21 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"ButtonMonitor"="c:\program files\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-03-15 3274584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-16 198160]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-04-09 492840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-01-23 01:15 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f610cba8061f;Google Update Service (gupdate1c9f610cba8061f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-31 30192]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [2010-04-18 70728]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-13 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2010-11-04 2304]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 03:47]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 03:47]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: {56AE0D82-F326-430B-A969-118E73D932B3} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6vkuwr3k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wordsmith.org/
FF - prefs.js: keyword.URL - hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={28CE2055-8015-4796-A589-884C3F057463}&Version=3.6.3&Vintage=20100209&Defaultbrowserid=15&Productid=1704&Vendorid=3852&Offerid=6693&searchterm=
FF - prefs.js: keyword.enabled - false
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref(dom.disable_open_during_load, true); FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-09 04:18
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6vkuwr3k.default\cookies.sqlite-journal 9800 bytes
c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6vkuwr3k.default\parent.lock 0 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\conime.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Windows Live\Messenger\wlcsdk.exe
.
**************************************************************************
.
Completion time: 2011-04-09 04:29:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-09 11:29
ComboFix2.txt 2011-03-25 10:44
ComboFix3.txt 2011-03-18 22:26
ComboFix4.txt 2011-03-17 02:14
.
Pre-Run: 231,056,056,320 bytes free
Post-Run: 231,239,839,744 bytes free
.
- - End Of File - - 152D952A739E87EBA76AA24F73C7F7D5

Security Check logs


Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 20
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.2.152.26
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
 
Please run the following Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
c:\users\Michael\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
c:\users\Michael\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
Folder::
c:\programdata\Tencent
c:\users\Michael\AppData\Local\Tencent
c:\program files\Common Files\Tencent
c:\program files\Tencent
c:\users\Michael\AppData\Roaming\Tencent
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please uninstall the following:
Java(TM) 6 Update 20
Java(TM) 6 Update 4
Java(TM) 6 Update 5

Please update the following:
1. Adobe Reader 8.1.2> Visit this Adobe Reader site
2. Windows Vista Service Pack 1 to current SP> Microsoft Download Site All updates marked Critical and the current SP update.
3. Java: Check here:Java Updates

Have the original problems been resolved?
 
Nope, I still have FPS lag in my games.

Combo Fix Logs

ComboFix 11-04-13.04 - Michael 4/2011 Thu 5:57.5.4 - x86
Running from: c:\users\Michael\Downloads\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Michael\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe"
"c:\users\Michael\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Tencent
c:\program files\Common Files\Tencent\NPQSCALL\npqscall.dll
c:\program files\Common Files\Tencent\Paycenter\qqcert.dll
c:\program files\Common Files\Tencent\Paycenter\qqedit.dll
c:\program files\Common Files\Tencent\QQDownload\107\dlcore.dll
c:\program files\Common Files\Tencent\QQDownload\107\extract.dll
c:\program files\Common Files\Tencent\QQDownload\107\Installlog.txt
c:\program files\Common Files\Tencent\QQDownload\107\Tencentdl.exe
c:\program files\Common Files\Tencent\QQPhotoDrawEx\QQPhotoDrawEx.2.27.171.429.dll
c:\program files\Common Files\Tencent\TXFTN\TXFTNActiveX1.13.dll
c:\program files\Common Files\Tencent\TXPTOP\p2papi.dll
c:\program files\Common Files\Tencent\TXPTOP\p2papp.dll
c:\program files\Common Files\Tencent\TXPTOP\p2pcore.dll
c:\program files\Common Files\Tencent\TXPTOP\p2pdata.dll
c:\program files\Common Files\Tencent\TXPTOP\p2phttp.dll
c:\program files\Common Files\Tencent\TXSSO\1.2.1.15\Bin\SSOAxCtrlForPTLogin.dll
c:\program files\Common Files\Tencent\TXSSO\1.2.1.15\Bin\SSOCommon.dll
c:\program files\Common Files\Tencent\TXSSO\1.2.1.15\Bin\SSOLUIControl.dll
c:\program files\Common Files\Tencent\TXSSO\1.2.1.15\Bin\SSOPlatform.dll
c:\program files\Common Files\Tencent\TXSSO\1.2.1.15\I18N\2052\PGFStringBundle.xml
c:\program files\Common Files\Tencent\TXSSO\1.2.1.15\I18N\2052\SSOStringBundle.xml
c:\program files\Common Files\Tencent\TXSSO\1.2.1.15\I18N\SSOConfig.xml
c:\program files\Common Files\Tencent\TXSSO\Bin\SSOAxCtrlForPTLogin.dll
c:\program files\Common Files\Tencent\TXSSO\Bin\SSOCommon.dll
c:\program files\Common Files\Tencent\TXSSO\Bin\SSOLUIControl.dll
c:\program files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll
c:\program files\Tencent
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\auzip.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\CMInternet.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\MMInstaller.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\msdmo.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\npQzoneMusic.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\p2papi.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\p2papp.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\p2pcore.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\p2pdata.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\p2phttp.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QQMediaPlayer.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QQMusicAddin\Addin.ini
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QQMusicAddin\qmp_mp3.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QQMusicAddin\wmadmod.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QQMusicDldEx.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QQMusicPlayer.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QQPlayer.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll
c:\program files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.exe
c:\programdata\Tencent
c:\programdata\Tencent\QQPCMgr\QMConfig.dat
c:\users\Michael\AppData\Local\Tencent
c:\users\Michael\AppData\Local\Tencent\QQPet\QQPetAgent_Profile.ini
c:\users\Michael\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
c:\users\Michael\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
c:\users\Michael\AppData\Roaming\Tencent
c:\users\Michael\AppData\Roaming\Tencent\Logs\QQ.tlg
c:\users\Michael\AppData\Roaming\Tencent\Logs\QQ2010.tlg
c:\users\Michael\AppData\Roaming\Tencent\Logs\QQ2010Setup_33.07.0.2032.232.tlg
c:\users\Michael\AppData\Roaming\Tencent\Logs\QQExternal.tlg
c:\users\Michael\AppData\Roaming\Tencent\Logs\QQInstall.txt
c:\users\Michael\AppData\Roaming\Tencent\Logs\QQSetupEx.tlg
c:\users\Michael\AppData\Roaming\Tencent\Logs\regsvr32.tlg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\1852516993
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\ActiveXWhiteList
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\ADMovement
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\aio_RichButton_140x114_110228bx.swf
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\aio_RichButton_140x240_110318gh.swf
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\aio_RichButton_140x40_110228bx.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\aio_richbutton_140x40_110316xy.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\aio_RichButton_140x40_110318gh.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\detect.txt
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\fodder.swf
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\jieting0228b140x40.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\jieting0228d140x240.swf
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\JOBkhdRB1d0322.swf
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\JOBkhdRB2b0322.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\meng_1402400309.swf
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\meng_140400309.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\ym_140240_0315.swf
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.advertisement\ym_14040_0315.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\blog\blank.htm
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\blog\css\qzBlank.css
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\blog\icon.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\blog\index.htm
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\blog\script\editor.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\blog\script\portal_editor.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\bg.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\bg_current.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\bg_pop.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\border_l.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\border_r.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\delete_hover.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\delete_normal.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\editor\editor_icon_v2.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\editor\expression_bg.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\editor\expression_layer.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\editor\expression_menu_page.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\editor\gb_editor.css
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\editor\icon.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\editor\qzfl.css
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\editor\qzfl_client_tip.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\editor\tips.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\css\default.css
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\css\default.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e100.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e101.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e102.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e103.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e104.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e105.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e106.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e107.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e108.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e109.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e110.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e111.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e112.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e113.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e114.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e115.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e116.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e117.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e118.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e119.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e120.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e121.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e122.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e123.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e124.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e125.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e126.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e127.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e128.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e129.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e130.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e131.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e132.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e133.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e134.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e135.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e136.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e137.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e138.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e139.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e140.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e141.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e142.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e143.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e144.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e145.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e146.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e147.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e148.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e149.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e150.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e151.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e152.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e153.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e154.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e155.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e156.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e157.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e158.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e159.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e160.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e161.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e162.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e163.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e164.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e165.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e166.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e167.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e168.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e169.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e170.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e171.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e172.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e173.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e174.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e175.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e176.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e177.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e178.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e179.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e180.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e181.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e182.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e183.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e184.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e185.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e186.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e187.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e188.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e189.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e190.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e191.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e192.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e193.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e194.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e195.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e196.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e197.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e198.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e199.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e200.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e201.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e202.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e203.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\e204.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\theme\default.css
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\theme\default.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\em\theme\default.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\global_mini_portal.css
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\loading.gif
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\mini_portal.css
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\miniportal_hint.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\mod_notepad.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\mod_notepad_op.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\mode_bg.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\mode_edit_blog.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\notepad.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\notepad_bg.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\notepad_tools.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\photo_default.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\qzone.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\qzone_img.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\css\vip_icon_2.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\icon.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\script\common.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\common\script\qzfl.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\notepad\blank.htm
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\notepad\css\qzBlank.css
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\notepad\icon.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\notepad\index.htm
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\notepad\right.htm
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\notepad\script\main.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\notepad\script\portal_editor.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\photo\icon.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\photo\index.htm
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\photo\mini_insert.html
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\photo\script\mini_select_photo.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\photo\script\photo_logic.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\photo\script\swfobject.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\photo\script\upload.js
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\photo\swf\playerProductInstall.swf
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone\qzonepackage\photo\swf\QzoneUploader.swf
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\CSC\2052\4\2
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\CSC\2052\7\10
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\CSC\2052\7\12
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\CSC\2052\7\16
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\CSC\2052\7\5
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\CSC\2052\7\9
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\EnvirConf.ini
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\LNN\1001.pic
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\LNN\1002.pic
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\LNN\1011.pic
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\LNN\1012.pic
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\LNN\Storage.lnn
c:\users\Michael\AppData\Roaming\Tencent\QQ\Misc\MainMenu\416BC4205C700D6CCA4AAB9C6852786A
c:\users\Michael\AppData\Roaming\Tencent\QQ\SafeBase\tsconfig.dat
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_1\logon_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_1\main.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_1\preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_1\recent_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_1\themeconfig.xml
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_10\logon_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_10\main.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_10\preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_10\recent_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_10\themeconfig.xml
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_13\logon_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_13\main.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_13\preview.PNG
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_13\recent_preview.PNG
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_13\themeconfig.xml
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_2\logon_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_2\main.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_2\preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_2\recent_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_2\themeconfig.xml
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_3\logon_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_3\main.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_3\preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_3\recent_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_3\themeconfig.xml
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_4\logon_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_4\main.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_4\preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_4\recent_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_4\themeconfig.xml
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_5\logon_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_5\main.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_5\preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_5\recent_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_5\themeconfig.xml
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_6\logon_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_6\main.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_6\preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_6\recent_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_6\themeconfig.xml
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_9\logon_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_9\main.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_9\preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_9\recent_preview.png
c:\users\Michael\AppData\Roaming\Tencent\QQ\Skins\system\1.45_9\themeconfig.xml
c:\users\Michael\AppData\Roaming\Tencent\QQ\STemp\Uninstall\33.07.0.2032.232\QQ.msi
c:\users\Michael\AppData\Roaming\Tencent\QQ\Temp\%Y54%QKY1TOWGC0VX}~X]`U.jpg
c:\users\Michael\AppData\Roaming\Tencent\QQ\Temp\H8[@RSB(_SC]}EQ)~{A$AM1.jpg
c:\users\Michael\AppData\Roaming\Tencent\TXSSO\SetupLogs\setuplog.log
c:\users\Michael\AppData\Roaming\Tencent\TXSSO\SSOConfig\GlobleDB\_SID_0\_UIN_0\txssogbcf.db
c:\users\Michael\AppData\Roaming\Tencent\TXSSO\SSOConfig\GlobleDB\_SID_0\_UIN_0\txssogbcfgt.db
c:\users\Michael\AppData\Roaming\Tencent\TXSSO\SSOConfig\GlobleDB\_SID_1\_UIN_1852516993\txssogbcf.db
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\IM\CustomFaceCache\hash_1.dat
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\Cache.db
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\Misc.db
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\1065840769730bd3b87a5dd402cd12b0.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\1484625373.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\1633363810.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\1896209587.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\2050577284.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\2221444022.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\2262524733.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\246861827.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\2588380532.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\3184545946.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\3309942132.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\3840192251.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\38d1e1365e478395ae7f7779e732e873.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\3976842589.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\3a9153d471a74bd5800418258f717cbf.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\436785886.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\79b0971987ebc668e33b43d593ddd81d.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\917131511.idx
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\98460ee78ae99683bd25debbca8005b9.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\9df977734a17fe0db257d43721f59c69.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\a331c695b2549abf8c5859115a458c73.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\bd9ec7c6964deb94eefab0da9e8837fb.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\c3b2471e5c16b1d931f8f2c69ab89e49.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\cfd2eb8e30a316689a3f338bae65a762.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\~HUN_GV9LVZ4LIV{K[]}5D5.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\5[G6}THCWB_@{W0IJR_N2TP.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\6296Q0F3%08L[81HEW6~)%W.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\7P0YPM($F_8Q1K85Q51Z`21.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\8Y2XQYY_T%777Q25R2~]_2A.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\DFVQ`$[M(1F~2A($ME({]QA.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\HCF~%$3FX0EGQXJJ~L7WFGS.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\JRQP3WB$P`I8DRW91ROVSL6.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\KWKRU2_HK1@3324FQ]R{8MR.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\NIY))P_S4D5{UZ1%LXZ0G%X.tmp.tdl
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\OY6L)MNV31LYSO$%E`ZW79K.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\S2LTYEHX{LA]4UFFJG@RD7C.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\SD8}}SEH9%HF$4I3()I]7CU.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\com.tencent.advertisement\ZDV4_}QYWWOXKGPD6O62ICM.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\db6dbfa11a4c6e33d2d94683432c0a01.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\e510753ab0bb40f516a2000f9ee60b08.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\EWQ$QZ]2R[7KN8HU{EK~LO1.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\f21007c60a652dfbe8eee007fcbec6f2.tpt
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\RichOle\5RSSNE7}LPU]}M{2BDMSZ_E.jpg
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\TV1EZC9]O{S%J]$M%J8R~U3.tmp
c:\users\Michael\AppData\Roaming\Tencent\Users\1852516993\QQ\WinTemp\XWF2`J37I{30K@{7F]I7W7R.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-14 13:08 . 2011-04-14 13:11 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-04-14 13:08 . 2011-04-14 13:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-04-14 13:08 . 2011-04-14 13:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-01 07:14 . 2011-04-01 07:16 -------- d-----w- c:\users\Michael\AppData\Roaming\.minecraft
2011-03-23 00:32 . 2011-03-23 00:56 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-03-15 23:18 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\programdata\Malwarebytes
2011-03-15 23:18 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 23:18 . 2011-03-15 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 23:12 . 2011-03-15 06:41 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-11 06:54 . 2011-03-11 09:30 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FEF1A64-392F-462E-9B83-7FA1A58AC745}\mpengine.dll
2011-02-03 01:11 . 2009-11-21 16:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-31 01:59 . 2008-08-20 20:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"ButtonMonitor"="c:\program files\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-03-15 3274584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-16 198160]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-04-14 492840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-03-28 22:41 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-01-23 01:15 3046808 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-27 00:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-21 05:28 1242448 ----a-w- c:\program files\steam2\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-14 10:10 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-17 19:16 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f610cba8061f;Google Update Service (gupdate1c9f610cba8061f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-31 30192]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [2010-04-18 70728]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-13 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2010-11-04 2304]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 03:47]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 03:47]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: {56AE0D82-F326-430B-A969-118E73D932B3} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6vkuwr3k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wordsmith.org/
FF - prefs.js: keyword.URL - hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={28CE2055-8015-4796-A589-884C3F057463}&Version=3.6.3&Vintage=20100209&Defaultbrowserid=15&Productid=1704&Vendorid=3852&Offerid=6693&searchterm=
FF - prefs.js: keyword.enabled - false
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref(dom.disable_open_during_load, true); FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 06:10
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-04-14 06:21:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-14 13:21
ComboFix2.txt 2011-04-09 11:29
ComboFix3.txt 2011-03-25 10:44
ComboFix4.txt 2011-03-18 22:26
ComboFix5.txt 2011-04-14 12:54
.
Pre-Run: 221,614,641,152 bytes free
Post-Run: 221,850,193,920 bytes free
.
- - End Of File - - 6CA2B29AB34448482512F8840B1241C5
 
We have remove many files from the system. I don't see anything indicating malware. Since this problem is specific to the games, I think you will need to check the setting involved in games only: For instance, try increasing the Refresh Rate.

Some other suggestions:
1. Open perfmon and set counters for CPU and memory utilization. Then monitor hard disk read and writes/sec. Then play a game for a while. Write down on a piece of paper what time on your system clock the slow downs occur then examine the perfmon data during those times.

2. Have you updated the video card drivers?

3. Check in windows task manager and it will tell you exactly how much available RAM you really have to use on your system after what is being used for the Vista OS.

4. Is the paging file set correctly? That’s the file on your hard disk that your system uses as memory when you run true memory runs out. If that’s slow then you will experience problems like your describing.

5. One happy user found the problem was the motherboard- it couldn't handle other components. Replacing it with one of higher quality, reformatted and reinstalled Vista and all the drivers solved the problem.
=====================================
Games can be very resource intensive- some more than others. So having as much of the system resources free will help: You have many unnecessary processes starting on boot. Unchecking these will free up resources:
To remove entries from the Startup Menu using the msconfig utility:
  1. Click on the Vista start icon in the bottom left corner of your screen.
    windows_start_logo.gif
  2. Type MSCONFIG in the search box > press enter
  3. Vista asks you for permission to continue: If not logged on, enter Administrator Name & Password. If logged on. If logged on as Administrator, you will be asked if you want to continue> Click on Yes.
  4. Follow any prompts to pass through the UAC.
  5. Click on Selective Startup
  6. Choose the Startup tab:
    vista_msconfig_startup_tab.gif

    Images Courtesy NetSquirrel
  7. Windows' essential program in Vista are loaded through "Windows Services." So most of the startup items you see are optional and can be turned off. The exceptions are: AV program, 3ed party firewall if using one, Touchpad process for laptop and network process if any.
  8. To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  9. Uncheck any unneeded processes
  10. Click on Apply> OK when finished.
NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
======================================
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
  • Choose Disc Cleanup
  • Click "OK" to select the partition or drive you want.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
 
Status
Not open for further replies.
Back