Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Eeepc Runs Hot, Screen Goes Black And Turns Off !!@


  • This topic is locked This topic is locked
10 replies to this topic

#1 mke233

mke233

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 16 June 2010 - 10:09 PM

Hey Everyone, I'm Mike I'm new to this forum I have been having problems with my Eeepc 900HA running normally for the first few minutes, soon after the screen goes black and fan runs on full. I have also notices that I seem to have the google re-direct virus or w/e on firefox and seems to keep re-directing me to random sites. anyone with information, or any idea, let me know. here is my HijackThis file :
Thanx


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:35 PM, on 16/06/2010
Platform: Unknown Windows(7) (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\setfsb_2_2_134_98\setfsb.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: setfsb.lnk = C:\Program Files\setfsb_2_2_134_98\setfsb.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: nmklo
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GenericMount Helper Service - Unknown owner - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SymSnapService - Unknown owner - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (file missing)
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6373 bytes

Edited by Budapest, 16 June 2010 - 10:42 PM.
Moved from Win7 ~BP


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:33 AM

Posted 22 June 2010 - 04:17 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 mke233

mke233
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 23 June 2010 - 09:51 AM

awesome thanks alot, i am just completing the scans. i will have the results posted soon

#4 mke233

mke233
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 23 June 2010 - 09:54 AM

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Mike at 11:55:34.16 on 02/01/2002
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.2039.1285 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\ctfmon.exe
C:\Users\Mike\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Download Guard for Internet Explorer: {20c1a7f0-528e-444f-bac5-5804a61cca7f} - c:\program files\lavasoft\download guard for internet explorer\DownloadGuardBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [<NO NAME>]
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: nmklo
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\p14vivo6.default\
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-11 64288]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-4-20 20968]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-3 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-5-7 1051976]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\norton ghost\shared\drivers\genericmounthelper.exe" --> c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [?]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 57840]
S3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\symsnapservice.exe" --> c:\program files\norton ghost\shared\drivers\SymSnapService.exe [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-23 1343400]

=============== Created Last 30 ================

2010-10-22 00:07:24 0 d-----w- c:\users\mike\appdata\roaming\Symantec
2010-10-22 00:06:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-10-21 23:21:18 0 d-----w- c:\windows\Panther
2010-10-21 22:23:05 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-10-21 22:23:05 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-10-21 22:23:05 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-10-21 22:23:04 0 d-----w- c:\program files\Symantec
2010-10-21 22:21:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
2010-10-21 22:20:23 0 d-----w- c:\program files\common files\Symantec Shared
2010-10-21 22:20:01 0 d-----w- c:\programdata\Symantec
2010-10-21 22:20:01 0 d-----w- c:\programdata\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2010-10-21 21:43:26 0 d-----w- c:\windows\Options
2010-10-21 21:40:39 0 d-----w- c:\programdata\Atheros
2010-10-21 21:39:58 0 d-----w- c:\program files\Elantech
2010-10-21 21:36:51 192512 ----a-w- c:\windows\system32\ETDCoinst.dll
2010-10-21 21:35:43 0 d-----w- c:\program files\Julien MANICI
2010-10-21 21:20:36 0 d-----w- c:\program files\EeePC
2010-10-21 21:16:15 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-21 21:16:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-21 21:15:25 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-21 21:12:14 0 d-----w- c:\programdata\Apple Computer
2010-10-21 21:10:39 0 d-----w- c:\programdata\Apple
2010-10-21 20:58:54 0 d-----w- c:\users\mike\Tracing
2010-10-21 20:57:49 0 d-----w- c:\program files\Microsoft
2010-10-21 20:57:09 0 d-----w- c:\program files\Windows Live SkyDrive
2010-10-21 20:56:06 0 d-----w- c:\windows\PCHEALTH
2010-10-21 20:56:00 0 d-sh--w- c:\windows\Installer
2010-10-21 20:51:47 0 d-----w- c:\program files\common files\Windows Live
2010-10-21 20:39:44 0 d-----w- c:\users\mike\appdata\roaming\BitTorrent
2010-10-21 20:33:20 0 d-----w- c:\program files\BitTorrent
2010-10-21 20:28:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-21 20:28:01 0 d-----w- c:\program files\DAEMON Tools Lite
2010-10-21 20:27:21 0 d-----w- c:\users\mike\appdata\roaming\DAEMON Tools Lite
2010-10-21 20:27:18 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-10-21 20:24:24 0 d-----w- c:\program files\VideoLAN
2010-10-21 20:20:08 0 d-----w- c:\program files\setfsb_2_2_134_98
2010-10-21 20:03:58 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-10-21 20:03:30 0 d-----w- c:\windows\system32\wbem\Performance
2010-10-21 19:56:23 0 d-----w- C:\Recovery
2010-10-21 19:10:22 383562 --sha-r- C:\bootmgr
2010-10-21 19:10:21 0 d-----w- C:\Boot
2010-06-17 03:37:15 0 d-----w- c:\windows\pss
2010-06-17 02:52:47 65536 --sha-w- c:\users\mike\ntuser.dat{439acde1-79bb-11df-877f-00248c019bef}.TM.blf
2010-06-17 02:52:47 524288 --sha-w- c:\users\mike\ntuser.dat{439acde1-79bb-11df-877f-00248c019bef}.TMContainer00000000000000000002.regtrans-ms
2010-06-17 02:52:47 524288 --sha-w- c:\users\mike\ntuser.dat{439acde1-79bb-11df-877f-00248c019bef}.TMContainer00000000000000000001.regtrans-ms
2010-06-17 02:11:37 0 dc----w- c:\programdata\{CCE9E666-4D7C-4946-A98B-CFDE0A0C1706}
2010-06-16 18:27:29 0 d-----w- c:\program files\Trend Micro
2010-06-16 02:06:16 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-06-15 15:55:45 32768 ----a-w- c:\windows\system32\hgtd.ruy
2010-06-15 15:55:44 65024 ----a-w- c:\windows\system32\h7t.wt
2010-06-15 15:55:41 135168 ----a-w- c:\windows\system32\nmklo.dll
2010-06-15 15:55:39 154624 ----a-w- c:\windows\system32\cooper.mine
2010-06-12 00:22:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-11 23:54:25 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-11 23:54:12 0 d-----w- c:\program files\Lavasoft
2010-06-11 23:54:11 0 d-----w- c:\programdata\Lavasoft
2010-06-11 13:10:39 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 13:10:38 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 13:10:25 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-11 13:06:01 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 13:06:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-04 02:29:58 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-04 02:29:58 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-04 02:17:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-06-04 02:17:06 315392 ----a-w- c:\windows\HideWin.exe
2010-06-04 02:17:06 0 d-----w- c:\program files\Kristanix
2010-06-03 01:59:37 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-06-03 01:59:37 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-06-02 19:35:13 0 d--h--w- c:\windows\msdownld.tmp
2010-05-31 00:20:50 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-12 15:38:26 0 d-----w- c:\program files\MSXML 4.0
2010-05-11 22:31:08 0 d-----w- c:\program files\TuneUpMedia
2010-05-11 20:26:14 0 d-----w- c:\users\mike\appdata\roaming\TuneUpMedia
2010-05-11 20:26:11 0 d-----w- c:\programdata\TuneUpMedia
2010-05-11 20:24:36 0 d-----w- c:\users\mike\appdata\roaming\OpenCandy
2010-05-11 20:18:41 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 01:53:02 256 ----a-w- c:\windows\system32\pool.bin
2010-05-11 01:52:56 0 d-----w- c:\users\mike\appdata\roaming\Research In Motion
2010-05-11 01:09:53 0 d-----w- c:\programdata\InstallShield
2010-05-11 01:09:41 0 d-----w- c:\programdata\Sonic
2010-05-11 01:07:17 0 d-----w- c:\program files\common files\PX Storage Engine
2010-05-11 01:06:49 0 d-----w- c:\programdata\Roxio
2010-05-11 01:06:49 0 d-----w- c:\program files\common files\Sonic Shared
2010-05-11 01:06:48 0 d-----w- c:\program files\Roxio
2010-05-11 01:00:39 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-05-11 01:00:07 0 d-----w- c:\programdata\Research In Motion
2010-05-11 00:59:56 0 d-----w- c:\program files\Research In Motion
2010-05-11 00:59:56 0 d-----w- c:\program files\common files\Research In Motion
2010-05-10 00:30:19 0 d-----w- c:\users\mike\appdata\roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-05-10 00:30:16 0 d-----w- c:\programdata\Adobe
2010-05-10 00:30:03 0 d-----w- c:\program files\TweetDeck
2010-05-09 23:49:10 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-05-09 14:50:07 0 d-----w- c:\program files\WallpaperScreensavers.net
2010-05-09 13:49:18 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-04 12:38:56 0 d-----w- c:\program files\iPod
2010-05-04 12:38:54 0 d-----w- c:\program files\iTunes
2010-05-04 12:35:20 0 d-----w- c:\program files\Bonjour
2010-05-04 02:58:33 165376 ----a-w- c:\windows\system32\unrar.dll
2010-05-04 02:58:20 0 d-----w- c:\program files\K-Lite Codec Pack
2010-05-01 05:36:58 0 d-----w- c:\users\mike\appdata\roaming\Foxit
2010-05-01 05:36:36 0 d-----w- c:\program files\Foxit Software
2010-04-28 03:01:35 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 03:01:28 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 03:01:28 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-26 01:24:28 0 d-----w- c:\users\mike\appdata\roaming\GrabPro
2010-04-26 01:24:28 0 d-----w- C:\downloads
2010-04-26 01:15:50 0 d-----w- c:\program files\Orbitdownloader
2010-04-25 23:44:32 0 d-----w- c:\program files\CCleaner
2010-04-25 23:39:35 0 d-sh--w- C:\$RECYCLE.BIN
2010-04-25 23:13:48 98816 ----a-w- c:\windows\sed.exe
2010-04-25 23:13:48 77312 ----a-w- c:\windows\MBR.exe
2010-04-25 23:13:48 261632 ----a-w- c:\windows\PEV.exe
2010-04-25 23:13:48 161792 ----a-w- c:\windows\SWREG.exe
2010-04-25 22:58:28 524288 --sha-w- c:\users\mike\ntuser.dat{a14e4c37-50bd-11df-aad9-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2010-04-25 22:58:27 65536 --sha-w- c:\users\mike\ntuser.dat{a14e4c37-50bd-11df-aad9-806e6f6e6963}.TM.blf
2010-04-25 22:58:27 524288 --sha-w- c:\users\mike\ntuser.dat{a14e4c37-50bd-11df-aad9-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2010-04-25 22:57:14 0 --sha-w- c:\users\mike\NTUSER.DAT_tureg_new.LOG2
2010-04-25 22:57:14 0 --sha-w- c:\users\mike\NTUSER.DAT_tureg_new.LOG1
2010-04-25 21:14:32 109016 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-25 15:48:55 45313 ----a-w- c:\windows\system32\netathw.cat
2010-04-25 15:48:55 185967 ----a-w- c:\windows\system32\netathw.inf
2010-04-25 15:48:55 1582624 ----a-w- c:\windows\system32\drivers\athw.sys
2010-04-25 15:48:55 1582624 ----a-w- c:\windows\system32\athw.sys
2010-04-25 15:48:55 0 d-----w- c:\program files\Atheros
2010-04-25 15:29:22 0 d--h--w- c:\windows\Icons
2010-04-25 14:44:19 0 d-----w- c:\windows\system32\appmgmt
2010-04-25 14:13:40 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-25 14:13:00 0 d-----w- c:\users\mike\appdata\roaming\TuneUp Software
2010-04-25 14:12:39 0 d-----w- c:\program files\TuneUp Utilities 2010
2010-04-25 14:10:38 0 d-----w- c:\programdata\TuneUp Software
2010-04-25 14:10:26 0 d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-25 13:46:33 0 d-----w- c:\windows\system32\custom matrices
2010-04-25 13:46:26 0 d-----w- c:\windows\system32\QuickTime
2010-04-25 13:46:26 0 d-----w- c:\windows\system32\C2MP
2010-04-24 17:37:57 0 d-----w- c:\program files\Lx_cats
2010-04-24 17:36:44 0 d-----w- c:\program files\Lexmark 730 Series
2010-04-24 14:56:49 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-24 14:54:36 65536 --sha-w- c:\users\mike\ntuser.dat{e4d51655-4f50-11df-a282-00248c019bef}.TM.blf
2010-04-24 14:54:36 524288 --sha-w- c:\users\mike\ntuser.dat{e4d51655-4f50-11df-a282-00248c019bef}.TMContainer00000000000000000002.regtrans-ms
2010-04-24 14:54:36 524288 --sha-w- c:\users\mike\ntuser.dat{e4d51655-4f50-11df-a282-00248c019bef}.TMContainer00000000000000000001.regtrans-ms
2010-04-24 03:21:45 1002008 ----a-w- c:\windows\system32\igxpun.exe
2010-04-24 03:21:45 0 d-----w- c:\windows\system32\x64
2010-04-24 03:18:55 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-04-24 03:18:55 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-24 03:18:55 417792 ----a-w- c:\windows\system32\msdri.dll
2010-04-24 03:18:55 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-04-24 02:28:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-24 02:19:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-24 02:17:16 369152 ----a-w- c:\windows\system32\secproc.dll
2010-04-24 02:17:16 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-24 02:17:15 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-24 02:17:15 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-24 02:17:15 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-24 02:17:15 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-24 02:17:15 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-24 02:17:15 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-24 02:17:12 2614272 ----a-w- c:\windows\explorer.exe
2010-04-24 02:17:11 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-04-24 02:17:09 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-04-23 12:33:14 0 d-----w- c:\windows\system32\Wat
2010-04-23 02:55:09 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-04-23 02:55:09 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-04-23 02:55:07 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-04-23 02:55:06 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-04-23 02:55:06 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-04-23 02:55:06 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-23 02:55:06 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-04-23 02:55:06 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-04-23 02:55:06 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-23 02:55:06 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-23 02:54:42 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-04-23 02:54:41 507568 ----a-w- c:\windows\system32\winload.exe
2010-04-23 02:54:41 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-04-23 02:54:40 442920 ----a-w- c:\windows\system32\winresume.exe
2010-04-23 02:54:38 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-23 02:53:47 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-23 02:53:45 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-23 02:53:42 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-23 02:53:42 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-23 01:47:33 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-23 01:47:33 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-23 01:44:51 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-23 01:44:49 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-23 01:44:49 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-23 01:44:49 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-21 03:17:06 0 d-----w- c:\programdata\ECAP
2010-04-21 03:16:38 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-04-21 03:16:37 0 d-----w- c:\program files\CPUID
2010-04-21 02:51:18 0 d-----w- c:\program files\ECAP
2010-04-21 02:33:33 0 d-----w- c:\program files\ASUS
2010-04-21 01:30:34 0 d-----w- c:\programdata\NCH Software
2010-04-21 01:30:07 0 d-----w- c:\program files\NCH Software
2010-04-21 01:30:02 0 d-----w- c:\users\mike\appdata\roaming\NCH Software
2010-04-21 01:24:56 0 d-----w- c:\users\mike\appdata\roaming\ManyCam
2010-04-20 14:06:09 404558 --sh--r- C:\JRMDO
2010-04-20 14:06:09 20 --sh--r- C:\winx.ld
2010-04-20 13:55:20 82432 ----a-w- c:\windows\system32\drivers\ETD.sys
2010-04-20 13:48:42 65536 --sha-w- c:\users\mike\ntuser.dat{be7956f7-4c80-11df-8183-00248c019bef}.TM.blf
2010-04-20 13:48:42 524288 --sha-w- c:\users\mike\ntuser.dat{be7956f7-4c80-11df-8183-00248c019bef}.TMContainer00000000000000000002.regtrans-ms
2010-04-20 13:48:42 524288 --sha-w- c:\users\mike\ntuser.dat{be7956f7-4c80-11df-8183-00248c019bef}.TMContainer00000000000000000001.regtrans-ms
2010-04-20 13:27:29 0 d-----w- C:\found.000
2010-04-20 04:39:54 0 d-----w- c:\users\mike\appdata\roaming\LimeWire
2010-04-20 04:36:27 0 d-----w- c:\program files\LimeWire
2010-04-20 04:01:24 0 d-----w- c:\program files\GlobalSCAPE
2010-04-20 03:58:00 0 d-----w- c:\windows\All Users
2010-04-20 03:57:35 0 d-----w- c:\windows\Profiles
2010-04-20 03:57:31 0 d-----w- c:\users\mike\appdata\roaming\URSoft
2010-04-20 03:57:12 8192 --sha-r- C:\BOOTSECT.BAK
2010-04-20 03:57:12 524288 ---ha-w- C:\900HA.ROM
2010-04-20 03:57:11 0 d---a-w- c:\programdata\TEMP
2010-04-20 03:56:58 0 d-----w- c:\program files\Startup Faster
2010-04-20 02:57:19 0 d-----w- c:\program files\VSO
2010-04-19 13:24:01 0 d-----w- c:\program files\Lexmark Z500-Z600 Series
2010-04-19 13:22:36 0 d-----w- C:\drivers
2010-04-19 02:19:56 177 ---h--w- C:\dvmexp.idx
2010-04-19 02:19:00 0 d-----w- C:\ASUS.000
2010-04-19 02:18:24 0 d-----w- C:\ASUS.SYS
2010-04-18 23:26:10 0 d-----w- c:\programdata\Sun
2010-04-18 22:49:09 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-18 22:45:55 0 d-----w- c:\programdata\Microsoft Help
2010-04-18 22:10:21 3 --sha-r- C:\win7ldr
2010-04-18 21:25:15 4096 --sha-w- C:\VSNAP.IDX
2010-04-18 20:16:06 0 d-----w- c:\program files\Microsoft Fix it Center
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-18 01:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-18 01:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-01-22 15:55:16 4752 ---ha-w- C:\version
2009-12-31 20:19:02 57 ---h--w- C:\splash.idx
2009-12-23 20:11:10 8192 ----a-w- C:\dbldr.mbr
2009-12-23 20:11:10 185548 ----a-w- C:\dbldr
2009-12-23 20:11:10 117 ----a-w- C:\dvmb.lst
2009-11-14 18:37:08 154112 ----a-w- c:\windows\system32\ts.dll
2009-11-14 18:33:40 357888 ----a-w- c:\windows\system32\gdsmux.exe
2009-11-14 18:33:38 249856 ----a-w- c:\windows\system32\dxr.dll
2009-11-14 18:12:02 550400 ----a-w- c:\windows\system32\splitter.ax
2009-11-14 18:11:50 93184 ----a-w- c:\windows\system32\avss.dll
2009-11-14 18:11:42 150016 ----a-w- c:\windows\system32\mkx.dll
2009-11-14 18:11:42 141824 ----a-w- c:\windows\system32\mp4.dll
2009-11-14 18:11:40 123392 ----a-w- c:\windows\system32\ogm.dll
2009-11-14 18:11:40 109568 ----a-w- c:\windows\system32\avi.dll
2009-11-14 18:11:38 97792 ----a-w- c:\windows\system32\avs.dll
2009-11-14 18:11:36 136704 ----a-w- c:\windows\system32\mkv2vfr.exe
2009-11-14 18:11:36 113152 ----a-w- c:\windows\system32\dsmux.exe
2009-11-14 18:11:32 80384 ----a-w- c:\windows\system32\mkzlib.dll
2009-11-14 18:11:32 24576 ----a-w- c:\windows\system32\mkunicode.dll
2009-11-14 00:49:04 532480 ----a-w- c:\windows\system32\DivXsm.exe
2009-11-14 00:49:04 4816 ----a-w- c:\windows\system32\divxsm.tlb
2009-11-14 00:47:50 629760 ----a-w- c:\windows\system32\DivXDecH264.ax
2009-11-14 00:47:46 999424 ----a-w- c:\windows\system32\divxdec.ax
2009-11-14 00:47:28 685056 ----a-w- c:\windows\system32\divx.dll
2009-10-24 03:34:40 507904 ----a-r- c:\windows\system32\btwapi.dll
2009-10-16 06:33:06 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-16 06:33:06 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-05 20:31:50 1221632 ----a-w- c:\windows\system32\drivers\athr.sys
2009-09-23 23:45:20 39440 ----a-w- c:\windows\system32\iglhxs32.vp
2009-09-23 23:30:50 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2009-09-23 23:30:50 672792 ----a-w- c:\windows\system32\igfxcfg.exe
2009-09-23 23:30:48 252952 ----a-w- c:\windows\system32\igfxsrvc.exe
2009-09-23 23:30:48 173592 ----a-w- c:\windows\system32\hkcmd.exe
2009-09-23 23:30:48 173080 ----a-w- c:\windows\system32\igfxext.exe
2009-09-23 23:30:48 150552 ----a-w- c:\windows\system32\igfxpers.exe
2009-09-23 23:30:48 141848 ----a-w- c:\windows\system32\igfxtray.exe
2009-09-23 23:27:44 155648 ----a-w- c:\windows\system32\igfxCoIn_v1930.dll
2009-09-23 23:18:14 4808192 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2009-09-23 22:58:38 2686976 ----a-w- c:\windows\system32\ig4dev32.dll
2009-09-23 22:58:12 4104192 ----a-w- c:\windows\system32\ig4icd32.dll
2009-09-23 22:49:42 257536 ----a-w- c:\windows\system32\igfxTMM.dll
2009-09-23 22:49:42 199680 ----a-w- c:\windows\system32\igfxpph.dll
2009-09-23 22:49:38 59392 ----a-w- c:\windows\system32\oemdspif.dll
2009-09-23 22:49:36 23552 ----a-w- c:\windows\system32\igfxexps.dll
2009-09-23 22:49:34 119296 ----a-w- c:\windows\system32\igfxcpl.cpl
2009-09-23 22:49:24 51712 ----a-w- c:\windows\system32\igfxsrvc.dll
2009-09-23 22:49:10 130048 ----a-w- c:\windows\system32\igfxdo.dll
2009-09-23 22:49:04 94208 ----a-w- c:\windows\system32\hccutils.dll
2009-09-23 22:49:00 218112 ----a-w- c:\windows\system32\igfxdev.dll
2009-09-23 22:48:52 5702656 ----a-w- c:\windows\system32\igfxress.dll
2009-09-23 22:48:52 275968 ----a-w- c:\windows\system32\igfxrenu.lrc
2009-09-23 22:45:12 60254 ----a-w- c:\windows\system32\iglhxg32.vp
2009-09-23 22:45:12 60226 ----a-w- c:\windows\system32\iglhxc32.vp
2009-09-23 22:45:12 60015 ----a-w- c:\windows\system32\iglhxo32.vp
2009-09-23 22:45:12 1921265 ----a-w- c:\windows\system32\iglhxa32.cpa
2009-09-23 22:45:12 1090 ----a-w- c:\windows\system32\iglhxa32.vp
2009-09-22 00:26:10 57840 ----a-w- c:\windows\system32\drivers\GenericMount.sys
2009-09-22 00:26:10 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2009-08-26 19:12:58 1096552 ----a-w- c:\users\mike\appdata\roaming\setup.exe
2009-08-18 03:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-07-26 20:44:56 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 04:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-14 07:51:56 51867 ----a-w- c:\windows\Ultimate.xml
2009-07-14 07:50:03 0 d-----w- c:\program files\Windows Journal
2009-07-14 07:49:48 0 d-----w- c:\windows\ShellNew
2009-07-14 07:49:48 0 d-----w- c:\windows\ehome
2009-07-14 07:49:45 0 d-sh--w- c:\windows\BitLockerDiscoveryVolumeContents
2009-07-14 07:49:45 0 d-----w- c:\windows\RemotePackages
2009-07-14 04:56:48 0 d-----w- c:\windows\system32\winrm
2009-07-14 04:56:48 0 d-----w- c:\windows\system32\WCN
2009-07-14 04:56:48 0 d-----w- c:\windows\system32\slmgr
2009-07-14 04:56:48 0 d-----w- c:\windows\system32\en
2009-07-14 04:56:48 0 d-----w- c:\windows\system32\drivers\en-US
2009-07-14 04:56:48 0 d-----w- c:\windows\system32\0409
2009-07-14 04:56:48 0 d-----w- c:\windows\en-US
2009-07-14 04:56:48 0 d-----w- c:\windows\DigitalLocker
2009-07-14 04:56:47 0 d-----w- c:\windows\system32\wbem\en-US
2009-07-14 04:56:47 0 d-----w- c:\windows\system32\Printing_Admin_Scripts
2009-07-14 04:53:55 0 d-sh--we c:\programdata\Documents
2009-07-14 04:53:55 0 d-sh--we C:\Documents and Settings
2009-07-14 04:52:30 0 d-----w- c:\program files\Windows Portable Devices
2009-07-14 04:52:30 0 d-----w- c:\program files\Windows Photo Viewer
2009-07-14 04:52:30 0 d-----w- c:\program files\Microsoft Games
2009-07-14 04:52:30 0 d-----w- c:\program files\DVD Maker
2009-07-14 04:48:09 48201 ----a-w- c:\windows\Starter.xml
2009-07-14 04:46:52 42045 ----a-w- c:\windows\system32\license.rtf
2009-07-14 04:42:29 73 --sha-w- c:\windows\system32\desktop.ini
2009-07-14 04:42:29 1244 ----a-w- c:\windows\system32\migwiz.lnk
2009-07-14 04:42:26 535 ----a-w- c:\windows\system32\mapisvc.inf
2009-07-14 04:41:57 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-07-14 04:41:11 0 d-----w- c:\windows\system32\wbem\MOF
2009-07-14 04:34:16 0 d-----w- c:\windows\Setup
2009-07-14 04:34:15 19568 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2009-07-14 04:34:15 19568 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2009-07-14 04:34:13 0 d-----w- c:\windows\ServiceProfiles
2009-07-14 04:34:06 0 d-s---w- c:\windows\system32\Microsoft
2009-07-14 04:34:00 9216 ----a-w- c:\windows\system32\umstartup000.etl
2009-07-14 04:34:00 21504 ----a-w- c:\windows\system32\umstartup.etl
2009-07-14 02:37:05 0 d-s---w- c:\programdata\Microsoft
2009-07-14 02:37:05 0 d-----w- c:\program files\Windows NT
2009-07-14 02:37:05 0 d-----w- c:\program files\common files\SpeechEngines

==================== Find3M ====================

2010-06-21 00:41:45 33792 ----a-w- c:\windows\fonts\4DS2WeH7S.com
2010-04-25 16:56:35 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-16 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-07 16:15:48 3297280 ----a-w- c:\windows\system32\x264vfw.dll
2009-12-17 21:38:12 96800 ----a-w- c:\windows\fonts\anvers black.ttf
2009-12-17 21:38:12 110460 ----a-w- c:\windows\fonts\anvers regular.ttf
2009-12-17 21:38:12 100676 ----a-w- c:\windows\fonts\anvers bold.ttf
2009-09-23 23:18:08 3829760 ----a-w- c:\windows\system32\igdumd32.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:52:25 43318 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-07-14 04:52:25 29779 ----a-w- c:\windows\fonts\GlobalSerif.CompositeFont
2009-07-14 04:52:25 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont
2009-07-14 04:52:25 26040 ----a-w- c:\windows\fonts\GlobalMonospace.CompositeFont
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 01:24:31 1073152 ----a-w- c:\windows\system32\Narrator.exe
2009-07-14 01:23:21 5070848 ----a-w- c:\windows\system32\AuthFWSnapin.dll
2009-07-14 01:22:23 107008 ----a-w- c:\windows\system32\NAPHLPR.DLL
2009-07-14 01:22:14 46080 ----a-w- c:\windows\system32\NAPCRYPT.DLL
2009-07-14 01:19:11 57424 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS
2009-07-14 01:17:54 690888 ----a-w- c:\windows\system32\ci.dll
2009-07-14 01:17:54 55584 ----a-w- c:\windows\system32\drivers\dumpfve.sys
2009-07-14 01:17:54 369568 ----a-w- c:\windows\system32\drivers\cng.sys
2009-07-14 01:17:54 271864 ----a-w- c:\windows\system32\fveapi.dll
2009-07-14 01:17:54 249680 ----a-w- c:\windows\system32\bcryptprimitives.dll
2009-07-14 01:17:54 242936 ----a-w- c:\windows\system32\rsaenh.dll
2009-07-14 01:17:54 156728 ----a-w- c:\windows\system32\dssenh.dll
2009-07-14 01:17:54 102448 ----a-w- c:\windows\system32\wbem\Win32_Tpm.dll
2009-07-14 01:17:51 143936 ----a-w- c:\windows\system32\basecsp.dll
2009-07-14 01:17:51 1286144 ----a-w- c:\windows\system32\ntdll.dll
2009-07-14 01:15:52 6656 ----a-w- c:\windows\system32\mtxex.dll
2009-07-14 01:14:59 9216 ----a-w- c:\windows\system32\bitsprx4.dll
2009-07-14 01:11:27 54272 ----a-w- c:\windows\system32\WsmRes.dll
2009-07-14 01:11:26 4608 ----a-w- c:\windows\system32\ws2help.dll
2009-07-14 01:11:09 5120 ----a-w- c:\windows\system32\wmi.dll
2009-07-14 01:11:09 2048 ----a-w- c:\windows\system32\wmerror.dll
2009-07-14 01:11:09 2048 ----a-w- c:\windows\system32\wbem\WmiApRes.dll
2009-07-14 01:11:05 6656 ----a-w- c:\windows\system32\wbem\WinMgmtR.dll
2009-07-14 01:11:05 1536 ----a-w- c:\windows\system32\winrsmgr.dll
2009-07-14 01:11:04 669184 ----a-w- c:\windows\system32\WFSR.dll
2009-07-14 01:10:56 2560 ----a-w- c:\windows\system32\uxlibres.dll
2009-07-14 01:10:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-07-14 01:10:47 108544 ----a-w- c:\windows\system32\tapiui.dll
2009-07-14 01:10:37 7168 ----a-w- c:\windows\system32\spwizres.dll
2009-07-14 01:10:36 8338432 ----a-w- c:\windows\system32\spwizimg.dll
2009-07-14 01:10:22 5120 ----a-w- c:\windows\system32\setupetw.dll
2009-07-14 01:10:22 2560 ----a-w- c:\windows\system32\sfc.dll
2009-07-14 01:10:13 68608 ----a-w- c:\windows\system32\nlsbres.dll
2009-07-14 01:08:59 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll
2009-07-14 01:07:56 2048 ----a-w- c:\windows\system32\netmsg.dll
2009-07-14 01:06:56 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-14 01:05:46 3072 ----a-w- c:\windows\system32\icmp.dll
2009-07-14 01:05:31 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-07-14 01:05:30 925184 ----a-w- c:\windows\system32\FXSRESM.dll
2009-07-14 01:05:30 7680 ----a-w- c:\windows\system32\FXSEVENT.dll
2009-07-14 01:05:30 34816 ----a-w- c:\windows\system32\FXSCOMPOSERES.dll
2009-07-14 01:03:56 95232 ----a-w- c:\windows\system32\auditpolmsg.dll
2009-07-14 00:57:25 272128 ----a-w- c:\windows\system32\drivers\BrSerId.sys
2009-07-14 00:41:37 80896 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-07-14 00:41:26 78336 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-07-14 00:41:15 586752 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2009-07-14 00:34:40 291294 ----a-w- c:\windows\system32\perfi009.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\system32\perfd009.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-14 00:17:06 19968 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-14 00:15:52 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:14:30 26112 ----a-w- c:\windows\system32\drivers\usbrpm.sys
2009-07-14 00:02:58 133120 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-07-14 00:02:41 18944 ----a-w- c:\windows\system32\drivers\rdpbus.sys
2009-07-14 00:02:16 151552 ----a-w- c:\windows\system32\rdpdd.dll
2009-07-14 00:01:55 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-07-14 00:01:51 30208 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2009-07-14 00:01:50 223232 ----a-w- c:\windows\system32\wksprt.exe
2009-07-14 00:01:41 7168 ----a-w- c:\windows\system32\drivers\RDPREFMP.sys
2009-07-14 00:01:40 6656 ----a-w- c:\windows\system32\drivers\RDPCDD.sys
2009-07-14 00:01:40 14848 ----a-w- c:\windows\system32\tsddd.dll
2009-07-14 00:01:39 6656 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys
2009-07-14 00:01:37 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2009-07-14 00:01:37 17920 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2009-07-14 00:01:31 26624 ----a-w- c:\windows\system32\RDPREFDD.dll
2009-07-13 23:55:24 31744 ----a-w- c:\windows\system32\drivers\modem.sys
2009-07-13 23:55:21 8192 ----a-w- c:\windows\system32\drivers\rootmdm.sys
2009-07-13 23:55:02 63488 ----a-w- c:\windows\system32\drivers\wanarp.sys
2009-07-13 23:55:02 16384 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys
2009-07-13 23:55:00 49152 ----a-w- c:\windows\system32\drivers\agilevpn.sys
2009-07-13 23:53:58 104448 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-07-13 23:53:54 36352 ----a-w- c:\windows\system32\drivers\netbios.sys
2009-07-13 23:53:51 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys
2009-07-13 23:53:51 45568 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2009-07-13 23:53:41 71168 ----a-w- c:\windows\system32\drivers\smb.sys
2009-07-13 23:53:40 117248 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-07-13 23:53:32 96768 ----a-w- c:\windows\system32\drivers\irda.sys
2009-07-13 23:53:27 13824 ----a-w- c:\windows\system32\drivers\irenum.sys
2009-07-13 23:53:20 60928 ----a-w- c:\windows\system32\drivers\rspndr.sys
2009-07-13 23:53:19 48128 ----a-w- c:\windows\system32\drivers\lltdio.sys

============= FINISH: 11:58:15.09 ===============






DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 21/10/2010 3:57:40 PM
System Uptime: 01/02/2002 11:34:31 AM (-720 hours ago)

Motherboard: ASUSTeK Computer INC. | | 900HA
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | PBGA 437 | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 80 GiB total, 55.911 GiB free.
D: is FIXED (NTFS) - 69 GiB total, 61.093 GiB free.
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
Atheros Client Installation Program
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
CCleaner
CPUID CPU-Z 1.54
Debut Video Capture Software
Download Guard for Internet Explorer
ECAP
ETDWare PS/2-x86 7.0.4.2 WHQL
Foxit Reader
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 18
K-Lite Mega Codec Pack 5.9.0
Lexmark 730 Series
LimeWire 5.5.8
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Orbit Downloader
QuickTime
Right Click Image Converter
Roxio Media Manager
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Spybot - Search & Destroy
Super Hybrid Engine
Top Gear
TuneUp Companion 1.6.9
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Windows 7 Codec Pack 2.4.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver

==== Event Viewer Messages From Past Week ========

20/06/2010 9:00:22 PM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: A system shutdown is in progress.
20/06/2010 9:00:21 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
20/06/2010 9:00:21 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
14/06/2010 11:35:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
12/06/2010 4:50:01 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/06/2010 8:22:47 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
11/06/2010 8:22:24 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02/01/2002 11:35:21 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
02/01/2002 11:35:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/01/2002 11:35:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02/01/2002 11:35:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/01/2002 11:35:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/01/2002 11:35:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache spldr Wanarpv6
02/01/2002 11:35:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
02/01/2002 11:34:45 AM, Error: volmgr [45] - The system could not sucessfully load the crash dump driver.
02/01/2002 11:08:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
02/01/2002 11:08:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.

==== End Of File ===========================

#5 mke233

mke233
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 23 June 2010 - 01:29 PM


GMER 1.0.15.15281 Scan Results :



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2002-01-02 12:38:47
Windows 6.1.7600
Running: 8klme7xx.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kxldypow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C45AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C45104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C453F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C2D634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C2D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C451DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C45958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C456F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C45F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C461A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8185E599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81882F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\DRIVERS\atapi.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[760] ntdll.dll!NtProtectVirtualMemory 77BF5360 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!NtWriteVirtualMemory 77BF5EE0 5 Bytes JMP 0015000A
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!KiUserExceptionDispatcher 77BF6448 5 Bytes JMP 0013000A
.text C:\Windows\system32\svchost.exe[760] ole32.dll!CoCreateInstance 76A457FC 5 Bytes JMP 0084000A
.text C:\Windows\Explorer.EXE[1744] ntdll.dll!NtProtectVirtualMemory 77BF5360 5 Bytes JMP 0029000A
.text C:\Windows\Explorer.EXE[1744] ntdll.dll!NtWriteVirtualMemory 77BF5EE0 5 Bytes JMP 002E000A
.text C:\Windows\Explorer.EXE[1744] ntdll.dll!KiUserExceptionDispatcher 77BF6448 5 Bytes JMP 0028000A

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8496981A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC0 0x6E 0xED 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0xED 0x68 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x38 0xB5 0x15 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA9 0xFF 0x62 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0xED 0x68 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x38 0xB5 0x15 0x46 ...
Reg HKLM\SOFTWARE\Classes\.wll@ Word.Addin.8
Reg HKLM\SOFTWARE\Classes\.wll@NoOpen
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8\ShellNew
Reg HKLM\SOFTWARE\Classes\DownloadGuardBHO.DownloadGuardBHO@ Download Guard for Internet Explorer
Reg HKLM\SOFTWARE\Classes\DownloadGuardBHO.DownloadGuardBHO\CLSID
Reg HKLM\SOFTWARE\Classes\DownloadGuardBHO.DownloadGuardBHO\CLSID@ {20C1A7F0-528E-444F-BAC5-5804A61CCA7F}
Reg HKLM\SOFTWARE\Classes\DownloadGuardBHO.DownloadGuardBHO\CurVer
Reg HKLM\SOFTWARE\Classes\DownloadGuardBHO.DownloadGuardBHO\CurVer@ DownloadGuardBHO.DownloadGuardBHO.1
Reg HKLM\SOFTWARE\Classes\DownloadGuardBHO.DownloadGuardBHO.1@ Download Guard for Internet Explorer
Reg HKLM\SOFTWARE\Classes\DownloadGuardBHO.DownloadGuardBHO.1\CLSID
Reg HKLM\SOFTWARE\Classes\DownloadGuardBHO.DownloadGuardBHO.1\CLSID@ {20C1A7F0-528E-444F-BAC5-5804A61CCA7F}
Reg HKLM\SOFTWARE\Classes\EmailScanner.Connect\CLSID
Reg HKLM\SOFTWARE\Classes\EmailScanner.Connect\CLSID@ {83C851DF-BB0B-4118-8682-12A6A62216E2}
Reg HKLM\SOFTWARE\Classes\EmailScanner.Connect\CurVer
Reg HKLM\SOFTWARE\Classes\EmailScanner.Connect\CurVer@ EmailScanner.Connect.1
Reg HKLM\SOFTWARE\Classes\EmailScanner.Connect.1@ Connect Class
Reg HKLM\SOFTWARE\Classes\EmailScanner.Connect.1\CLSID
Reg HKLM\SOFTWARE\Classes\EmailScanner.Connect.1\CLSID@ {83C851DF-BB0B-4118-8682-12A6A62216E2}
Reg HKLM\SOFTWARE\Classes\InfoPath.TemplatePart.2\shell
Reg HKLM\SOFTWARE\Classes\InfoPath.TemplatePart.2\shell@ open
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0@ XML Configuration File
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\DefaultIcon@ Microsoft.XmlEditorUI.dll,-105
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.config.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.csproj.8.0@ Visual C# Project file
Reg HKLM\SOFTWARE\Classes\VSTA.csproj.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.csproj.8.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 8\VC#\VCSPackages\csproj.dll,0
Reg HKLM\SOFTWARE\Classes\VSTA.csproj.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.csproj.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.csproj.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.csproj.8.0\shell\Open\Command@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0@ Visual Studio Data Source File
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-215
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.datasource.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0@ Web Service Discovery File
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\DefaultIcon@ Microsoft.XmlEditorUI.dll,-112
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.disco.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0@ XML Document Type Definition
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\DefaultIcon@ Microsoft.XmlEditorUI.dll,-108
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.dtd.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0@ Service Description Language
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\DefaultIcon@ Microsoft.XmlEditorUI.dll,-111
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.sdl.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0@ Visual Studio Code Snippet File
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-214
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.snippet.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.vbproj.8.0@ Visual Basic Project file
Reg HKLM\SOFTWARE\Classes\VSTA.vbproj.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.vbproj.8.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 8\VB\Bin\msvbprj.dll,0
Reg HKLM\SOFTWARE\Classes\VSTA.vbproj.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.vbproj.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.vbproj.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.vbproj.8.0\shell\Open\Command@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0@ Visual Studio Project/Item Template File
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-213
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.vstemplate.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0@ Web Service Description Language
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\DefaultIcon@ Microsoft.XmlEditorUI.dll,-110
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.wsdl.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0@ XML Data Reduced Schema
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\DefaultIcon@ Microsoft.XmlEditorUI.dll,-109
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.xdr.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0@ XML Document
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\DefaultIcon@ Microsoft.XmlEditorUI.dll,-100
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.xml.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0@ XSL Stylesheet
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\DefaultIcon@ Microsoft.XmlEditorUI.dll,-102
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.xsl.8.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0@ XSL Transform
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\DefaultIcon@ Microsoft.XmlEditorUI.dll,-104
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\shell
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\shell\Open\ddeexec\Application@ VSTA.8.0
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VSTA.xslt.8.0\shell\Open\ddeexec\Topic@ system

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#6 mke233

mke233
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 24 June 2010 - 06:25 AM

My laptop only runs on safe mode, and it deleted all of my restore points


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:33 AM

Posted 25 June 2010 - 12:58 PM

Hello, mke233
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 mke233

mke233
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 26 June 2010 - 07:46 AM

i have completed a scan with TDSSKiller but it did not make a log i searched for "TDSSKiller.txt" in windows with no prevail. it did say that " atapi " was infected with a rootkit that will be removed on restart and to push "y" to restart or "n" to continue, so i pressed "n" to continue and nothing else really happened. i am currently running the renamed Combofix.exe

#9 mke233

mke233
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 26 June 2010 - 08:14 AM

thank you, after completing Combofix.exe it seemed to fix the problem

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:33 AM

Posted 27 June 2010 - 06:22 AM

it would be good to see the logfile, there are definetely some leftovers to adress.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:33 AM

Posted 01 July 2010 - 04:58 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users