Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 Music Studio Computer Problems


  • This topic is locked This topic is locked
22 replies to this topic

#1 Absurdny

Absurdny

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 15 December 2010 - 07:26 PM

I just recently started having a bunch of problems with my windows 7 computer that I use for my music studio and record label. I have a lot of expensive programs on this computer and a lot of important files. Some of the problems are:
1) Opera has a startup error when I try to start it that says

"Opera has failed to acess or upgrade your profile. This may have occurred because yours comeputer has insufficient resources available or becuase some files are locked by other applications. You may have to restart your computer before Opera will start again".

I have tried restarting my computer and even uninstalling and reinstalling Opera but no luck.

2) Whenever I try to save something to my desktop I get a error that says I need administrator privledges to save in that location and it asks me if I would like to save the file somewhere else instead. Only problem is, I have administrator privledges.

3) When I run Internet Explorer 32 bit, the browser just hangs and will not respond. I can run Internet Explorer 64 bit and it works fine.

4) I have tried to do a system restore to the date before I started having these problems but after the computer restarts, it tells me that the restore was not successful.

5) When trying to connect to aim I get error "Settings error before sign in"

Here is my DDS log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Absurd at 18:54:43.23 on Wed 12/15/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2124 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\lxdacoms.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
C:\Program Files (x86)\UWIN\usr\etc\ums.exe
C:\Program Files (x86)\UWIN\usr\etc\init.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\UWIN\usr\etc\inetd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\UWIN\usr\lib\cs\tcp\at\at.svc
C:\Program Files (x86)\UWIN\usr\lib\cs\tcp\at\at.svc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\UWIN\usr\sbin\sshd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Absurd\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273601104505l0364z115a4812v247
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273601104505l0364z115a4812v247
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273601104505l0364z115a4812v247
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273601104505l0364z115a4812v247
uURLSearchHooks: mobilewitch Toolbar: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: mobilewitch Toolbar: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search

Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live

\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier

\5.6.5825.1100\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: mobilewitch Toolbar: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: mobilewitch Toolbar: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files (x86)\mobilewitch\tbmobi.dll
TB: &Cover flow: {b964d79b-d625-408f-b2ab-b308806ea2dd} - C:\Program Files (x86)\Cover Flow for Windows Explorer

\ExplorerCoverFlow.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: &Cover flow: {b964d79b-d625-408f-b2ab-b308806ea2dd} - C:\Program Files (x86)\Cover Flow for Windows Explorer

\ExplorerCoverFlow.dll
uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Absurd\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files

(x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Save Picture to Mobile Phone - C:\Program Files (x86)\Pix2Fone\p2fd.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live

\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} -

hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} -

hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://clients.futuremark.com/openapi/receivers/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} -

hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier

\5.6.5825.1100\swg64.dll
BHO-X64: Loader Class: {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\FindeXer\FindeXer.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB-X64: {FCBF663E-8530-46F8-A880-AC5ABE9D2B23} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {B964D79B-D625-408F-B2AB-B308806EA2DD} - No File
mRun-x64: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
IE-X64: {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files (x86)\Pix2Fone\p2fup.html

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-9 55280]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-5-30 121936]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-5-30 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-5-30 61008]
R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-11-5 21480]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-10-24 142120]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-8-28 292864]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-28 138752]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\System32\drivers\MAudioFastTrackPro.sys [2009-11-9 187912]
R3 MAUSBMIDI;Service for M-Audio USB MIDI Series;C:\Windows\System32\drivers\MAudioUSBMIDI.sys [2010-4-13 200200]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers

\NETwNs64.sys [2010-8-29 7821312]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-28 222208]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-28 317480]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys

[2010-1-13 7675392]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers

\NETw5v64.sys [2009-8-28 5435904]

=============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-12-15 23:38:27 624128 ----a-w- C:\Users\Absurd\dds.scr
2010-12-15 23:00:36 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-12-15 22:47:53 812344 ----a-w- C:\Users\Absurd\HJTInstall.exe
2010-12-15 22:46:51 -------- d-----w- C:\Program Files (x86)\ESET
2010-12-15 22:17:36 10838016 ----a-w- C:\Users\Absurd\Opera_1063_en_Setup.exe
2010-12-15 16:59:40 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-15 16:59:40 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-15 16:59:40 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-15 16:59:40 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-15 16:59:40 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-15 16:59:40 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-15 16:59:40 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-12-15 15:20:04 -------- d-----w- C:\.deleted
2010-12-15 15:19:44 7680 ----a-w- C:\Windows\SysWow64\uwin_uninstall.exe
2010-12-15 15:19:41 949760 ----a-w- C:\Windows\SysWow64\posix.dll
2010-12-15 15:19:41 901632 ----a-w- C:\Windows\SysWow64\ast54.dll
2010-12-15 15:19:41 -------- d-----w- C:\Program Files (x86)\UWIN
2010-12-15 15:19:34 194048 ----a-w- C:\Windows\SysWow64\uwin.cpl
2010-12-15 14:39:39 -------- d-----w- C:\Users\Absurd\AppData\Local\Apple Computer
2010-12-15 14:38:34 1409 ----a-w- C:\Windows\QTFont.for
2010-12-13 21:21:31 -------- d-----w- C:\Users\Absurd\AppData\Local\VMware
2010-12-13 15:03:41 -------- d-----w- C:\Program Files (x86)\MagicISO
2010-12-11 15:19:07 -------- d-----w- C:\Program Files (x86)\TuneUpMedia
2010-12-11 15:18:59 -------- d-----w- C:\Users\Absurd\AppData\Roaming\TuneUpMedia
2010-12-11 15:18:53 -------- d-----w- C:\PROGRA~3\TuneUpMedia
2010-12-11 15:15:01 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2010-12-11 15:14:57 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2010-12-11 15:14:53 -------- d-----w- C:\extensions
2010-12-09 17:12:22 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-

2\SpotlightResources.dll
2010-12-07 17:08:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-07 16:58:56 -------- d-----w- C:\Program Files (x86)\QuoteTracker
2010-12-04 03:06:34 -------- d-----w- C:\Users\Absurd\AppData\Local\BuildAGadget Content
2010-12-04 03:06:24 -------- d-----w- C:\Users\Absurd\AppData\Roaming\App Launcher Gadget
2010-12-04 02:02:45 -------- d-----w- C:\Program Files (x86)\Your Company Name
2010-12-04 02:02:45 -------- d-----w- C:\Program Files (x86)\StockThing
2010-12-04 00:59:32 -------- d-----w- C:\Program Files (x86)\TickerTycoon
2010-12-03 01:55:33 -------- d-----w- C:\Users\Absurd\AppData\Local\TickInvest
2010-12-03 01:54:20 -------- d-----w- C:\Program Files (x86)\TickInvest
2010-12-03 01:53:22 260880 ----a-w- C:\Windows\SysWow64\MSFLXGRD.ocx
2010-12-03 01:53:22 132880 ----a-w- C:\Windows\SysWow64\MSINET.OCX
2010-12-03 01:53:22 -------- d-----w- C:\Program Files (x86)\FCharts
2010-12-03 01:29:20 -------- d-----w- C:\Program Files (x86)\MetaTrader 4
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-23 21:54:59 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 21:54:59 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-23 20:59:32 -------- d-----w- C:\Program Files (x86)\Sierra
2010-11-23 20:56:47 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime

\11\00\Intel32\iKernel.dll
2010-11-23 20:56:47 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime

\11\00\Intel32\ctor.dll
2010-11-23 20:56:47 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime

\11\00\Intel32\ISBEW64.exe
2010-11-23 20:56:47 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime

\11\00\Intel32\DotNetInstaller.exe
2010-11-23 20:56:47 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime

\11\00\Intel32\iscript.dll
2010-11-23 20:56:47 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime

\11\00\Intel32\iGdi.dll
2010-11-23 20:56:47 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime

\11\00\Intel32\iuser.dll
2010-11-23 20:56:46 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime

\11\00\Intel32\setup.dll
2010-11-22 02:47:59 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-11-22 02:46:10 53248 ----a-r- C:\Users\Absurd\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-

83A4D357E05C}\ARPPRODUCTICON.exe
2010-11-22 02:43:57 -------- d-----w- C:\Users\Absurd\AppData\Roaming\Logishrd
2010-11-21 22:08:57 -------- d-----w- C:\Program Files (x86)\Steam
2010-11-21 21:52:07 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-11-21 21:51:55 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-11-21 21:51:50 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-11-21 21:50:37 -------- d-----w- C:\Users\Absurd\AppData\Local\PunkBuster
2010-11-21 21:28:52 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
2010-11-21 21:28:52 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
2010-11-21 18:06:32 -------- d-----w- C:\Users\Absurd\AppData\Local\AA3DeployClient
2010-11-21 18:06:31 -------- d-----w- C:\PROGRA~3\AA3DeployClient
2010-11-21 05:53:09 -------- d-----w- C:\Program Files (x86)\VALVe
2010-11-21 01:26:56 -------- d-----w- C:\Program Files (x86)\Common Files\Futuremark Shared
2010-11-19 05:58:11 -------- d-----w- C:\Users\Absurd\AppData\Roaming\PowerUp Software
2010-11-18 18:21:07 -------- d-----w- C:\Users\Absurd\AppData\Roaming\Utherverse
2010-11-18 18:06:44 -------- d-----w- C:\Program Files (x86)\Utherverse Digital Inc
2010-11-18 17:32:34 -------- d-----w- C:\PROGRA~3\PowerUp Software
2010-11-17 23:09:27 -------- d-----w- C:\Program Files\Jasmio
2010-11-17 23:09:27 -------- d-----w- C:\PROGRA~3\Jasmio
2010-11-17 20:34:07 -------- d-----w- C:\PROGRA~3\SRSLabs
2010-11-17 20:32:32 -------- d-----w- C:\Program Files (x86)\Common Files\SRS
2010-11-17 20:32:29 -------- d-----w- C:\Program Files (x86)\SRSLabs

==================== Find3M ====================

2010-12-12 13:47:04 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2010-12-11 19:28:36 48 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
2010-12-04 00:59:30 286720 ------w- C:\Windows\Setup1.exe
2010-11-06 13:12:43 406528 ------w- C:\Windows\SysWow64\ReWire.dll
2010-11-06 13:12:43 338432 ------w- C:\Windows\SysWow64\REX Shared Library.dll
2010-11-06 04:02:34 73216 ------w- C:\Windows\ST6UNST.EXE
2010-10-30 12:30:39 720896 ----a-w- C:\Windows\iun6002.exe
2010-10-30 12:24:39 833100 ----a-w- C:\Windows\Reverence VST plug-in Uninstaller.exe
2010-10-30 12:23:14 833081 ----a-w- C:\Windows\PhaseTwo VST plug-in Uninstaller.exe
2010-10-30 12:22:01 833130 ----a-w- C:\Windows\BigSeq VST plug-in Uninstaller.exe
2010-10-30 11:28:59 6500352 ----a-w- C:\Windows\SysWow64\PSP VintageWarmer2.dll
2010-10-30 11:28:58 6492160 ----a-w- C:\Windows\SysWow64\PSP VintageWarmer.dll
2010-10-30 00:33:02 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2010-10-25 01:44:14 520192 ----a-w- C:\Windows\SysWow64\Side 9 Screensaver.scr
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 04:36:48 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll

============= FINISH: 18:56:17.41 ===============

Attached Files


Edited by Absurdny, 15 December 2010 - 07:36 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:38 PM

Posted 25 December 2010 - 09:27 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Absurdny

Absurdny
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 26 December 2010 - 05:34 PM

I am still here. Thank you for replying. I am waiting for your instructions

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:38 PM

Posted 27 December 2010 - 06:21 PM

Let's check for a rootkit first of all. I can see some policy changes but nothing else that signals an infection.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 Absurdny

Absurdny
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 27 December 2010 - 10:47 PM

I tried to download the first file to my desktop and it said I was not allowed so I saved it to a different folder instead and then moved it to my desktop and it worked. I ran the scan and it found one threat but there was no option to cure. Here are the two logs:


2010/12/27 22:40:04.0960 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/27 22:40:04.0960 ================================================================================
2010/12/27 22:40:04.0960 SystemInfo:
2010/12/27 22:40:04.0960
2010/12/27 22:40:04.0960 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/27 22:40:04.0960 Product type: Workstation
2010/12/27 22:40:04.0960 ComputerName: ABSURD-LAPTOP
2010/12/27 22:40:04.0961 UserName: Absurd
2010/12/27 22:40:04.0961 Windows directory: C:\Windows
2010/12/27 22:40:04.0961 System windows directory: C:\Windows
2010/12/27 22:40:04.0961 Running under WOW64
2010/12/27 22:40:04.0961 Processor architecture: Intel x64
2010/12/27 22:40:04.0961 Number of processors: 2
2010/12/27 22:40:04.0961 Page size: 0x1000
2010/12/27 22:40:04.0961 Boot type: Normal boot
2010/12/27 22:40:04.0961 ================================================================================
2010/12/27 22:40:04.0962 Utility is running under WOW64
2010/12/27 22:40:05.0256 Initialize success
2010/12/27 22:40:08.0009 ================================================================================
2010/12/27 22:40:08.0009 Scan started
2010/12/27 22:40:08.0009 Mode: Manual;
2010/12/27 22:40:08.0009 ================================================================================
2010/12/27 22:40:08.0537 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/27 22:40:08.0578 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/27 22:40:08.0681 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/27 22:40:08.0733 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/27 22:40:08.0848 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/27 22:40:08.0890 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/27 22:40:09.0012 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/12/27 22:40:09.0113 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/27 22:40:09.0159 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/27 22:40:09.0245 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/27 22:40:09.0284 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/27 22:40:09.0307 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/27 22:40:09.0396 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/27 22:40:09.0431 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/27 22:40:09.0463 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/27 22:40:09.0572 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/12/27 22:40:09.0611 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/12/27 22:40:09.0637 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/27 22:40:09.0798 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys
2010/12/27 22:40:09.0916 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys
2010/12/27 22:40:09.0942 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys
2010/12/27 22:40:09.0968 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys
2010/12/27 22:40:10.0078 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys
2010/12/27 22:40:10.0122 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/27 22:40:10.0150 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/27 22:40:10.0328 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/27 22:40:10.0500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/27 22:40:10.0595 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/27 22:40:10.0650 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/12/27 22:40:10.0854 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/27 22:40:11.0078 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/27 22:40:11.0120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/27 22:40:11.0150 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/27 22:40:11.0219 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/27 22:40:11.0266 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/27 22:40:11.0308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/27 22:40:11.0328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/27 22:40:11.0402 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/27 22:40:11.0528 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2010/12/27 22:40:11.0556 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/27 22:40:11.0608 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/27 22:40:11.0698 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/27 22:40:11.0749 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/12/27 22:40:11.0847 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/27 22:40:11.0881 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/27 22:40:11.0913 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/12/27 22:40:12.0001 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/27 22:40:12.0043 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/27 22:40:12.0191 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
2010/12/27 22:40:12.0224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/27 22:40:12.0361 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/12/27 22:40:12.0502 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/12/27 22:40:12.0552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/12/27 22:40:12.0675 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
2010/12/27 22:40:12.0752 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/12/27 22:40:12.0822 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/27 22:40:12.0951 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/27 22:40:13.0074 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/27 22:40:13.0136 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/27 22:40:13.0258 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/12/27 22:40:13.0304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/12/27 22:40:13.0359 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/27 22:40:13.0422 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/12/27 22:40:13.0446 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/12/27 22:40:13.0498 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/27 22:40:13.0563 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/12/27 22:40:13.0597 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/12/27 22:40:13.0687 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/12/27 22:40:13.0757 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/27 22:40:13.0876 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/27 22:40:13.0944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/27 22:40:14.0035 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/27 22:40:14.0114 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/12/27 22:40:14.0170 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/27 22:40:14.0207 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/27 22:40:14.0253 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/27 22:40:14.0280 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/27 22:40:14.0343 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/27 22:40:14.0415 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/27 22:40:14.0487 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2010/12/27 22:40:14.0591 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/12/27 22:40:14.0670 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/27 22:40:14.0740 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/27 22:40:14.0847 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/27 22:40:15.0066 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/12/27 22:40:15.0194 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/27 22:40:15.0294 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
2010/12/27 22:40:15.0403 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
2010/12/27 22:40:15.0435 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/27 22:40:15.0531 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/27 22:40:15.0569 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/27 22:40:15.0602 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/27 22:40:15.0678 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/12/27 22:40:15.0707 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/12/27 22:40:15.0735 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/27 22:40:15.0820 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/27 22:40:15.0880 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
2010/12/27 22:40:15.0972 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/27 22:40:16.0011 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/27 22:40:16.0046 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/27 22:40:16.0176 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/27 22:40:16.0227 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/12/27 22:40:16.0368 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/12/27 22:40:16.0425 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/27 22:40:16.0535 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/12/27 22:40:16.0619 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/27 22:40:16.0703 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/27 22:40:16.0735 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/27 22:40:16.0759 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/27 22:40:16.0852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/12/27 22:40:16.0961 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
2010/12/27 22:40:17.0046 MAUSBFASTTRACKPRO (8238e8824e68ab867205bcd664f76655) C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys
2010/12/27 22:40:17.0131 MAUSBMIDI (6ea9aa4a432871225938cc6869e59213) C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys
2010/12/27 22:40:17.0191 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/27 22:40:17.0258 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/27 22:40:17.0290 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/27 22:40:17.0345 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/12/27 22:40:17.0415 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/27 22:40:17.0463 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/27 22:40:17.0545 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/27 22:40:17.0573 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/12/27 22:40:17.0613 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/27 22:40:17.0681 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/27 22:40:17.0704 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/27 22:40:17.0771 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/27 22:40:17.0814 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/27 22:40:17.0870 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/27 22:40:17.0902 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/27 22:40:17.0951 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/27 22:40:18.0026 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/12/27 22:40:18.0061 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/27 22:40:18.0106 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/27 22:40:18.0190 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/27 22:40:18.0236 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/27 22:40:18.0286 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/12/27 22:40:18.0344 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/12/27 22:40:18.0386 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/27 22:40:18.0464 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/12/27 22:40:18.0489 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/27 22:40:18.0542 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/12/27 22:40:18.0632 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/27 22:40:18.0714 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/12/27 22:40:18.0814 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/27 22:40:18.0844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/27 22:40:18.0905 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/27 22:40:18.0953 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/27 22:40:18.0981 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/12/27 22:40:19.0024 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/27 22:40:19.0080 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/27 22:40:19.0184 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
2010/12/27 22:40:19.0442 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
2010/12/27 22:40:19.0676 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
2010/12/27 22:40:19.0957 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
2010/12/27 22:40:20.0176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/27 22:40:20.0214 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/12/27 22:40:20.0240 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/27 22:40:20.0355 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/12/27 22:40:20.0449 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2010/12/27 22:40:20.0474 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/12/27 22:40:20.0505 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/27 22:40:20.0576 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/27 22:40:20.0608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/27 22:40:20.0641 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/27 22:40:20.0684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/12/27 22:40:20.0778 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/12/27 22:40:20.0829 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/12/27 22:40:20.0871 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/27 22:40:20.0893 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/27 22:40:21.0000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/12/27 22:40:21.0033 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/12/27 22:40:21.0206 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/27 22:40:21.0233 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/12/27 22:40:21.0268 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/27 22:40:21.0394 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/12/27 22:40:21.0461 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/27 22:40:21.0552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/27 22:40:21.0588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/27 22:40:21.0617 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/27 22:40:21.0717 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/27 22:40:21.0744 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/27 22:40:21.0770 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/27 22:40:21.0867 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/27 22:40:21.0891 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/27 22:40:21.0923 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/27 22:40:21.0954 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/27 22:40:22.0046 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/27 22:40:22.0070 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/27 22:40:22.0095 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/12/27 22:40:22.0193 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/12/27 22:40:22.0263 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/27 22:40:22.0365 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
2010/12/27 22:40:22.0414 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
2010/12/27 22:40:22.0503 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/27 22:40:22.0535 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/27 22:40:22.0691 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/27 22:40:22.0794 Sentinel64 (84ac127242dd3ccde02f9a4673214b1f) C:\Windows\System32\Drivers\Sentinel64.sys
2010/12/27 22:40:22.0915 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/27 22:40:22.0991 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/12/27 22:40:23.0026 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/27 22:40:23.0149 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/27 22:40:23.0230 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/27 22:40:23.0257 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/27 22:40:23.0290 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/27 22:40:23.0398 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/27 22:40:23.0428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/27 22:40:23.0463 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/12/27 22:40:23.0574 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/12/27 22:40:23.0754 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
2010/12/27 22:40:23.0754 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
2010/12/27 22:40:23.0769 sptd - detected Locked file (1)
2010/12/27 22:40:23.0893 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/27 22:40:24.0009 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/27 22:40:24.0053 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2010/12/27 22:40:24.0178 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2010/12/27 22:40:24.0276 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2010/12/27 22:40:24.0394 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/27 22:40:24.0447 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/27 22:40:24.0537 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/27 22:40:24.0633 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/27 22:40:24.0801 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/12/27 22:40:24.0934 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/27 22:40:25.0025 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/27 22:40:25.0063 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/12/27 22:40:25.0083 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/12/27 22:40:25.0168 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/27 22:40:25.0192 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/27 22:40:25.0307 Tpkd (c676b0f52f2b6483afb88f79cabb011e) C:\Windows\system32\drivers\Tpkd.sys
2010/12/27 22:40:25.0353 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/27 22:40:25.0452 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/27 22:40:25.0476 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/27 22:40:25.0501 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2010/12/27 22:40:25.0528 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/27 22:40:25.0635 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/27 22:40:25.0693 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/27 22:40:25.0797 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/27 22:40:25.0863 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/12/27 22:40:25.0948 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/27 22:40:25.0986 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/27 22:40:26.0063 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/27 22:40:26.0092 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/27 22:40:26.0119 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/27 22:40:26.0212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/27 22:40:26.0254 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/27 22:40:26.0337 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/27 22:40:26.0359 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/27 22:40:26.0429 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2010/12/27 22:40:26.0574 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/27 22:40:26.0610 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/27 22:40:26.0635 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/12/27 22:40:26.0663 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/27 22:40:26.0757 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/27 22:40:26.0980 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/27 22:40:27.0013 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/12/27 22:40:27.0038 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/27 22:40:27.0131 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/27 22:40:27.0175 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/27 22:40:27.0218 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/27 22:40:27.0314 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/27 22:40:27.0353 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/27 22:40:27.0368 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/27 22:40:27.0488 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/12/27 22:40:27.0526 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/27 22:40:27.0672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/27 22:40:27.0699 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/12/27 22:40:27.0750 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2010/12/27 22:40:27.0939 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/27 22:40:27.0994 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/27 22:40:28.0051 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/12/27 22:40:28.0148 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/27 22:40:28.0192 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2010/12/27 22:40:28.0305 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2010/12/27 22:40:28.0410 ================================================================================
2010/12/27 22:40:28.0410 Scan finished
2010/12/27 22:40:28.0410 ================================================================================
2010/12/27 22:40:28.0425 Detected object count: 1
2010/12/27 22:40:30.0547 Locked file(sptd) - User select action: Skip


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Gateway
System Manufacturer: Gateway
System Product Name: NV78
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 215):
0x02E1A000 \SystemRoot\system32\ntoskrnl.exe
0x033F6000 \SystemRoot\system32\hal.dll
0x00BAF000 \SystemRoot\system32\kdcom.dll
0x00C9C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CE0000 \SystemRoot\system32\PSHED.dll
0x00CF4000 \SystemRoot\system32\CLFS.SYS
0x00EAE000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F6E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01091000 \SystemRoot\System32\Drivers\spai.sys
0x011B8000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011C1000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F7D000 \SystemRoot\system32\DRIVERS\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x01083000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x011F0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D52000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC5000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FDF000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DAE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00FE8000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00DD8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FF3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C4C000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C60000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01235000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01402000 \SystemRoot\System32\Drivers\msrpc.sys
0x01460000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0147A000 \SystemRoot\System32\Drivers\cng.sys
0x014ED000 \SystemRoot\System32\drivers\pcw.sys
0x014FE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01508000 \SystemRoot\system32\drivers\ndis.sys
0x0163B000 \SystemRoot\system32\drivers\NETIO.SYS
0x0169B000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x016C6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01710000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0175C000 \SystemRoot\System32\Drivers\Tpkd.sys
0x0177F000 \SystemRoot\System32\Drivers\spldr.sys
0x01787000 \SystemRoot\System32\drivers\rdyboost.sys
0x017C1000 \SystemRoot\System32\Drivers\mup.sys
0x017D3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017DC000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x013EF000 \SystemRoot\System32\Drivers\Null.SYS
0x013F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x00C7F000 \SystemRoot\System32\drivers\vga.sys
0x02C1C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C41000 \SystemRoot\System32\drivers\watchdog.sys
0x02C51000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C5A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C63000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C6C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C77000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C88000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CA6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CB3000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02CC3000 \SystemRoot\system32\drivers\afd.sys
0x02D4D000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x02D57000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D9C000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DA5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DCB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02DE1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00DE8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A1D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A6E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A7A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03A85000 \SystemRoot\System32\drivers\discache.sys
0x03A94000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AB2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03AC3000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03AE6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B0C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03C0F000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04428000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0451C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04562000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0456F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x045C5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x045D6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04317000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x045FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04400000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04368000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x04374000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04383000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0441E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x043CC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03B22000 \SystemRoot\System32\Drivers\azscst2u.SYS
0x043DB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x043E4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03B67000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03B7D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03BA1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BD0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x048B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x048D6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x048F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x048F2000 \SystemRoot\system32\DRIVERS\ks.sys
0x04935000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04947000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x049A1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05203000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x049B6000 \SystemRoot\system32\drivers\portcls.sys
0x04800000 \SystemRoot\system32\drivers\drmk.sys
0x053E2000 \SystemRoot\system32\drivers\ksthunk.sys
0x04822000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x05600000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x05874000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x0593F000 \SystemRoot\system32\drivers\modem.sys
0x0594E000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x05975000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x0597D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x059A7000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x059AF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x059BD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x059C9000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x059D4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x05830000 \SystemRoot\System32\drivers\Dxapi.sys
0x0583C000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x0584C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0585A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x059E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05774000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x057AF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x057CC000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x059F0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x057E1000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x04874000 \SystemRoot\System32\Drivers\usbvideo.sys
0x053E8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00580000 \SystemRoot\System32\TSDDD.dll
0x00700000 \SystemRoot\System32\cdd.dll
0x00830000 \SystemRoot\System32\ATMFD.DLL
0x022E2000 \SystemRoot\system32\drivers\luafv.sys
0x02305000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x0233F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x02348000 \SystemRoot\system32\drivers\WudfPf.sys
0x02369000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0237E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x023D1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x023E4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02200000 \SystemRoot\System32\Drivers\exfat.SYS
0x02AC8000 \SystemRoot\system32\drivers\HTTP.sys
0x02B90000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02BAE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02BC6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02A71000 \SystemRoot\System32\Drivers\Sentinel64.sys
0x02A96000 \??\C:\Windows\system32\drivers\cpuz134_x64.sys
0x02A9F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x02235000 \SystemRoot\system32\drivers\peauth.sys
0x02AA4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06C2A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06C57000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06C69000 \SystemRoot\system32\drivers\tdtcp.sys
0x06C74000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x06C83000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x06CED000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x06CF5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06D5C000 \SystemRoot\System32\DRIVERS\srv.sys
0x078A5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07860000 \SystemRoot\system32\drivers\MSPQM.sys
0x07862000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0x07906000 \SystemRoot\system32\DRIVERS\MAudioUSBMIDI.sys
0x07938000 \SystemRoot\system32\DRIVERS\MAudioFastTrackPro.sys
0x776A0000 \Windows\System32\ntdll.dll
0x47720000 \Windows\System32\smss.exe
0xFF9C0000 \Windows\System32\apisetschema.dll
0xFFA90000 \Windows\System32\autochk.exe
0x775A0000 \Windows\System32\user32.dll
0xFF9A0000 \Windows\System32\nsi.dll
0xFF8C0000 \Windows\System32\advapi32.dll
0xFF7F0000 \Windows\System32\usp10.dll
0xFF750000 \Windows\System32\comdlg32.dll
0xFF700000 \Windows\System32\ws2_32.dll
0xFF6E0000 \Windows\System32\imagehlp.dll
0xFF500000 \Windows\System32\setupapi.dll
0xFF3F0000 \Windows\System32\msctf.dll
0xFF2C0000 \Windows\System32\wininet.dll
0xFE530000 \Windows\System32\shell32.dll
0x77870000 \Windows\System32\normaliz.dll
0xFE2D0000 \Windows\System32\iertutil.dll
0xFE230000 \Windows\System32\msvcrt.dll
0xFE100000 \Windows\System32\rpcrt4.dll
0xFE060000 \Windows\System32\clbcatq.dll
0xFDE50000 \Windows\System32\ole32.dll
0xFDDD0000 \Windows\System32\shlwapi.dll
0xFDDC0000 \Windows\System32\lpk.dll
0xFDC40000 \Windows\System32\urlmon.dll
0xFDBC0000 \Windows\System32\difxapi.dll
0xFDBA0000 \Windows\System32\sechost.dll
0x77480000 \Windows\System32\kernel32.dll
0xFDB50000 \Windows\System32\Wldap32.dll
0xFDAE0000 \Windows\System32\gdi32.dll
0x77860000 \Windows\System32\psapi.dll
0xFDAB0000 \Windows\System32\imm32.dll
0xFD9D0000 \Windows\System32\oleaut32.dll
0xFD860000 \Windows\System32\crypt32.dll
0xFD7C0000 \Windows\System32\comctl32.dll
0xFD7A0000 \Windows\System32\devobj.dll
0xFD730000 \Windows\System32\KernelBase.dll
0xFD6F0000 \Windows\System32\wintrust.dll
0xFD6B0000 \Windows\System32\cfgmgr32.dll
0xFD6A0000 \Windows\System32\msasn1.dll

Processes (total 94):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
412 csrss.exe
488 C:\Windows\System32\wininit.exe
500 csrss.exe
536 C:\Windows\System32\services.exe
560 C:\Windows\System32\lsass.exe
568 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1188 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1400 C:\Windows\System32\spoolsv.exe
1452 C:\Windows\System32\svchost.exe
1576 C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
1668 C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
1708 C:\Windows\System32\svchost.exe
1740 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
1792 C:\Windows\System32\svchost.exe
1992 C:\Windows\System32\taskhost.exe
1144 C:\Windows\System32\dwm.exe
1428 C:\Windows\explorer.exe
2120 C:\Windows\System32\lxdacoms.exe
2160 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
2244 C:\Windows\SysWOW64\PnkBstrA.exe
2268 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2308 C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2336 C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
2400 C:\Windows\System32\svchost.exe
2452 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
2544 C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
2600 C:\Program Files (x86)\UWIN\usr\etc\ums.exe
2640 C:\Program Files (x86)\UWIN\usr\etc\init.exe
2728 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3028 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3144 C:\Windows\System32\svchost.exe
3304 WUDFHost.exe
3660 C:\Program Files (x86)\UWIN\usr\etc\inetd.exe
3832 C:\Windows\System32\svchost.exe
4052 C:\Program Files (x86)\UWIN\usr\lib\cs\tcp\at\at.svc
4072 C:\Program Files (x86)\UWIN\usr\lib\cs\tcp\at\at.svc
3440 C:\Program Files\Windows Media Player\wmpnetwk.exe
3384 C:\Program Files (x86)\UWIN\usr\sbin\sshd.exe
3648 C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
3744 C:\Windows\System32\igfxext.exe
3944 C:\Windows\System32\igfxsrvc.exe
4032 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2212 C:\Windows\System32\wbem\unsecapp.exe
4060 C:\Windows\System32\igfxtray.exe
3492 C:\Windows\System32\hkcmd.exe
3628 C:\Windows\System32\igfxpers.exe
3716 C:\Windows\System32\M-AudioTaskBarIcon.exe
3856 WmiPrvSE.exe
2760 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4164 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4448 C:\Program Files (x86)\Launch Manager\LManager.exe
4484 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
4532 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4580 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4664 C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
4832 dllhost.exe
1516 C:\Windows\ehome\ehmsas.exe
7668 C:\Program Files\Gateway\Gateway Updater\ALU.exe
6480 C:\Program Files (x86)\AIM\aim.exe
6992 C:\Windows\System32\svchost.exe
4884 C:\Windows\System32\audiodg.exe
7732 C:\Windows\System32\prevhost.exe
1104 C:\Program Files\Windows Media Player\wmprph.exe
5916 C:\Windows\System32\notepad.exe
7940 C:\Users\Absurd\AppData\Local\Google\Chrome\Application\chrome.exe
3220 C:\Users\Absurd\AppData\Local\Google\Chrome\Application\chrome.exe
5420 C:\Users\Absurd\AppData\Local\Google\Chrome\Application\chrome.exe
1936 C:\Users\Absurd\AppData\Local\Google\Chrome\Application\chrome.exe
7648 C:\Users\Absurd\AppData\Local\Google\Chrome\Application\chrome.exe
5836 C:\Users\Absurd\AppData\Local\Google\Chrome\Application\chrome.exe
8044 C:\Users\Absurd\AppData\Local\Google\Chrome\Application\chrome.exe
556 C:\Users\Absurd\AppData\Local\Google\Chrome\Application\chrome.exe
6764 C:\Program Files\Internet Explorer\iexplore.exe
6428 C:\Program Files\Internet Explorer\iexplore.exe
6484 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
6640 C:\Users\Absurd\AppData\Local\Google\Chrome\Application\chrome.exe
2968 C:\Windows\System32\taskhost.exe
6476 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
3164 C:\Windows\System32\mspaint.exe
5376 C:\Windows\SysWOW64\notepad.exe
7280 C:\Users\Absurd\Desktop\MBRCheck.exe
4756 C:\Windows\System32\conhost.exe
2940 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`069e5800 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545050B9A300, Rev: PB4OC60F

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:38 PM

Posted 28 December 2010 - 10:36 AM

That's a legitimate file and skip is the right response there.

Please run MBAM and SAS next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#7 Absurdny

Absurdny
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 28 December 2010 - 09:19 PM

I finished both scans and threats were found with both programs however, I could only find the log for MBAM. When the scan was finished for Super Anti Spyware and I removed the threats it said I had to restart my computer so I did. When It started back up and I went into the logs section of Super Anti Spyware, There was no logs present. I can rescan again if you want me to but I don't know if the threats will be found anymore because they are removed now. Also I am still having trouble with my policies. A bunch of programs wont start because it cant access files that it needs to run.

Here is the other log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5409

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/28/2010 7:36:50 PM
mbam-log-2010-12-28 (19-36-50).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 499477
Time elapsed: 1 hour(s), 20 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790572B1765F5234AF91 (Malware.Trace) -> Value: SRS_IT_E8790572B1765F5234AF91 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Plugs\ae plug-ins pack, v.2\#after effects plug-ins - v.2 complete folder template\after effects plug-ins - v.2 complete folder template\after effects - plugins\Boris FX\boris fx - red 3gl\Red 3GL\installation aid\after effects\red_ae_patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\Plugs\ae plug-ins pack, v.2\#after effects plug-ins - v.2 complete folder template\after effects plug-ins - v.2 complete folder template\after effects - plugins\Boris FX\boris fx - red 3gl\Red 3GL\installation aid\Avid\red_avx10_patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\Plugs\ae plug-ins pack, v.2\#after effects plug-ins - v.2 complete folder template\after effects plug-ins - v.2 complete folder template\after effects - plugins\Boris FX\boris fx - red 3gl\Red 3GL\installation aid\Avid\red_avx15_patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\Plugs\ae plug-ins pack, v.2\#after effects plug-ins - v.2 complete folder template\after effects plug-ins - v.2 complete folder template\after effects - plugins\Boris FX\boris fx - red 3gl\Red 3GL\installation aid\Common\red_dll_patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\Plugs\ae plug-ins pack, v.2\#after effects plug-ins - v.2 complete folder template\after effects plug-ins - v.2 complete folder template\after effects - plugins\Boris FX\boris fx - red 3gl\Red 3GL\installation aid\Common\red_engine_patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
c:\Plugs\compressor + mastering tools\installed\voxengo.deft.compressor.vst.v1.1.x86.x64\voxengo.deft.compressor.vst.v1.1.x86.x64\sel.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Plugs\vsti & vst collection\installed\af.celemony.melodyne.plugin.vst.rtas.v1.0\af.celemony.melodyne.plugin.vst.rtas.v1.0\tra.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Edited by Absurdny, 28 December 2010 - 09:33 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:38 PM

Posted 29 December 2010 - 08:59 PM

Can you please let me know, say, five of the programs are not running.

Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 Absurdny

Absurdny
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 30 December 2010 - 01:11 AM

Some of the programs that will not start are AIM, Adobe Photoshop, Propellerheads Reason, Adobe Premiere Calkwalk Sonar. Basically they all say either they can't access something that it needs to start for example, Photoshop has scratch disks and when I try to start Photoshop it tells me it can't access the drive the scratch disks are on. I have found out that if I right click on any program that don't work and select "Run as administrator" it will then start.
Here is the ComboFix log:

ComboFix 10-12-29.02 - Absurd 12/30/2010 0:33.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2132 [GMT -5:00]
Running from: c:\users\Absurd\Desktop\comfix.exe.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\sysapp
c:\programdata\sysapp\Interop.MSNMessenger.dll
c:\programdata\sysapp\Ionic.Zip.Reduced.dll
c:\programdata\sysapp\keyboard_key.ico
c:\programdata\sysapp\Microsoft.Office.Interop.Outlook.dll
c:\programdata\sysapp\MSNMessengerAPI.tlb
c:\programdata\sysapp\office.dll
c:\programdata\sysapp\SysAppInstaller.exe
c:\programdata\sysapp\SysDir.exe
c:\programdata\sysapp\SysDir.exe.config
c:\programdata\sysapp\SysDir.InstallState
c:\programdata\sysapp\TheBestLicence.rtf
c:\users\Absurd\ChromeSetup.exe
c:\users\Absurd\dds.scr
c:\users\Absurd\install_drugwars.exe
c:\windows\SysWow64\msvcsv60.dll

----- BITS: Possible infected sites -----

hxxp://apnmedia.ask.com
.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 05:41 . 2010-12-30 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 02:08 . 2008-05-19 17:13 57344 ----a-w- c:\windows\SysWow64\ASTSRV.EXE
2010-12-29 02:30 . 2010-12-29 02:30 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2010-12-29 02:10 . 2010-12-30 05:41 -------- d-----w- c:\users\Absurd
2010-12-29 02:10 . 2010-12-15 15:20 -------- d-----w- c:\users\HomeGroupUser$
2010-12-29 02:10 . 2010-12-15 15:20 -------- d-----w- c:\users\Guest
2010-12-29 02:10 . 2010-12-15 15:20 -------- d-----w- c:\users\Administrator
2010-12-29 02:10 . 2010-11-17 23:00 -------- d-----w- c:\users\Mcx1-ABSURD-LAPTOP
2010-12-29 00:47 . 2010-12-29 00:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-29 00:47 . 2010-12-29 00:47 -------- d-----w- c:\programdata\!SASCORE
2010-12-29 00:47 . 2010-12-29 00:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-28 23:13 . 2010-12-28 23:13 -------- d-----w- c:\programdata\Malwarebytes
2010-12-28 23:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-28 23:13 . 2010-12-28 23:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-28 08:35 . 2010-11-16 17:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93789F03-E11B-4F95-81E4-407055155959}\mpengine.dll
2010-12-20 02:48 . 2010-12-20 02:48 -------- d-----w- c:\program files (x86)\VPHoldem
2010-12-20 02:48 . 2004-08-04 10:00 1355776 ----a-w- c:\windows\SysWow64\MSVBVM50.dll
2010-12-19 21:02 . 2010-12-19 21:02 -------- d-----w- c:\program files (x86)\ManyCam
2010-12-17 06:02 . 2010-12-17 06:02 -------- d-----w- c:\program files (x86)\MP3 to WAV Decoder
2010-12-17 06:02 . 2001-08-09 03:00 40960 ----a-w- c:\windows\SysWow64\DGPNorm.ocx
2010-12-17 06:02 . 2001-07-25 05:43 409600 ----a-w- c:\windows\SysWow64\activemp3.ocx
2010-12-17 05:18 . 2010-12-17 05:18 -------- d-----w- c:\program files (x86)\FXpansion
2010-12-16 03:43 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-16 03:43 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-16 03:43 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-16 03:43 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-16 03:43 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-16 03:43 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-16 03:43 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-16 03:43 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-16 03:43 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 03:43 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 03:43 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-16 02:52 . 2010-12-16 02:52 -------- d-----w- c:\program files\CCleaner
2010-12-15 23:00 . 2010-12-15 23:00 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-15 22:46 . 2010-12-15 22:46 -------- d-----w- c:\program files (x86)\ESET
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-12-15 16:59 . 2010-12-15 16:59 -------- d-----w- c:\program files (x86)\QuickTime
2010-12-15 16:59 . 2010-12-15 16:59 -------- d-----w- c:\programdata\Apple Computer
2010-12-15 16:57 . 2010-12-15 16:57 -------- d-----w- c:\program files (x86)\Common Files\Apple
2010-12-15 16:57 . 2010-12-15 16:57 -------- d-----w- c:\program files (x86)\Apple Software Update
2010-12-15 15:20 . 2010-12-29 08:20 -------- d-----w- C:\.deleted
2010-12-15 15:19 . 2010-12-15 15:18 7680 ----a-w- c:\windows\SysWow64\uwin_uninstall.exe
2010-12-15 15:19 . 2010-12-15 15:20 -------- d-----w- c:\program files (x86)\UWIN
2010-12-15 15:19 . 2010-06-08 19:12 949760 ------w- c:\windows\SysWow64\posix.dll
2010-12-15 15:19 . 2010-05-27 19:13 901632 ----a-w- c:\windows\SysWow64\ast54.dll
2010-12-15 15:19 . 2010-03-26 16:01 194048 ----a-w- c:\windows\SysWow64\uwin.cpl
2010-12-15 14:38 . 2010-12-15 14:38 1409 ----a-w- c:\windows\QTFont.for
2010-12-13 15:03 . 2010-12-13 15:04 -------- d-----w- c:\program files (x86)\MagicISO
2010-12-11 15:19 . 2010-12-11 15:20 -------- d-----w- c:\program files (x86)\TuneUpMedia
2010-12-11 15:18 . 2010-12-11 15:19 -------- d-----w- c:\programdata\TuneUpMedia
2010-12-11 15:15 . 2010-12-11 15:15 -------- d-----w- c:\program files (x86)\ConduitEngine
2010-12-11 15:14 . 2010-12-11 15:14 -------- d-----w- C:\extensions
2010-12-09 17:12 . 2010-12-09 17:12 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-07 17:10 . 2010-12-07 17:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-07 17:08 . 2010-12-07 17:08 -------- d-----w- c:\windows\Sun
2010-12-07 17:08 . 2010-11-12 23:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-07 17:08 . 2010-12-16 02:52 -------- d-----w- c:\program files (x86)\Java
2010-12-07 16:58 . 2010-12-12 06:19 -------- d-----w- c:\program files (x86)\QuoteTracker
2010-12-07 13:04 . 2010-12-13 23:57 -------- d-----w- c:\programdata\VMware
2010-12-04 02:02 . 2010-12-04 02:02 -------- d-----w- c:\program files (x86)\Your Company Name
2010-12-03 01:53 . 2010-12-29 02:08 -------- d-----w- c:\program files (x86)\FCharts
2010-12-03 01:53 . 2004-03-09 21:45 260880 ----a-w- c:\windows\SysWow64\MSFLXGRD.ocx
2010-12-03 01:53 . 2004-03-09 21:45 132880 ----a-w- c:\windows\SysWow64\MSINET.OCX
2010-12-03 01:29 . 2010-12-03 01:33 -------- d-----w- c:\program files (x86)\MetaTrader 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 13:47 . 2010-11-18 17:14 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2010-12-04 00:59 . 2010-11-06 04:02 286720 ------w- c:\windows\Setup1.exe
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-22 02:46 . 2010-11-22 02:46 53248 ----a-r- c:\users\Absurd\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-11-21 21:51 . 2010-11-21 21:52 189480 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-21 21:51 . 2010-11-21 21:51 189480 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-11-21 21:51 . 2010-11-21 21:51 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-11-06 13:12 . 2010-11-06 13:12 406528 ------w- c:\windows\SysWow64\ReWire.dll
2010-11-06 13:12 . 2010-11-06 13:12 338432 ------w- c:\windows\SysWow64\REX Shared Library.dll
2010-11-06 04:02 . 2010-11-06 04:02 73216 ------w- c:\windows\ST6UNST.EXE
2010-10-30 12:30 . 2010-10-30 12:30 720896 ----a-w- c:\windows\iun6002.exe
2010-10-30 12:24 . 2010-10-30 12:24 833100 ----a-w- c:\windows\Reverence VST plug-in Uninstaller.exe
2010-10-30 12:23 . 2010-10-30 12:23 833081 ----a-w- c:\windows\PhaseTwo VST plug-in Uninstaller.exe
2010-10-30 12:22 . 2010-10-30 12:22 833130 ----a-w- c:\windows\BigSeq VST plug-in Uninstaller.exe
2010-10-30 11:28 . 2010-10-30 11:28 6500352 ----a-w- c:\windows\SysWow64\PSP VintageWarmer2.dll
2010-10-30 11:28 . 2010-10-30 11:28 6492160 ----a-w- c:\windows\SysWow64\PSP VintageWarmer.dll
2010-10-30 00:33 . 2010-10-30 00:33 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2010-10-25 01:44 . 2010-10-25 01:44 520192 ----a-w- c:\windows\SysWow64\Side 9 Screensaver.scr
2010-10-04 03:43 . 2010-10-04 03:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-04 03:43 . 2010-10-04 03:43 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-10-04 03:43 . 2010-10-04 03:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fcbf663e-8530-46f8-a880-ac5abe9d2b23}"= "c:\program files (x86)\mobilewitch\tbmobi.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 20:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll


[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
2010-06-13 23:10 2734688 ----a-w- c:\program files (x86)\mobilewitch\tbmobi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fcbf663e-8530-46f8-a880-ac5abe9d2b23}"= "c:\program files (x86)\mobilewitch\tbmobi.dll" [2010-06-13 2734688]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2988784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-07-15 630784]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R2 Jasmio.MediaCenter.Service;Media Center Support Service;c:\program files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe [2009-11-10 73144]
R2 UWIN_MS;Uwin Master;c:\program files (x86)\UWIN\usr\etc\ums.exe [2010-05-28 46592]
R3 EWAVE;EWAVE;c:\windows\system32\drivers\ew.sys [x]
R3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [2010-04-13 200200]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-01-04 90352]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-13 828912]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 nlsInterface;Nalpeiron Licensing Service 64-bit;c:\windows\system32\nlsInterface.exe [2009-04-03 72192]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-04-13 1636872]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-12 292864]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-06 317480]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2009-11-09 187912]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]

.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-27 08:28]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-27 08:28]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2425720138-3500638229-199635740-1001Core.job
- c:\users\Absurd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-23 18:50]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2425720138-3500638229-199635740-1001UA.job
- c:\users\Absurd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-23 18:50]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 798216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273601104505l0364z115a4812v247
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273601104505l0364z115a4812v247
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with Xilisoft Download YouTube Video - c:\program files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Save Picture to Mobile Phone - c:\program files (x86)\Pix2Fone\p2fd.html
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{FCBF663E-8530-46F8-A880-AC5ABE9D2B23} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Native Instruments Battery 3 - c:\programdata\{7D55A338-9946-4B03-9D84-8FD1472DA229}\Battery 3 Setup PC.exe
AddRemove-Roger Nichols Digital DETAILER VST RTAS_is1 - c:\program files (x86)\Roger Nichols Digital
AddRemove-Side 9 Screensaver - c:\windows\system32\Side 9 Screensaver.scr
AddRemove-UWIN - c:\windows\system32\uwin_uninstall.exe
AddRemove-{6BED4DFE-C527-463E-B93A-6F6848B74DD0} - c:\programdata\{7D55A338-9946-4B03-9D84-8FD1472DA229}\Battery 3 Setup PC.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2425720138-3500638229-199635740-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-2425720138-3500638229-199635740-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*6*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-30 00:56:09
ComboFix-quarantined-files.txt 2010-12-30 05:56

Pre-Run: 60,621,316,096 bytes free
Post-Run: 60,576,874,496 bytes free

- - End Of File - - 1A9490A533D13488FBAA888107BCD023

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:38 PM

Posted 30 December 2010 - 09:25 AM

Run Combofix again please.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

RegLock::
[HKEY_USERS\S-1-5-21-2425720138-3500638229-199635740-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-2425720138-3500638229-199635740-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*6*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

This unlocks any reguistry entries which are not under your control. If there's still problems then try this: I can't find a way to default this but this will work on each program individually.
Posted Image
m0le is a proud member of UNITE

#11 Absurdny

Absurdny
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 30 December 2010 - 02:57 PM

Here is the new ComboFix log:


ComboFix 10-12-29.02 - Absurd 12/30/2010 14:38:43.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2125 [GMT -5:00]
Running from: c:\users\Absurd\Desktop\comfix.exe.exe
Command switches used :: c:\users\Absurd\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 19:47 . 2010-12-30 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 10:10 . 2010-11-16 17:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B56F1C3-D75F-4041-B033-5624AF0D5DD7}\mpengine.dll
2010-12-30 02:08 . 2008-05-19 17:13 57344 ----a-w- c:\windows\SysWow64\ASTSRV.EXE
2010-12-29 02:30 . 2010-12-29 02:30 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2010-12-29 02:10 . 2010-12-30 19:46 -------- d-----w- c:\users\Absurd
2010-12-29 02:10 . 2010-12-15 15:20 -------- d-----w- c:\users\HomeGroupUser$
2010-12-29 02:10 . 2010-12-15 15:20 -------- d-----w- c:\users\Guest
2010-12-29 02:10 . 2010-12-15 15:20 -------- d-----w- c:\users\Administrator
2010-12-29 02:10 . 2010-11-17 23:00 -------- d-----w- c:\users\Mcx1-ABSURD-LAPTOP
2010-12-29 00:47 . 2010-12-29 00:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-29 00:47 . 2010-12-29 00:47 -------- d-----w- c:\programdata\!SASCORE
2010-12-29 00:47 . 2010-12-29 00:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-28 23:13 . 2010-12-28 23:13 -------- d-----w- c:\programdata\Malwarebytes
2010-12-28 23:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-28 23:13 . 2010-12-28 23:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-20 02:48 . 2010-12-20 02:48 -------- d-----w- c:\program files (x86)\VPHoldem
2010-12-20 02:48 . 2004-08-04 10:00 1355776 ----a-w- c:\windows\SysWow64\MSVBVM50.dll
2010-12-17 06:02 . 2010-12-17 06:02 -------- d-----w- c:\program files (x86)\MP3 to WAV Decoder
2010-12-17 06:02 . 2001-08-09 03:00 40960 ----a-w- c:\windows\SysWow64\DGPNorm.ocx
2010-12-17 06:02 . 2001-07-25 05:43 409600 ----a-w- c:\windows\SysWow64\activemp3.ocx
2010-12-17 05:18 . 2010-12-17 05:18 -------- d-----w- c:\program files (x86)\FXpansion
2010-12-16 03:43 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-16 03:43 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-16 03:43 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-16 03:43 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-16 03:43 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-16 03:43 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-16 03:43 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-16 03:43 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-16 03:43 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 03:43 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 03:43 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-16 02:52 . 2010-12-16 02:52 -------- d-----w- c:\program files\CCleaner
2010-12-15 23:00 . 2010-12-15 23:00 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-15 22:46 . 2010-12-15 22:46 -------- d-----w- c:\program files (x86)\ESET
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-15 16:59 . 2010-12-15 16:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-12-15 16:59 . 2010-12-15 16:59 -------- d-----w- c:\program files (x86)\QuickTime
2010-12-15 16:59 . 2010-12-15 16:59 -------- d-----w- c:\programdata\Apple Computer
2010-12-15 16:57 . 2010-12-15 16:57 -------- d-----w- c:\program files (x86)\Common Files\Apple
2010-12-15 16:57 . 2010-12-15 16:57 -------- d-----w- c:\program files (x86)\Apple Software Update
2010-12-15 15:20 . 2010-12-29 08:20 -------- d-----w- C:\.deleted
2010-12-15 15:19 . 2010-12-15 15:18 7680 ----a-w- c:\windows\SysWow64\uwin_uninstall.exe
2010-12-15 15:19 . 2010-12-15 15:20 -------- d-----w- c:\program files (x86)\UWIN
2010-12-15 15:19 . 2010-06-08 19:12 949760 ------w- c:\windows\SysWow64\posix.dll
2010-12-15 15:19 . 2010-05-27 19:13 901632 ----a-w- c:\windows\SysWow64\ast54.dll
2010-12-15 15:19 . 2010-03-26 16:01 194048 ----a-w- c:\windows\SysWow64\uwin.cpl
2010-12-15 14:38 . 2010-12-15 14:38 1409 ----a-w- c:\windows\QTFont.for
2010-12-13 15:03 . 2010-12-13 15:04 -------- d-----w- c:\program files (x86)\MagicISO
2010-12-11 15:19 . 2010-12-11 15:20 -------- d-----w- c:\program files (x86)\TuneUpMedia
2010-12-11 15:18 . 2010-12-11 15:19 -------- d-----w- c:\programdata\TuneUpMedia
2010-12-11 15:15 . 2010-12-11 15:15 -------- d-----w- c:\program files (x86)\ConduitEngine
2010-12-11 15:14 . 2010-12-11 15:14 -------- d-----w- C:\extensions
2010-12-09 17:12 . 2010-12-09 17:12 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-07 17:10 . 2010-12-07 17:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-07 17:08 . 2010-12-07 17:08 -------- d-----w- c:\windows\Sun
2010-12-07 17:08 . 2010-11-12 23:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-07 17:08 . 2010-12-16 02:52 -------- d-----w- c:\program files (x86)\Java
2010-12-07 13:04 . 2010-12-13 23:57 -------- d-----w- c:\programdata\VMware
2010-12-04 02:02 . 2010-12-04 02:02 -------- d-----w- c:\program files (x86)\Your Company Name
2010-12-03 01:53 . 2010-12-29 02:08 -------- d-----w- c:\program files (x86)\FCharts
2010-12-03 01:53 . 2004-03-09 21:45 260880 ----a-w- c:\windows\SysWow64\MSFLXGRD.ocx
2010-12-03 01:53 . 2004-03-09 21:45 132880 ----a-w- c:\windows\SysWow64\MSINET.OCX
2010-12-03 01:29 . 2010-12-03 01:33 -------- d-----w- c:\program files (x86)\MetaTrader 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 13:47 . 2010-11-18 17:14 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2010-12-04 00:59 . 2010-11-06 04:02 286720 ------w- c:\windows\Setup1.exe
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-22 02:46 . 2010-11-22 02:46 53248 ----a-r- c:\users\Absurd\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-11-21 21:51 . 2010-11-21 21:52 189480 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-21 21:51 . 2010-11-21 21:51 189480 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-11-21 21:51 . 2010-11-21 21:51 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-11-06 13:12 . 2010-11-06 13:12 406528 ------w- c:\windows\SysWow64\ReWire.dll
2010-11-06 13:12 . 2010-11-06 13:12 338432 ------w- c:\windows\SysWow64\REX Shared Library.dll
2010-11-06 04:02 . 2010-11-06 04:02 73216 ------w- c:\windows\ST6UNST.EXE
2010-10-30 12:30 . 2010-10-30 12:30 720896 ----a-w- c:\windows\iun6002.exe
2010-10-30 12:24 . 2010-10-30 12:24 833100 ----a-w- c:\windows\Reverence VST plug-in Uninstaller.exe
2010-10-30 12:23 . 2010-10-30 12:23 833081 ----a-w- c:\windows\PhaseTwo VST plug-in Uninstaller.exe
2010-10-30 12:22 . 2010-10-30 12:22 833130 ----a-w- c:\windows\BigSeq VST plug-in Uninstaller.exe
2010-10-30 11:28 . 2010-10-30 11:28 6500352 ----a-w- c:\windows\SysWow64\PSP VintageWarmer2.dll
2010-10-30 11:28 . 2010-10-30 11:28 6492160 ----a-w- c:\windows\SysWow64\PSP VintageWarmer.dll
2010-10-30 00:33 . 2010-10-30 00:33 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2010-10-25 01:44 . 2010-10-25 01:44 520192 ----a-w- c:\windows\SysWow64\Side 9 Screensaver.scr
2010-10-04 03:43 . 2010-10-04 03:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-04 03:43 . 2010-10-04 03:43 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-10-04 03:43 . 2010-10-04 03:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-30_05.42.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2010-12-30 18:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-30 02:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-30 02:12 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-30 18:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-30 18:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-30 02:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2010-12-30 18:28 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2010-12-30 00:13 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fcbf663e-8530-46f8-a880-ac5abe9d2b23}"= "c:\program files (x86)\mobilewitch\tbmobi.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 20:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll


[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]
2010-06-13 23:10 2734688 ----a-w- c:\program files (x86)\mobilewitch\tbmobi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fcbf663e-8530-46f8-a880-ac5abe9d2b23}"= "c:\program files (x86)\mobilewitch\tbmobi.dll" [2010-06-13 2734688]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2988784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-21 244480]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-07-15 630784]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R2 Jasmio.MediaCenter.Service;Media Center Support Service;c:\program files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe [2009-11-10 73144]
R2 UWIN_MS;Uwin Master;c:\program files (x86)\UWIN\usr\etc\ums.exe [2010-05-28 46592]
R3 EWAVE;EWAVE;c:\windows\system32\drivers\ew.sys [x]
R3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [2010-04-13 200200]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-01-04 90352]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-13 828912]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 nlsInterface;Nalpeiron Licensing Service 64-bit;c:\windows\system32\nlsInterface.exe [2009-04-03 72192]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-04-13 1636872]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-12 292864]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-06 317480]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2009-11-09 187912]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]

.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-27 08:28]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-27 08:28]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2425720138-3500638229-199635740-1001Core.job
- c:\users\Absurd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-23 18:50]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2425720138-3500638229-199635740-1001UA.job
- c:\users\Absurd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-23 18:50]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-11-09 798216]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273601104505l0364z115a4812v247
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273601104505l0364z115a4812v247
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with Xilisoft Download YouTube Video - c:\program files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Save Picture to Mobile Phone - c:\program files (x86)\Pix2Fone\p2fd.html
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{FCBF663E-8530-46F8-A880-AC5ABE9D2B23} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*6*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-30 14:50:00
ComboFix-quarantined-files.txt 2010-12-30 19:49
ComboFix2.txt 2010-12-30 05:56

Pre-Run: 60,283,195,392 bytes free
Post-Run: 59,862,982,656 bytes free

- - End Of File - - E6691521CF9BD7190E9CB561D88A752C

Edited by Absurdny, 30 December 2010 - 02:58 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:38 PM

Posted 30 December 2010 - 06:57 PM

How's the PC running now?
Posted Image
m0le is a proud member of UNITE

#13 Absurdny

Absurdny
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 30 December 2010 - 08:11 PM

I still have the problems with the policy changes. AIM does not start and all programs that need to access files to start say I do not have the proper admin privledges. When I reinstall AIM it works one time. If I exit AIM then restart it then it gives me a error until I reinstall it again.

Edited by Absurdny, 30 December 2010 - 08:12 PM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:38 PM

Posted 30 December 2010 - 08:27 PM

Did you see my link to here?
Posted Image
m0le is a proud member of UNITE

#15 Absurdny

Absurdny
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 31 December 2010 - 03:15 AM

Oh sorry about that I complete missed that. That makes the programs run but I just wanted to ask if there is a way to set the settings back to how they used to be so I don't have to change the privileges for each program one at a time. Also I still can't save to my desktop and certain folders seemed to be locked. I was thinking about changing my user account to standard and then back to administrator. I have not tried that yet because I was not sure if it will do anything to all my user account program settings and windows settings under my user account.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users