Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nod32 keep showing Kryptik.AAQ


  • This topic is locked This topic is locked
12 replies to this topic

#1 zenyora

zenyora

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 10 April 2010 - 08:33 PM

hey guys ,
for the past day or so i have been going crazy over this every once in a while i keep getting something like this (the log under) on mostly anything i try to download
*************************************
4/9/2010 7:29:15 PM Real-time file system protection file C:\Users\AX2\Downloads\Sophos Endpoint Protection v.7_2008\InstallSophos7.exe a variant of Win32/Kryptik.YI trojan cleaned by deleting - quarantined
4/9/2010 6:09:48 PM Real-time file system protection file C:\Users\AX2\Downloads\Tango- When Electronica Meets Tango\09 McDougall Tango.mp3 a variant of Win32/Kryptik.AAQ trojan
4/9/2010 6:50:43 AM Real-time file system protection file C:\Users\AX2\Downloads\Portable Trillian Astra Pro 4.1.0.23\Data\Virtual\SXS\Microsoft.VC90.CRT@9.0.21022.8\msvcp90.dll a variant of Win32/Kryptik.AAQ trojan cleaned by deleting - quarantined
4/9/2010 6:49:56 AM Real-time file system protection file C:\Users\AX2\Downloads\PCTools Registry Mechanic v9.0.0\PCTools Registry Mechanic v9.0.0.zip a variant of Win32/Kryptik.AAQ trojan cleaned by deleting - quarantined
4/9/2010 6:39:52 AM Real-time file system protection file C:\$RECYCLE.BIN\S-1-5-21-3360690967-152311605-3406000596-1001\$RZDYFKE.exe a variant of Win32/Injector.AXP trojan cleaned by deleting - quarantined
*************************************

i fallowed the guide posted on your forums and other but its showing that everything is clean yet i keep getting the same thing from nod32. this is on a fresh install of windows 7 all what i did was format reinstall and restored my backup files, i attached my DDS file , Gmer gives me an error when i try to start it and most of the options are grayed out , so any help would be great ..cheers

Attached Files

  • Attached File  DDS.txt   17.19KB   12 downloads

Edited by zenyora, 10 April 2010 - 08:35 PM.


BC AdBot (Login to Remove)

 


#2 zenyora

zenyora
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 11 April 2010 - 08:03 PM

friendly bump

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:24 PM

Posted 13 April 2010 - 10:44 AM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif

***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 zenyora

zenyora
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 April 2010 - 10:52 AM

Thank you very much for the reply ill be doing this shortly and posting back ..

#5 zenyora

zenyora
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 April 2010 - 10:56 AM

DDS file attached

DDS (Ver_10-03-17.01) - NTFSX64
Run by AX2 at 10:54:23.78 on Sat 04/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8190.6284 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\nlsInterface.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AX2\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [AdobeBridge]
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

================= FIREFOX ===================

FF - ProfilePath - c:\users\ax2\appdata\roaming\mozilla\firefox\profiles\fbnu4227.default\
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\tabletplugins\npwacom.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-4-12 54480]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 123200]
R2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.EXE [2010-4-14 72192]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\common files\pc tools\smonitor\StartManSvc.exe [2010-4-9 632792]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-3-16 240232]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-4-12 6245744]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-4-12 1436424]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B922.tmp [2010-4-9 6144]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-9 1255736]

=============== Created Last 30 ================

2010-04-15 06:01:24 0 d-----w- c:\users\ax2\appdata\roaming\Mask Pro 4.0
2010-04-15 05:41:50 0 d-----w- c:\users\ax2\appdata\roaming\onOne Software
2010-04-15 05:37:36 0 d-----w- c:\programdata\onOne Software
2010-04-15 05:37:30 61440 ----a-w- c:\windows\syswow64\nlssrv32.exe
2010-04-15 05:37:30 57344 ----a-w- c:\windows\syswow64\ASTSRV.EXE
2010-04-15 05:37:27 72192 ----a-w- c:\windows\system32\nlsInterface.EXE
2010-04-15 05:37:27 0 d-----w- c:\program files (x86)\onOne Software
2010-04-14 23:00:49 0 d-----w- c:\programdata\Sun
2010-04-14 22:48:00 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2010-04-14 22:48:00 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-04-14 22:48:00 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-04-14 22:48:00 145184 ----a-w- c:\windows\syswow64\java.exe
2010-04-14 11:18:10 0 d-----w- c:\program files (x86)\common files\Alias Shared
2010-04-14 11:17:50 0 d-----w- c:\program files (x86)\Autodesk
2010-04-14 11:13:01 0 d-----w- c:\program files\common files\Autodesk Shared
2010-04-14 11:10:26 0 d-----w- c:\program files\Autodesk
2010-04-14 05:12:23 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-04-14 05:12:23 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-04-14 05:12:23 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2010-04-14 05:12:23 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-04-14 05:12:20 0 d-----w- c:\program files (x86)\Real Alternative
2010-04-14 04:20:15 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 04:20:15 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-04-14 04:20:13 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 04:20:11 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-04-14 04:20:10 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-04-14 04:20:09 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 04:20:09 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 04:20:09 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 03:49:24 1749 ----a-w- c:\windows\system32\Wacom_Tablet.dat
2010-04-14 03:28:07 107864 ----a-w- c:\windows\syswow64\tsccvid.dll
2010-04-14 03:28:05 0 d-----w- c:\windows\syswow64\QuickTime
2010-04-14 03:28:03 0 d-----w- c:\programdata\TechSmith
2010-04-14 03:27:48 0 d-----w- c:\program files (x86)\common files\TechSmith Shared
2010-04-13 22:51:37 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 22:51:36 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-13 22:51:36 139264 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 22:51:35 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-13 01:36:00 0 d-----w- c:\users\ax2\appdata\roaming\WTablet
2010-04-13 01:35:55 9056624 ----a-w- c:\windows\system32\WacomTablet.cpl
2010-04-13 01:35:55 1746986 ----a-w- c:\windows\system32\WacomTablet.znc
2010-04-13 01:35:55 0 d-----w- c:\program files (x86)\TabletPlugins
2010-04-13 01:35:52 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-04-13 01:35:43 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-04-13 01:35:37 0 d-----w- c:\windows\system32\WTablet
2010-04-13 01:35:33 6245744 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2010-04-13 01:35:33 488816 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-04-13 01:35:33 415600 ----a-w- c:\windows\syswow64\Wacom_Tablet.dll
2010-04-13 01:35:33 359424 ----a-w- c:\windows\system32\Wintab32.dll
2010-04-13 01:35:33 294400 ----a-w- c:\windows\syswow64\Wintab32.dll
2010-04-13 01:35:31 0 d-----w- c:\program files (x86)\Tablet
2010-04-13 00:49:38 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-13 00:49:25 0 d-----w- c:\program files (x86)\DAEMON Tools Lite
2010-04-13 00:49:06 0 d-----w- c:\users\ax2\appdata\roaming\DAEMON Tools Lite
2010-04-13 00:49:04 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-04-13 00:48:22 0 d-----w- c:\programdata\Apple Computer
2010-04-13 00:47:31 0 d-----w- c:\programdata\Apple
2010-04-12 21:40:42 52568 ----a-r- c:\windows\system32\AdobePDF.dll
2010-04-12 21:40:42 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-04-12 14:38:42 0 d-----w- c:\program files (x86)\Pixologic
2010-04-12 14:30:24 0 d-----w- c:\users\ax2\appdata\roaming\Autodesk
2010-04-12 14:29:10 0 d-----w- c:\users\ax2\Adlm
2010-04-12 14:13:50 0 d-----w- c:\programdata\Autodesk
2010-04-12 14:11:19 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-04-12 14:11:19 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll
2010-04-12 13:45:56 0 d-----w- c:\program files\Realtek
2010-04-12 13:45:44 0 d-----w- c:\program files (x86)\Realtek
2010-04-12 11:57:12 78936 ----a-w- c:\windows\system32\MBWrp64.dll
2010-04-12 11:57:12 1631264 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-04-12 11:57:08 0 d--h--w- c:\program files (x86)\Temp
2010-04-12 11:50:54 53248 ----a-w- c:\windows\syswow64\CSVer.dll
2010-04-12 11:50:22 0 d-----w- C:\Intel
2010-04-12 11:39:42 0 d-----w- c:\programdata\FLEXnet
2010-04-12 09:34:05 0 d-----w- c:\program files\Adobe
2010-04-12 09:29:21 0 d-----w- c:\programdata\ALM
2010-04-12 09:24:18 54480 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2010-04-12 09:24:17 0 d-----w- c:\program files (x86)\common files\Sonic Shared
2010-04-12 09:07:06 0 d-----w- c:\windows\syswow64\spool
2010-04-12 09:06:08 0 d-----w- c:\programdata\Adobe
2010-04-12 09:04:14 0 d-----w- c:\program files\common files\Macrovision Shared
2010-04-12 09:04:13 0 d-----w- c:\program files\common files\Adobe
2010-04-12 09:01:57 0 d-----w- c:\program files (x86)\common files\Macrovision Shared
2010-04-11 12:09:35 0 d-----w- c:\windows\system32\appmgmt
2010-04-11 12:04:15 0 d-----w- c:\users\ax2\appdata\roaming\FreeAudioPack
2010-04-11 12:04:15 0 d-----w- c:\program files (x86)\Free Audio Pack
2010-04-11 06:34:29 0 d-----w- c:\programdata\SRS Labs
2010-04-11 06:34:05 346992 ----a-w- c:\windows\system32\drivers\SRS_SSCFilter_amd64.sys
2010-04-11 06:34:01 0 d-----w- c:\program files\SRS Labs
2010-04-10 05:17:00 0 d-----w- c:\program files (x86)\SoundSpectrum
2010-04-10 04:36:43 215128 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-04-10 04:36:32 215128 ----a-w- c:\windows\syswow64\PnkBstrB.xtr
2010-04-10 04:36:27 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-04-10 02:40:55 0 d-----w- c:\program files (x86)\TrendMicro
2010-04-10 02:17:58 6144 ------w- c:\windows\system32\B922.tmp
2010-04-10 02:15:16 6144 ------w- c:\windows\system32\3EC4.tmp
2010-04-10 02:14:59 0 d-----w- c:\program files (x86)\Sophos
2010-04-10 01:46:06 0 d-----w- c:\users\ax2\DoctorWeb
2010-04-10 01:27:39 0 d-----w- c:\windows\pss
2010-04-09 20:54:48 0 d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-04-09 17:08:56 0 d-----w- c:\programdata\NVIDIA
2010-04-09 17:07:42 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-04-09 17:07:17 0 d-----w- c:\program files\NVIDIA Corporation
2010-04-09 17:06:29 9832 ----a-w- c:\windows\system32\nvinfo.pb
2010-04-09 16:57:41 0 d-----w- C:\Fraps
2010-04-09 16:57:24 0 d-----w- c:\program files (x86)\Phyxion.net
2010-04-09 16:52:57 0 d-----w- c:\users\ax2\appdata\roaming\DisplayFusion
2010-04-09 16:51:58 0 d-----w- c:\program files (x86)\DisplayFusion
2010-04-09 16:48:02 20 ----a-w- c:\windows\system32\PDBootState
2010-04-09 15:36:57 65536 --sha-w- c:\users\ax2\NTUSER.DAT{d7d687c4-43e3-11df-9d37-001fd081348a}.TM.blf
2010-04-09 15:36:57 524288 --sha-w- c:\users\ax2\NTUSER.DAT{d7d687c4-43e3-11df-9d37-001fd081348a}.TMContainer00000000000000000002.regtrans-ms
2010-04-09 15:36:57 524288 --sha-w- c:\users\ax2\NTUSER.DAT{d7d687c4-43e3-11df-9d37-001fd081348a}.TMContainer00000000000000000001.regtrans-ms
2010-04-09 15:35:01 0 d-----w- c:\users\ax2\appdata\roaming\Registry Mechanic
2010-04-09 15:34:59 0 --sha-w- c:\users\ax2\S-1-5-21-3360690967-152311605-3406000596-1001.rrr.LOG2
2010-04-09 15:34:59 0 --sha-w- c:\users\ax2\S-1-5-21-3360690967-152311605-3406000596-1001.rrr.LOG1
2010-04-09 15:32:26 0 d---a-w- c:\programdata\TEMP
2010-04-09 15:32:10 880640 ----a-w- c:\windows\syswow64\UniBox10.ocx
2010-04-09 15:32:10 506368 ----a-w- c:\windows\syswow64\msxml.dll
2010-04-09 15:32:10 212992 ----a-w- c:\windows\syswow64\UniBoxVB12.ocx
2010-04-09 15:32:10 1101824 ----a-w- c:\windows\syswow64\UniBox210.ocx
2010-04-09 15:32:10 1081616 ----a-w- c:\windows\syswow64\MSCOMCTL.OCX
2010-04-09 15:32:04 0 d-----w- c:\program files (x86)\common files\PC Tools
2010-04-09 15:29:45 0 d-----w- c:\program files (x86)\CCleaner
2010-04-09 14:27:51 0 d-----w- c:\users\ax2\AdobeLicensingFilesBackup
2010-04-09 14:27:46 0 d-----w- c:\users\ax2\Games
2010-04-09 14:07:35 0 d-----w- c:\windows\syswow64\Wat
2010-04-09 14:07:35 0 d-----w- c:\windows\system32\Wat
2010-04-09 14:04:43 0 d-----w- c:\users\ax2\appdata\roaming\Malwarebytes
2010-04-09 14:04:38 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 14:04:38 0 d-----w- c:\programdata\Malwarebytes
2010-04-09 14:04:37 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-04-09 14:02:44 0 d-----w- c:\users\ax2\appdata\roaming\Trillian
2010-04-09 13:41:34 0 d-----w- c:\programdata\Raxco
2010-04-09 13:41:33 0 d-----w- c:\program files\Raxco
2010-04-09 13:41:04 0 d-----w- c:\program files (x86)\Raxco
2010-04-09 13:38:46 0 d-----w- c:\windows\Panther
2010-04-09 13:38:41 45056 ----a-w- c:\windows\syswow64\wnaspi32.dll
2010-04-09 13:38:41 4244744 ----a-w- c:\windows\syswow64\qtp-mt334.dll
2010-04-09 13:38:41 247560 ----a-w- c:\windows\syswow64\prgiso.dll
2010-04-09 13:38:22 0 d-----w- c:\program files (x86)\Paragon Software
2010-04-09 13:37:26 0 d-----w- c:\programdata\Genie-Soft
2010-04-09 13:36:41 0 d-----w- c:\program files\WinRAR
2010-04-09 13:34:56 0 d-----w- c:\users\ax2\appdata\roaming\Genie-Soft
2010-04-09 13:34:28 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-04-09 13:34:18 0 d-----w- c:\program files (x86)\Genie-Soft
2010-04-09 13:29:06 0 d-----w- c:\programdata\ESET
2010-04-09 13:29:06 0 d-----w- c:\program files\ESET
2010-04-09 13:26:03 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-09 13:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-09 13:24:04 0 d-----w- c:\windows\syswow64\Macromed
2010-04-09 13:19:04 0 d-sh--w- c:\windows\Installer
2010-04-09 13:18:27 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-09 13:18:27 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-04-09 13:16:25 76092 ----a-w- c:\windows\system32\perfc001.dat
2010-04-09 13:16:25 637794 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-09 13:16:25 434950 ----a-w- c:\windows\system32\perfh001.dat
2010-04-09 13:16:25 42056 ----a-w- c:\windows\system32\perfd001.dat
2010-04-09 13:16:25 38160 ----a-w- c:\windows\system32\perfd00C.dat
2010-04-09 13:16:25 344522 ----a-w- c:\windows\system32\perfi00C.dat
2010-04-09 13:16:25 289060 ----a-w- c:\windows\system32\perfi001.dat
2010-04-09 13:16:25 107650 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-09 13:07:59 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-04-09 13:01:39 3 ----a-w- c:\windows\7Loader.TAG
2010-04-09 12:51:45 0 d-----w- c:\program files (x86)\uTorrent
2010-04-09 12:51:24 0 d-----w- c:\users\ax2\appdata\roaming\uTorrent
2010-03-31 06:00:46 86016 ----a-w- c:\windows\syswow64\frapsvid.dll
2010-03-31 06:00:44 84992 ----a-w- c:\windows\system32\frapsv64.dll

==================== Find3M ====================

2010-04-09 13:15:27 42056 ----a-w- c:\windows\inf\perflib\0401\perfd.dat
2010-04-09 13:15:27 42056 ----a-w- c:\windows\inf\perflib\0401\perfc.dat
2010-04-09 13:15:27 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2010-04-09 13:15:27 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2010-04-09 13:15:27 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2010-04-09 13:15:27 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2010-04-09 13:15:27 289060 ----a-w- c:\windows\inf\perflib\0401\perfi.dat
2010-04-09 13:15:27 289060 ----a-w- c:\windows\inf\perflib\0401\perfh.dat
2010-03-16 09:53:00 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-03-16 09:53:00 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-16 09:53:00 14828648 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 09:53:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 09:53:00 1067624 ----a-w- c:\windows\system32\nvsvc64.dll
2010-02-24 17:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-26 21:09:26 260872 ----a-w- c:\windows\system32\PDBoot.exe
2010-01-25 05:38:44 47912 ----a-w- c:\windows\system32\wacomwucoinst3.dll
2010-01-19 11:10:12 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2010-01-19 11:10:06 149536 ----a-w- c:\windows\system32\RtkCfg64.dll
2010-01-19 11:10:04 1814560 ----a-w- c:\windows\system32\RtPgEx64.dll
2010-01-19 11:10:00 477216 ----a-w- c:\windows\system32\RtkApi64.dll
2010-01-19 11:10:00 1206304 ----a-w- c:\windows\system32\RTCOM64.dll
2010-01-19 11:09:54 68640 ----a-w- c:\windows\system32\RCoInst64.dll
2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll
2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 10:54:42.89 ===============

Attached Files

  • Attached File  DDS.txt   26.83KB   8 downloads

Edited by Blade Zephon, 18 April 2010 - 06:46 AM.
Posted content of log into thread to facilitate analysis. Please do not attach logs unless the board will not permit you to paste them directly. Thanks!!!


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:24 PM

Posted 18 April 2010 - 06:44 AM

Hello zenyora.

You missed part of the DDS report. Please note that two logs should appear upon the completion of DDS. One is titled "DDS.txt" and the other "Attach.txt"

Please re-run DDS and post me both logs.

Thanks

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 zenyora

zenyora
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 18 April 2010 - 06:57 AM

sorry about that , i have attached both files , thanks again for the help

DDS (Ver_10-03-17.01) - NTFSX64
Run by AX2 at 6:58:35.15 on Sun 04/18/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8190.6574 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\nlsInterface.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\AX2\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [AdobeBridge]
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

================= FIREFOX ===================

FF - ProfilePath - c:\users\ax2\appdata\roaming\mozilla\firefox\profiles\fbnu4227.default\
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\tabletplugins\npwacom.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-4-12 54480]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 123200]
R2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.EXE [2010-4-14 72192]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\common files\pc tools\smonitor\StartManSvc.exe [2010-4-9 632792]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-3-16 240232]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-4-12 6245744]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-4-12 1436424]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B922.tmp [2010-4-9 6144]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-9 1255736]

=============== Created Last 30 ================

2010-04-18 07:45:42 7680 ----a-w- c:\windows\syswow64\ff_vfw.dll
2010-04-18 07:45:42 547 ----a-w- c:\windows\syswow64\ff_vfw.dll.manifest
2010-04-18 07:45:41 60273 ----a-w- c:\windows\syswow64\pthreadGC2.dll
2010-04-18 07:45:39 0 d-----w- c:\program files (x86)\ffdshow
2010-04-18 07:45:14 0 d-----w- c:\program files (x86)\TVersity Codec Pack
2010-04-18 07:45:00 0 d-----w- c:\program files (x86)\TVersity
2010-04-15 06:01:24 0 d-----w- c:\users\ax2\appdata\roaming\Mask Pro 4.0
2010-04-15 05:41:50 0 d-----w- c:\users\ax2\appdata\roaming\onOne Software
2010-04-15 05:37:36 0 d-----w- c:\programdata\onOne Software
2010-04-15 05:37:30 61440 ----a-w- c:\windows\syswow64\nlssrv32.exe
2010-04-15 05:37:30 57344 ----a-w- c:\windows\syswow64\ASTSRV.EXE
2010-04-15 05:37:27 72192 ----a-w- c:\windows\system32\nlsInterface.EXE
2010-04-15 05:37:27 0 d-----w- c:\program files (x86)\onOne Software
2010-04-14 23:00:49 0 d-----w- c:\programdata\Sun
2010-04-14 22:48:00 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2010-04-14 22:48:00 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-04-14 22:48:00 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-04-14 22:48:00 145184 ----a-w- c:\windows\syswow64\java.exe
2010-04-14 11:18:10 0 d-----w- c:\program files (x86)\common files\Alias Shared
2010-04-14 11:17:50 0 d-----w- c:\program files (x86)\Autodesk
2010-04-14 11:13:01 0 d-----w- c:\program files\common files\Autodesk Shared
2010-04-14 11:10:26 0 d-----w- c:\program files\Autodesk
2010-04-14 05:12:23 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-04-14 05:12:23 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-04-14 05:12:23 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2010-04-14 05:12:23 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-04-14 05:12:20 0 d-----w- c:\program files (x86)\Real Alternative
2010-04-14 04:20:15 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 04:20:15 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-04-14 04:20:13 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 04:20:11 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-04-14 04:20:10 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-04-14 04:20:09 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 04:20:09 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 04:20:09 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 03:49:24 1749 ----a-w- c:\windows\system32\Wacom_Tablet.dat
2010-04-14 03:28:07 107864 ----a-w- c:\windows\syswow64\tsccvid.dll
2010-04-14 03:28:05 0 d-----w- c:\windows\syswow64\QuickTime
2010-04-14 03:28:03 0 d-----w- c:\programdata\TechSmith
2010-04-14 03:27:48 0 d-----w- c:\program files (x86)\common files\TechSmith Shared
2010-04-13 22:51:37 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 22:51:36 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-13 22:51:36 139264 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 22:51:35 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-13 01:36:00 0 d-----w- c:\users\ax2\appdata\roaming\WTablet
2010-04-13 01:35:55 9056624 ----a-w- c:\windows\system32\WacomTablet.cpl
2010-04-13 01:35:55 1746986 ----a-w- c:\windows\system32\WacomTablet.znc
2010-04-13 01:35:55 0 d-----w- c:\program files (x86)\TabletPlugins
2010-04-13 01:35:52 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-04-13 01:35:43 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-04-13 01:35:37 0 d-----w- c:\windows\system32\WTablet
2010-04-13 01:35:33 6245744 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2010-04-13 01:35:33 488816 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-04-13 01:35:33 415600 ----a-w- c:\windows\syswow64\Wacom_Tablet.dll
2010-04-13 01:35:33 359424 ----a-w- c:\windows\system32\Wintab32.dll
2010-04-13 01:35:33 294400 ----a-w- c:\windows\syswow64\Wintab32.dll
2010-04-13 01:35:31 0 d-----w- c:\program files (x86)\Tablet
2010-04-13 00:49:38 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-13 00:49:25 0 d-----w- c:\program files (x86)\DAEMON Tools Lite
2010-04-13 00:49:06 0 d-----w- c:\users\ax2\appdata\roaming\DAEMON Tools Lite
2010-04-13 00:49:04 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-04-13 00:48:22 0 d-----w- c:\programdata\Apple Computer
2010-04-13 00:47:31 0 d-----w- c:\programdata\Apple
2010-04-12 21:40:42 52568 ----a-r- c:\windows\system32\AdobePDF.dll
2010-04-12 21:40:42 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-04-12 14:38:42 0 d-----w- c:\program files (x86)\Pixologic
2010-04-12 14:30:24 0 d-----w- c:\users\ax2\appdata\roaming\Autodesk
2010-04-12 14:29:10 0 d-----w- c:\users\ax2\Adlm
2010-04-12 14:13:50 0 d-----w- c:\programdata\Autodesk
2010-04-12 14:11:19 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-04-12 14:11:19 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll
2010-04-12 13:45:56 0 d-----w- c:\program files\Realtek
2010-04-12 13:45:44 0 d-----w- c:\program files (x86)\Realtek
2010-04-12 11:57:12 78936 ----a-w- c:\windows\system32\MBWrp64.dll
2010-04-12 11:57:12 1631264 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-04-12 11:57:08 0 d--h--w- c:\program files (x86)\Temp
2010-04-12 11:50:54 53248 ----a-w- c:\windows\syswow64\CSVer.dll
2010-04-12 11:50:22 0 d-----w- C:\Intel
2010-04-12 11:39:42 0 d-----w- c:\programdata\FLEXnet
2010-04-12 09:34:05 0 d-----w- c:\program files\Adobe
2010-04-12 09:29:21 0 d-----w- c:\programdata\ALM
2010-04-12 09:24:18 54480 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2010-04-12 09:24:17 0 d-----w- c:\program files (x86)\common files\Sonic Shared
2010-04-12 09:07:06 0 d-----w- c:\windows\syswow64\spool
2010-04-12 09:06:08 0 d-----w- c:\programdata\Adobe
2010-04-12 09:04:14 0 d-----w- c:\program files\common files\Macrovision Shared
2010-04-12 09:04:13 0 d-----w- c:\program files\common files\Adobe
2010-04-12 09:01:57 0 d-----w- c:\program files (x86)\common files\Macrovision Shared
2010-04-11 12:09:35 0 d-----w- c:\windows\system32\appmgmt
2010-04-11 12:04:15 0 d-----w- c:\users\ax2\appdata\roaming\FreeAudioPack
2010-04-11 12:04:15 0 d-----w- c:\program files (x86)\Free Audio Pack
2010-04-11 06:34:29 0 d-----w- c:\programdata\SRS Labs
2010-04-11 06:34:05 346992 ----a-w- c:\windows\system32\drivers\SRS_SSCFilter_amd64.sys
2010-04-11 06:34:01 0 d-----w- c:\program files\SRS Labs
2010-04-10 05:17:00 0 d-----w- c:\program files (x86)\SoundSpectrum
2010-04-10 04:36:43 215128 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-04-10 04:36:32 215128 ----a-w- c:\windows\syswow64\PnkBstrB.xtr
2010-04-10 04:36:27 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-04-10 02:40:55 0 d-----w- c:\program files (x86)\TrendMicro
2010-04-10 02:17:58 6144 ------w- c:\windows\system32\B922.tmp
2010-04-10 02:15:16 6144 ------w- c:\windows\system32\3EC4.tmp
2010-04-10 02:14:59 0 d-----w- c:\program files (x86)\Sophos
2010-04-10 01:46:06 0 d-----w- c:\users\ax2\DoctorWeb
2010-04-10 01:27:39 0 d-----w- c:\windows\pss
2010-04-09 20:54:48 0 d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-04-09 17:08:56 0 d-----w- c:\programdata\NVIDIA
2010-04-09 17:07:42 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-04-09 17:07:17 0 d-----w- c:\program files\NVIDIA Corporation
2010-04-09 17:06:29 9832 ----a-w- c:\windows\system32\nvinfo.pb
2010-04-09 16:57:41 0 d-----w- C:\Fraps
2010-04-09 16:57:24 0 d-----w- c:\program files (x86)\Phyxion.net
2010-04-09 16:52:57 0 d-----w- c:\users\ax2\appdata\roaming\DisplayFusion
2010-04-09 16:51:58 0 d-----w- c:\program files (x86)\DisplayFusion
2010-04-09 16:48:02 20 ----a-w- c:\windows\system32\PDBootState
2010-04-09 15:36:57 65536 --sha-w- c:\users\ax2\NTUSER.DAT{d7d687c4-43e3-11df-9d37-001fd081348a}.TM.blf
2010-04-09 15:36:57 524288 --sha-w- c:\users\ax2\NTUSER.DAT{d7d687c4-43e3-11df-9d37-001fd081348a}.TMContainer00000000000000000002.regtrans-ms
2010-04-09 15:36:57 524288 --sha-w- c:\users\ax2\NTUSER.DAT{d7d687c4-43e3-11df-9d37-001fd081348a}.TMContainer00000000000000000001.regtrans-ms
2010-04-09 15:35:01 0 d-----w- c:\users\ax2\appdata\roaming\Registry Mechanic
2010-04-09 15:34:59 0 --sha-w- c:\users\ax2\S-1-5-21-3360690967-152311605-3406000596-1001.rrr.LOG2
2010-04-09 15:34:59 0 --sha-w- c:\users\ax2\S-1-5-21-3360690967-152311605-3406000596-1001.rrr.LOG1
2010-04-09 15:32:26 0 d---a-w- c:\programdata\TEMP
2010-04-09 15:32:10 880640 ----a-w- c:\windows\syswow64\UniBox10.ocx
2010-04-09 15:32:10 506368 ----a-w- c:\windows\syswow64\msxml.dll
2010-04-09 15:32:10 212992 ----a-w- c:\windows\syswow64\UniBoxVB12.ocx
2010-04-09 15:32:10 1101824 ----a-w- c:\windows\syswow64\UniBox210.ocx
2010-04-09 15:32:10 1081616 ----a-w- c:\windows\syswow64\MSCOMCTL.OCX
2010-04-09 15:32:04 0 d-----w- c:\program files (x86)\common files\PC Tools
2010-04-09 15:29:45 0 d-----w- c:\program files (x86)\CCleaner
2010-04-09 14:27:51 0 d-----w- c:\users\ax2\AdobeLicensingFilesBackup
2010-04-09 14:27:46 0 d-----w- c:\users\ax2\Games
2010-04-09 14:07:35 0 d-----w- c:\windows\syswow64\Wat
2010-04-09 14:07:35 0 d-----w- c:\windows\system32\Wat
2010-04-09 14:04:43 0 d-----w- c:\users\ax2\appdata\roaming\Malwarebytes
2010-04-09 14:04:38 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 14:04:38 0 d-----w- c:\programdata\Malwarebytes
2010-04-09 14:04:37 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-04-09 14:02:44 0 d-----w- c:\users\ax2\appdata\roaming\Trillian
2010-04-09 13:41:34 0 d-----w- c:\programdata\Raxco
2010-04-09 13:41:33 0 d-----w- c:\program files\Raxco
2010-04-09 13:41:04 0 d-----w- c:\program files (x86)\Raxco
2010-04-09 13:38:46 0 d-----w- c:\windows\Panther
2010-04-09 13:38:41 45056 ----a-w- c:\windows\syswow64\wnaspi32.dll
2010-04-09 13:38:41 4244744 ----a-w- c:\windows\syswow64\qtp-mt334.dll
2010-04-09 13:38:41 247560 ----a-w- c:\windows\syswow64\prgiso.dll
2010-04-09 13:38:22 0 d-----w- c:\program files (x86)\Paragon Software
2010-04-09 13:37:26 0 d-----w- c:\programdata\Genie-Soft
2010-04-09 13:36:41 0 d-----w- c:\program files\WinRAR
2010-04-09 13:34:56 0 d-----w- c:\users\ax2\appdata\roaming\Genie-Soft
2010-04-09 13:34:28 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-04-09 13:34:18 0 d-----w- c:\program files (x86)\Genie-Soft
2010-04-09 13:29:06 0 d-----w- c:\programdata\ESET
2010-04-09 13:29:06 0 d-----w- c:\program files\ESET
2010-04-09 13:26:03 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-09 13:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-09 13:24:04 0 d-----w- c:\windows\syswow64\Macromed
2010-04-09 13:19:04 0 d-sh--w- c:\windows\Installer
2010-04-09 13:18:27 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-09 13:18:27 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-04-09 13:16:25 76092 ----a-w- c:\windows\system32\perfc001.dat
2010-04-09 13:16:25 637794 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-09 13:16:25 434950 ----a-w- c:\windows\system32\perfh001.dat
2010-04-09 13:16:25 42056 ----a-w- c:\windows\system32\perfd001.dat
2010-04-09 13:16:25 38160 ----a-w- c:\windows\system32\perfd00C.dat
2010-04-09 13:16:25 344522 ----a-w- c:\windows\system32\perfi00C.dat
2010-04-09 13:16:25 289060 ----a-w- c:\windows\system32\perfi001.dat
2010-04-09 13:16:25 107650 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-09 13:07:59 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-04-09 13:01:39 3 ----a-w- c:\windows\7Loader.TAG
2010-04-09 12:51:45 0 d-----w- c:\program files (x86)\uTorrent
2010-04-09 12:51:24 0 d-----w- c:\users\ax2\appdata\roaming\uTorrent
2010-03-31 06:00:46 86016 ----a-w- c:\windows\syswow64\frapsvid.dll
2010-03-31 06:00:44 84992 ----a-w- c:\windows\system32\frapsv64.dll

==================== Find3M ====================

2010-04-09 13:15:27 42056 ----a-w- c:\windows\inf\perflib\0401\perfd.dat
2010-04-09 13:15:27 42056 ----a-w- c:\windows\inf\perflib\0401\perfc.dat
2010-04-09 13:15:27 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2010-04-09 13:15:27 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2010-04-09 13:15:27 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2010-04-09 13:15:27 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2010-04-09 13:15:27 289060 ----a-w- c:\windows\inf\perflib\0401\perfi.dat
2010-04-09 13:15:27 289060 ----a-w- c:\windows\inf\perflib\0401\perfh.dat
2010-03-16 09:53:00 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-03-16 09:53:00 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-16 09:53:00 14828648 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 09:53:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 09:53:00 1067624 ----a-w- c:\windows\system32\nvsvc64.dll
2010-02-24 17:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-26 21:09:26 260872 ----a-w- c:\windows\system32\PDBoot.exe
2010-01-25 05:38:44 47912 ----a-w- c:\windows\system32\wacomwucoinst3.dll
2010-01-19 11:10:12 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2010-01-19 11:10:06 149536 ----a-w- c:\windows\system32\RtkCfg64.dll
2010-01-19 11:10:04 1814560 ----a-w- c:\windows\system32\RtPgEx64.dll
2010-01-19 11:10:00 477216 ----a-w- c:\windows\system32\RtkApi64.dll
2010-01-19 11:10:00 1206304 ----a-w- c:\windows\system32\RTCOM64.dll
2010-01-19 11:09:54 68640 ----a-w- c:\windows\system32\RCoInst64.dll
2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll
2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 6:58:45.40 ===============


***************************************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/9/2010 5:47:44 AM
System Uptime: 4/17/2010 6:20:13 AM (24 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3P
Processor: Intel® Core™2 Quad CPU Q9550 @ 2.83GHz | Socket 775 | 2834/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 157.251 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 596 GiB total, 476.63 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 579.506 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP49: 4/17/2010 8:37:19 PM - Scheduled Checkpoint

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.3.1 - CPSID_50570
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
Autodesk Backburner 2011.0.0
Battlefield: Bad Company™ 2
Camtasia Studio 6
CCleaner
Connect
DisplayFusion 3.1.8.0
Driver Sweeper 2.1.0
ffdshow [rev 1723] [2007-12-24]
Fraps
Free Mp3 Wma Converter V 1.9
Genie Backup Manager Pro 8.0
HiJackThis
Java Auto Updater
Java™ 6 Update 18
kuler
Malwarebytes' Anti-Malware
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.3)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Paragon Drive Backup 8.51 Professional Trial
Paragon Partition Manager 9.0 Professional
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Plug-in Suite 5
QuickTime
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Registry Mechanic 9.0
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Sophos Anti-Rootkit 1.5.0
Suite Shared Configuration CS4
Trillian
TVersity Codec Pack 1.2
TVersity Media Server Pro 1.7.2.1 Beta
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
WhiteCap
Windows Media Player Firefox Plugin
ZBrush 3.5 R3

==== Event Viewer Messages From Past Week ========

4/18/2010 12:45:44 AM, Error: Service Control Manager [7030] - The TVersityMediaServer service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/18/2010 12:36:09 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
4/17/2010 6:52:58 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/16/2010 7:03:31 PM, Error: Service Control Manager [7016] - The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.
4/11/2010 4:54:19 AM, Error: Service Control Manager [7000] - The Advanced SCSI Programming Interface Driver service failed to start due to the following error: This driver has been blocked from loading
4/11/2010 4:54:19 AM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\DRIVERS\ASPI32.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

==== End Of File ===========================

Attached Files


Edited by Blade Zephon, 19 April 2010 - 01:49 AM.
Reason for edit: Posted content of log into thread to facilitate analysis. Please do not attach logs unless the board will not permit you to paste them directly. Thanks!!!


#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:24 PM

Posted 19 April 2010 - 02:06 AM

Hello zenyora

Let's get a second opinion on what we're dealing with. From the look of things we may just be dealing with false positives, but we'll make sure. Please be aware that this scan will take some time to run.

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply .

~Blade


In your next reply, please include the following:
Kaspersky Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 zenyora

zenyora
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 19 April 2010 - 10:51 AM

Thank you . i really hope this is the case as this is my work computer .The scan has been running for almost 2 hours now and its on 11% so i think its going take some time . ill post again when its done ..

#10 zenyora

zenyora
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 20 April 2010 - 11:21 AM

after 24 hours of scanning it was on 44% and the scanner was scanning my last hard-drive then my internet got disconnected , but until that point everything was clean .should i assume its clean as before i done the scan with Kaspersky i was scanning with Malwarebytes bytes and everything was clean or should i start again .

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:24 PM

Posted 20 April 2010 - 09:24 PM

It's up to you really. . . . Nod32 is known for false positives like this. My opinion is that the machine is clean

If you feel comfortable, then there's really no need to scan again.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 zenyora

zenyora
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 20 April 2010 - 10:14 PM

well if anything happens later on ill post again but for now i think i am fine. thank you very much for your help and for your time . very professional and pleasant to deal with the internet need more like you smile.gif

Edited by zenyora, 20 April 2010 - 10:15 PM.


#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:24 PM

Posted 21 April 2010 - 11:56 AM

Sounds good. thumbup2.gif

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users