Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS log


  • This topic is locked This topic is locked
19 replies to this topic

#1 AnaLoGMunKy

AnaLoGMunKy

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edinburgh
  • Local time:02:26 PM

Posted 12 February 2011 - 07:45 AM

Topics on this issue in chronological order:

http://www.bleepingcomputer.com/forums/topic378948.html/
http://www.bleepingcomputer.com/forums/topic378951.html
http://www.bleepingcomputer.com/forums/topic379024.html

~ OB


Here is the DDS log from my computer from this thread

Should I attach the other txt as well?


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by MunKy at 12:40:10.69 on 12-Feb-11
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4607 [GMT 0:00]

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Users\MunKy\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vsnp2std.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\MSI\MSI Q-Face\WebTest.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\tsnp2std.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\MunKy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MunKy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MunKy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\MunKy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\MunKy\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
uRun: [Clam Sentinel] C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Q-Face agent] C:\Program Files (x86)\MSI\MSI Q-Face\webtest.exe
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [tsnp2std] C:\Windows\tsnp2std.exe
mRun: [TaskTray]
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\MunKy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HPSIMP~1.LNK - C:\Users\MunKy\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
StartupFolder: C:\Users\MunKy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
mRun-x64: [snp2std] C:\Windows\vsnp2std.exe

============= SERVICES / DRIVERS ===============

R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2009-10-27 22568]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-3-17 302632]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-26 203776]
R2 BackupService;BackupService;C:\Users\MunKy\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2011-1-6 83512]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-28 1253376]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-4-12 235560]
R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-6-12 24635]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-5-21 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-5-21 134928]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-26 8120320]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-26 289792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 MSILiveVirtualCamera;MSI Live Virtual Camera;C:\Windows\System32\drivers\MSILiveVirtualCamera.sys [2007-1-29 456192]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-6 344680]
R3 Saffire;Saffire;C:\Windows\System32\drivers\Saffire.sys [2011-1-6 211936]
R3 SaffireAudio;Saffire Audio;C:\Windows\System32\drivers\SaffireAudio.sys [2011-1-6 38880]
R3 SaffireMidi;Saffire MIDI;C:\Windows\System32\drivers\SaffireMidi.sys [2011-1-6 43232]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 MSI_DVD_010507;MSI_DVD_010507;C:\PROGRA~1\MSI\MSIWDev\DVDSYS64_100507.sys [2010-5-10 28984]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;C:\PROGRA~1\MSI\MSIWDev\VGASYS64_100507.sys [2010-5-10 14960]

=============== Created Last 30 ================

2011-02-11 18:22:33 -------- d-----w- C:\Program Files (x86)\ESET
2011-02-11 18:15:58 -------- d-----w- C:\Users\MunKy\AppData\Roaming\Malwarebytes
2011-02-11 18:15:51 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-11 18:15:51 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-11 18:15:48 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-11 18:15:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-06 13:00:22 -------- d-----w- C:\Program Files\CCleaner
2011-02-03 15:45:49 -------- d-----w- C:\Users\MunKy\.thumbnails
2011-02-03 15:03:18 -------- d-----w- C:\Users\MunKy\.gimp-2.6
2011-02-03 15:03:04 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2011-02-03 10:34:13 35365 ----a-w- C:\Windows\SysWow64\uninstHelixYUV.exe
2011-02-03 10:14:24 77824 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-02-03 10:14:24 -------- d-----w- C:\Program Files (x86)\Xvid
2011-02-03 02:44:16 -------- d-----w- C:\Users\MunKy\AppData\Local\Apple Computer
2011-02-03 02:43:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-03 02:43:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-03 02:43:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-03 02:43:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-03 02:43:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-03 02:43:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-03 02:43:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-03 02:42:19 -------- d-----w- C:\Users\MunKy\AppData\Local\Apple
2011-02-03 02:13:10 -------- d-----w- C:\Program Files (x86)\Next Video Converter
2011-02-03 02:06:56 -------- d-----w- C:\Users\MunKy\AppData\Roaming\AVS4YOU
2011-02-03 02:06:16 10833920 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2011-02-03 02:06:15 10915840 ----a-w- C:\Windows\SysWow64\libmfxhw32.dll
2011-02-03 02:06:12 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2011-02-03 02:05:27 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-02-03 02:05:27 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2011-02-03 02:05:27 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2011-02-03 02:05:27 -------- d-----w- C:\PROGRA~3\AVS4YOU
2011-02-03 01:54:09 -------- d-----w- C:\Program Files (x86)\avic100
2011-02-02 23:09:26 -------- d-----w- C:\Windows\SysWow64\custom matrices
2011-02-02 23:09:23 -------- d-----w- C:\Windows\SysWow64\C2MP
2011-02-02 21:50:31 -------- d-----w- C:\Users\MunKy\AppData\Local\Sony
2011-01-31 21:44:50 -------- d-----w- C:\Program Files (x86)\Edirol
2011-01-31 19:55:06 -------- d-----w- C:\Program Files (x86)\Vstplugins
2011-01-31 19:55:04 -------- d-----w- C:\Program Files (x86)\Sony
2011-01-31 19:47:27 -------- d-----w- C:\Program Files (x86)\Sony Setup
2011-01-28 23:06:23 -------- d-----w- C:\Users\MunKy\AppData\Local\Gas Powered Games
2011-01-28 22:49:59 -------- d-----w- C:\game
2011-01-27 00:23:31 -------- d-----w- C:\Users\MunKy\AppData\Local\Ironclad Games
2011-01-26 21:04:43 -------- d-----w- C:\Users\MunKy\AppData\Roaming\Stardock
2011-01-26 21:04:24 -------- dc-h--w- C:\PROGRA~3\{6C72D0C5-6D41-4646-A187-62A044E7F55E}
2011-01-26 21:04:19 -------- d-----w- C:\Program Files (x86)\Stardock
2011-01-26 21:04:19 -------- d-----w- C:\PROGRA~3\Stardock
2011-01-26 20:58:14 -------- dc-h--w- C:\Users\MunKy\AppData\Local\{6CB64CD5-C014-45A7-88E2-55D8C0DB6489}
2011-01-26 20:58:14 -------- d-----w- C:\Program Files (x86)\Stardock Games
2011-01-26 20:57:48 -------- d-----w- C:\Users\MunKy\AppData\Local\PackageAware
2011-01-24 06:37:05 -------- d-----w- C:\Users\MunKy\AppData\Local\Microsoft Games
2011-01-20 15:01:51 -------- d-----w- C:\Program Files (x86)\Heretic, DOOM, DOOM II, HeXen, Strife
2011-01-18 23:33:33 315904 ----a-w- C:\Windows\SysWow64\Difx8e80.rra
2011-01-18 23:33:33 -------- d-----w- C:\RaidTool
2011-01-18 23:33:23 -------- d-----w- C:\Windows\RaidTool
2011-01-18 23:32:56 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-01-18 23:32:55 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-01-18 23:32:54 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-01-18 23:32:54 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-01-18 23:32:54 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-01-18 23:32:53 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-01-18 23:32:52 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-01-18 23:32:51 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-01-18 20:03:51 -------- d-----w- C:\Program Files\Steinberg
2011-01-18 19:37:18 -------- d-----w- C:\Users\MunKy\AppData\Roaming\iZotope
2011-01-18 19:37:17 -------- d-----w- C:\Program Files (x86)\iZotope
2011-01-18 16:34:01 94208 ----a-w- C:\Windows\amcap.exe
2011-01-18 16:33:58 83968 ----a-w- C:\Windows\System32\csnp2std.dll
2011-01-18 16:33:58 349472 ----a-w- C:\Windows\WindowsXP-KB822603-x86.exe
2011-01-18 16:33:58 344064 ----a-w- C:\Windows\vsnp2std.exe
2011-01-18 16:33:58 33664 ----a-w- C:\Windows\System32\drivers\sncamd.sys
2011-01-18 16:33:58 333824 ----a-w- C:\Windows\System32\vsnp2std.dll
2011-01-18 16:33:58 270336 ----a-w- C:\Windows\tsnp2std.exe
2011-01-18 16:33:58 12481664 ----a-w- C:\Windows\System32\drivers\snp2sxp.sys
2011-01-18 16:33:55 25472 ----a-w- C:\Windows\SysWow64\drivers\sncamd.sys
2011-01-18 16:33:55 12178688 ----a-w- C:\Windows\SysWow64\drivers\snp2sxp.sys
2011-01-18 16:33:54 73728 ----a-w- C:\Windows\SysWow64\vsnp2std.dll
2011-01-18 16:33:54 151552 ----a-w- C:\Windows\SysWow64\rsnp2std.dll
2011-01-18 16:33:54 -------- d-----w- C:\Program Files (x86)\Common Files\snp2std
2011-01-18 14:51:10 1177600 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2011-01-18 14:50:58 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2011-01-18 14:46:36 -------- d-----w- C:\PROGRA~3\VST3 Presets
2011-01-18 14:34:38 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg
2011-01-18 14:34:38 -------- d-----w- C:\PROGRA~3\Steinberg
2011-01-18 14:32:22 -------- d-----w- C:\Users\MunKy\AppData\Roaming\Steinberg
2011-01-18 14:32:22 -------- d-----w- C:\Program Files (x86)\Steinberg
2011-01-18 14:28:48 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2011-01-18 14:28:48 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-01-18 14:28:47 -------- d-----w- C:\Program Files (x86)\MagicDisc
2011-01-18 14:22:38 -------- d-----w- C:\Program Files (x86)\Driver-Soft
2011-01-18 14:18:54 -------- d-----w- C:\Program Files (x86)\MagicISO

==================== Find3M ====================

2011-01-06 20:25:01 0 ----a-w- C:\Windows\ativpsrm.bin
2010-11-29 17:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-26 04:20:20 8120320 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-11-26 03:19:32 21610496 ----a-w- C:\Windows\System32\atio6axx.dll
2010-11-26 03:02:08 16702976 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-11-26 02:58:22 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-11-26 02:58:12 550400 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-11-26 02:57:08 648704 ----a-w- C:\Windows\System32\aticfx64.dll
2010-11-26 02:54:58 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-11-26 02:54:48 478720 ----a-w- C:\Windows\System32\atieclxx.exe
2010-11-26 02:54:12 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-11-26 02:53:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-11-26 02:52:42 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-11-26 02:52:36 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-11-26 02:52:26 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-11-26 02:52:20 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-11-26 02:52:16 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-11-26 02:52:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-11-26 02:49:04 4066816 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-11-26 02:40:14 4794368 ----a-w- C:\Windows\System32\atidxx64.dll
2010-11-26 02:30:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-11-26 02:30:20 4122624 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-11-26 02:30:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-11-26 02:30:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-11-26 02:30:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-11-26 02:29:58 6815232 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-11-26 02:29:52 3217408 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-11-26 02:28:44 5441024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-11-26 02:24:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-11-26 02:24:06 5258240 ----a-w- C:\Windows\System32\atiumd64.dll
2010-11-26 02:22:26 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-11-26 02:17:28 351232 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-11-26 02:17:20 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-11-26 02:17:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-11-26 02:17:00 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-11-26 02:16:54 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-11-26 02:16:46 289792 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-11-26 02:16:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-11-26 02:15:58 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-11-26 02:15:52 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-11-26 02:15:42 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-11-26 02:15:00 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-11-17 12:04:32 115216 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2010-11-15 19:27:16 4838400 ----a-w- C:\Windows\System32\ffdshow.ax

============= FINISH: 12:40:19.79 ===============

Edited by Orange Blossom, 12 February 2011 - 03:59 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:26 AM

Posted 17 February 2011 - 09:59 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.


#3 AnaLoGMunKy

AnaLoGMunKy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edinburgh
  • Local time:02:26 PM

Posted 18 February 2011 - 06:26 AM

Hi, thanks for the reply. I have been consistently pointed to this site by google when looking for answers and because I always found solutions to my previous problems on this site I eventually decided to join up as this problem was past my ability to solve. Basically I appreciate any help and have seen how busy you guys get :thumbup2:



Here are the logs from OTL. I use 64bit windows and so have not posted the GMER log.


OTL logfile created on: 18-Feb-11 11:15:37 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\MunKy\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 75.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 219.79 Gb Free Space | 36.87% Space Free | Partition Type: NTFS

Computer Name: MUNKY-PC | User Name: MunKy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-02-18 11:14:39 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\MunKy\Downloads\OTL.exe
PRC - [2011-01-11 17:44:16 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011-01-07 21:41:27 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2010-12-08 23:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\MunKy\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010-12-06 23:04:56 | 000,086,016 | ---- | M] (alch) -- C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
PRC - [2010-12-04 23:12:00 | 000,649,728 | ---- | M] (Andrea Russo - Italy) -- C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
PRC - [2010-07-01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\MunKy\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010-04-27 18:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010-04-12 03:36:18 | 000,235,560 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
PRC - [2010-04-12 03:36:16 | 000,731,176 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
PRC - [2009-10-15 22:11:48 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009-10-15 22:11:44 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009-08-28 01:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008-12-16 02:52:04 | 000,020,792 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\MSI Q-Face\WebTest.exe
PRC - [2008-06-12 20:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2007-05-10 17:05:22 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp2std.exe
PRC - [2007-05-10 16:58:42 | 000,344,064 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe


========== Modules (SafeList) ==========

MOD - [2011-02-18 11:14:39 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\MunKy\Downloads\OTL.exe
MOD - [2010-11-11 17:05:19 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-11-26 02:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010-05-21 20:37:32 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009-07-14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-01-11 17:44:16 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-07-01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\MunKy\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010-04-12 03:36:18 | 000,235,560 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2009-10-15 22:11:48 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009-08-28 01:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-08-07 19:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008-06-12 20:05:04 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-11-26 04:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-11-26 02:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-11-17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-06-23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-06-11 16:36:50 | 000,211,936 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Saffire.sys -- (Saffire)
DRV:64bit: - [2010-06-11 16:36:50 | 000,043,232 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaffireMidi.sys -- (SaffireMidi)
DRV:64bit: - [2010-06-11 16:36:50 | 000,038,880 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaffireAudio.sys -- (SaffireAudio)
DRV:64bit: - [2010-05-21 20:37:20 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010-05-10 18:44:46 | 000,028,984 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS64_100507.sys -- (MSI_DVD_010507)
DRV:64bit: - [2010-05-10 18:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV:64bit: - [2010-05-10 18:44:18 | 000,014,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS64_100507.sys -- (MSI_VGASYS_010507)
DRV:64bit: - [2010-04-27 17:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-04-27 17:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010-03-17 08:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010-01-27 16:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009-10-27 06:37:14 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009-07-14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007-06-11 09:59:34 | 012,481,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV:64bit: - [2007-01-29 15:40:58 | 000,456,192 | ---- | M] (MSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MSILiveVirtualCamera.sys -- (MSILiveVirtualCamera)
DRV - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007-06-11 09:58:42 | 012,178,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 A7 D5 6E 18 CA CB 01 [binary data]
IE - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009-06-10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Q-Face agent] C:\Program Files (x86)\MSI\MSI Q-Face\WebTest.exe (MSI)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000..\Run: [Clam Sentinel] C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe (Andrea Russo - Italy)
O4 - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000..\Run: [ClamWin] C:\Program Files (x86)\ClamWin\bin\ClamTray.exe (alch)
O4 - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\MunKy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\MunKy\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O4 - Startup: C:\Users\MunKy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-4233734158-2516205787-1407012267-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 192.168.123.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3a1e5dc3-19d4-11e0-92d7-6c626d7bfc5c}\Shell - "" = AutoRun
O33 - MountPoints2\{3a1e5dc3-19d4-11e0-92d7-6c626d7bfc5c}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-02-18 02:22:08 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Desktop\100MSDCF
[2011-02-16 08:52:43 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Desktop\New folder
[2011-02-15 01:27:08 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Desktop\BRAINZ CD IMAGES
[2011-02-14 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Desktop\Craving Backup
[2011-02-13 02:32:12 | 000,000,000 | ---D | C] -- C:\Next Video Converter
[2011-02-12 23:04:05 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Desktop\Lucy music
[2011-02-11 18:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011-02-11 18:15:58 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\Malwarebytes
[2011-02-11 18:15:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-02-11 18:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-02-11 18:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-02-11 18:15:48 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-02-11 18:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-02-10 11:08:26 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MunKy\Desktop\TDSSKiller.exe
[2011-02-09 18:42:17 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Desktop\pitures from computer
[2011-02-09 18:37:57 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Desktop\music
[2011-02-09 18:33:50 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Desktop\films
[2011-02-09 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Desktop\cat's xmas prez
[2011-02-06 13:03:24 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Documents\CCbakup
[2011-02-06 13:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011-02-06 13:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-02-03 15:45:49 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\gtk-2.0
[2011-02-03 15:45:49 | 000,000,000 | ---D | C] -- C:\Users\MunKy\.thumbnails
[2011-02-03 15:03:18 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Documents\gegl-0.0
[2011-02-03 15:03:18 | 000,000,000 | ---D | C] -- C:\Users\MunKy\.gimp-2.6
[2011-02-03 15:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011-02-03 15:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011-02-03 10:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011-02-03 10:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2011-02-03 02:44:16 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Local\Apple Computer
[2011-02-03 02:44:07 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\Apple Computer
[2011-02-03 02:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011-02-03 02:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011-02-03 02:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011-02-03 02:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011-02-03 02:42:19 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Local\Apple
[2011-02-03 02:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011-02-03 02:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011-02-03 02:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Next Video Converter
[2011-02-03 02:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Next Video Converter
[2011-02-03 02:06:56 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\AVS4YOU
[2011-02-03 02:06:38 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011-02-03 02:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011-02-03 02:06:16 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll
[2011-02-03 02:06:15 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxhw32.dll
[2011-02-03 02:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2011-02-03 02:05:27 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2011-02-03 02:05:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011-02-03 02:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011-02-03 02:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2011-02-03 01:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avic100
[2011-02-02 23:10:56 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\DivX
[2011-02-02 23:09:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\custom matrices
[2011-02-02 23:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
[2011-02-02 23:09:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2011-02-02 21:50:38 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\Publish Providers
[2011-02-02 21:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011-02-02 21:50:31 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\Sony
[2011-02-02 21:50:31 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Local\Sony
[2011-01-31 21:45:10 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HQ Software Synthesizer
[2011-01-31 21:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HQ Software Synthesizer
[2011-01-31 21:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Edirol
[2011-01-31 19:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011-01-31 19:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2011-01-31 19:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011-01-31 19:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011-01-31 19:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2011-01-31 12:48:37 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Documents\BRAINZ CD IMAGES
[2011-01-28 23:06:23 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Local\Gas Powered Games
[2011-01-28 22:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Supreme Commander 2
[2011-01-28 22:49:59 | 000,000,000 | ---D | C] -- C:\game
[2011-01-27 00:23:31 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Local\Ironclad Games
[2011-01-26 21:04:43 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\Stardock
[2011-01-26 21:04:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6C72D0C5-6D41-4646-A187-62A044E7F55E}
[2011-01-26 21:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2011-01-26 21:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2011-01-26 21:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2011-01-26 20:58:14 | 000,000,000 | -H-D | C] -- C:\Users\MunKy\AppData\Local\{6CB64CD5-C014-45A7-88E2-55D8C0DB6489}
[2011-01-26 20:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock Games
[2011-01-26 20:57:48 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Local\PackageAware
[2011-01-24 06:37:05 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Local\Microsoft Games
[2011-01-20 15:02:21 | 000,000,000 | ---D | C] -- C:\Users\MunKy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011-01-20 15:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heretic, DOOM, DOOM II, HeXen, Strife
[2011-01-20 10:31:01 | 000,000,000 | ---D | C] -- C:\Users\MunKy\Documents\Song Book
[2011-01-18 16:33:54 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll

========== Files - Modified Within 30 Days ==========

[2011-02-18 10:37:07 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-18 10:37:07 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-18 10:35:29 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-02-18 10:35:29 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-02-18 10:35:29 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-02-18 10:30:08 | 000,019,712 | ---- | M] () -- C:\Windows\za_mv_raid.ev
[2011-02-18 10:30:08 | 000,000,096 | ---- | M] () -- C:\Windows\za_mv_seqnum.ev
[2011-02-18 10:30:05 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2011-02-18 10:29:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-18 10:29:41 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-17 19:41:02 | 439,268,247 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-02-13 02:55:36 | 000,023,552 | ---- | M] () -- C:\Users\MunKy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-12 12:34:12 | 000,001,923 | ---- | M] () -- C:\Users\MunKy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
[2011-02-12 01:34:13 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MunKy\Desktop\TDSSKiller.exe
[2011-02-11 15:04:02 | 034,242,652 | ---- | M] () -- C:\Users\MunKy\Desktop\Shallow.wav
[2011-02-11 00:25:17 | 023,992,476 | ---- | M] () -- C:\Users\MunKy\Desktop\ShlimBag (1).avi
[2011-02-11 00:22:42 | 1090,311,680 | ---- | M] () -- C:\Users\MunKy\Desktop\ShlimBag.avi
[2011-02-11 00:19:26 | 000,001,584 | ---- | M] () -- C:\Users\MunKy\Documents\Default.sfvidcap
[2011-02-11 00:13:13 | 000,192,760 | ---- | M] () -- C:\Users\MunKy\Documents\(Unknown) - Clip 001.avi.sfk
[2011-02-11 00:12:47 | 753,254,400 | ---- | M] () -- C:\Users\MunKy\Documents\(Unknown) - Clip 001.avi
[2011-02-10 23:37:25 | 030,105,860 | ---- | M] () -- C:\Users\MunKy\Desktop\Skrew what_.wav
[2011-02-10 19:40:01 | 015,832,564 | ---- | M] () -- C:\Users\MunKy\Desktop\Shlim Brainz.avi
[2011-02-10 17:07:10 | 1090,185,216 | ---- | M] () -- C:\Users\MunKy\Desktop\SlimVid.avi
[2011-02-10 12:46:09 | 000,387,568 | ---- | M] () -- C:\Users\MunKy\Documents\Shallow Words.avi.sfk
[2011-02-10 12:39:08 | 1500,646,912 | ---- | M] () -- C:\Users\MunKy\Documents\Shallow Words.avi
[2011-02-10 11:33:50 | 1049,309,184 | ---- | M] () -- C:\Users\MunKy\Documents\Cracked Acoustics.avi
[2011-02-06 14:13:35 | 023,946,348 | ---- | M] () -- C:\Users\MunKy\Desktop\MountainDrainPipe.wav
[2011-02-06 03:22:26 | 616,904,704 | ---- | M] () -- C:\Users\MunKy\Desktop\Skrew.avi
[2011-02-05 22:47:35 | 000,002,171 | ---- | M] () -- C:\Users\MunKy\.recently-used.xbel
[2011-02-03 10:34:13 | 000,035,365 | ---- | M] () -- C:\Windows\SysWow64\uninstHelixYUV.exe
[2011-01-27 15:47:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2011-02-13 02:44:14 | 000,023,552 | ---- | C] () -- C:\Users\MunKy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-11 15:03:38 | 034,242,652 | ---- | C] () -- C:\Users\MunKy\Desktop\Shallow.wav
[2011-02-11 00:24:09 | 023,992,476 | ---- | C] () -- C:\Users\MunKy\Desktop\ShlimBag (1).avi
[2011-02-11 00:20:45 | 1090,311,680 | ---- | C] () -- C:\Users\MunKy\Desktop\ShlimBag.avi
[2011-02-11 00:12:56 | 000,192,760 | ---- | C] () -- C:\Users\MunKy\Documents\(Unknown) - Clip 001.avi.sfk
[2011-02-11 00:10:27 | 753,254,400 | ---- | C] () -- C:\Users\MunKy\Documents\(Unknown) - Clip 001.avi
[2011-02-10 23:37:02 | 030,105,860 | ---- | C] () -- C:\Users\MunKy\Desktop\Skrew what_.wav
[2011-02-10 19:39:06 | 015,832,564 | ---- | C] () -- C:\Users\MunKy\Desktop\Shlim Brainz.avi
[2011-02-10 17:04:58 | 1090,185,216 | ---- | C] () -- C:\Users\MunKy\Desktop\SlimVid.avi
[2011-02-10 12:41:10 | 000,387,568 | ---- | C] () -- C:\Users\MunKy\Documents\Shallow Words.avi.sfk
[2011-02-10 12:34:26 | 1500,646,912 | ---- | C] () -- C:\Users\MunKy\Documents\Shallow Words.avi
[2011-02-10 11:30:37 | 1049,309,184 | ---- | C] () -- C:\Users\MunKy\Documents\Cracked Acoustics.avi
[2011-02-10 11:26:06 | 000,001,584 | ---- | C] () -- C:\Users\MunKy\Documents\Default.sfvidcap
[2011-02-06 18:56:07 | 439,268,247 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011-02-06 14:13:11 | 023,946,348 | ---- | C] () -- C:\Users\MunKy\Desktop\MountainDrainPipe.wav
[2011-02-06 03:20:55 | 616,904,704 | ---- | C] () -- C:\Users\MunKy\Desktop\Skrew.avi
[2011-02-05 22:47:35 | 000,002,171 | ---- | C] () -- C:\Users\MunKy\.recently-used.xbel
[2011-02-03 10:34:13 | 000,035,365 | ---- | C] () -- C:\Windows\SysWow64\uninstHelixYUV.exe
[2011-02-03 10:14:24 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011-02-03 02:42:18 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011-01-27 15:47:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011-01-18 16:33:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011-01-18 16:33:55 | 012,178,688 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2011-01-18 16:33:55 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2011-01-18 14:58:55 | 000,230,400 | ---- | C] () -- C:\ProgramData\tempraw
[2011-01-06 20:30:39 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SaffireUninstall.dll
[2011-01-06 20:04:57 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011-01-06 20:03:29 | 000,000,066 | ---- | C] () -- C:\Windows\SysWow64\mvcli.ini
[2011-01-06 19:55:07 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2010-10-14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010-09-08 09:46:42 | 004,497,993 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010-09-08 09:46:42 | 001,529,856 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010-09-08 09:46:42 | 001,212,665 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010-09-08 09:46:42 | 000,903,723 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010-09-08 09:46:42 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-09-08 09:46:42 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010-09-08 09:46:42 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010-09-08 09:46:42 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010-09-08 09:46:42 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010-09-08 09:46:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010-09-08 09:46:42 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010-09-08 09:46:42 | 000,142,291 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010-09-08 09:46:42 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010-09-08 09:46:42 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010-09-08 09:46:42 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010-09-08 08:45:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010-09-08 08:09:46 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010-08-14 08:45:18 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2010-08-14 08:43:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2010-08-14 08:43:42 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2010-08-14 08:43:34 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2010-08-14 08:43:22 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2010-08-14 08:42:48 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2010-08-14 08:42:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2010-08-14 08:41:54 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2010-08-14 08:40:02 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2010-08-14 08:39:58 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009-09-30 01:44:52 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009-09-29 09:18:02 | 000,050,360 | ---- | C] () -- C:\Windows\php.ini
[2009-07-13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-07 16:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009-01-10 22:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2008-11-06 15:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008-04-23 01:42:12 | 000,376,832 | ---- | C] () -- C:\Windows\SysWow64\QFaceFilter.dll
[2008-03-20 23:56:56 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\QFaceSound.dll
[2007-10-13 09:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

OTL Extras logfile created on: 18-Feb-11 11:15:37 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\MunKy\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 75.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 219.79 Gb Free Space | 36.87% Space Free | Partition Type: NTFS

Computer Name: MUNKY-PC | User Name: MunKy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4233734158-2516205787-1407012267-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\MunKy\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1ABEF5E2-4F31-9543-EF17-AFC61AD96DB5}" = ATI Catalyst Install Manager
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{7A47656D-0369-4C67-D98C-DA369EC504C2}" = ccc-utility64
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{DE1B48FB-0EA4-6E6F-5335-9095994CB7EB}" = WMV9/VC-1 Video Playback
"CCleaner" = CCleaner
"Saffire PRO 40_is1" = Saffire MixControl 2.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03533053-A0DD-0A8F-F18B-388CF251929B}" = CCC Help Finnish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04D38795-0B33-C6FC-47C9-D85DBAF82216}" = CCC Help Norwegian
"{060FE577-1BDF-4330-ACCA-B6760AB07191}_is1" = Clam Sentinel 1.15
"{0A225245-3D91-7DD2-630D-4366FA9D7BCF}" = CCC Help Thai
"{0AB51E62-5AA1-5ECC-F836-F9485DD487C3}" = Catalyst Control Center Localization All
"{0B94CF00-3A9C-AEBF-265D-EABF6EC11CEA}" = Catalyst Control Center InstallProxy
"{0C0F9C71-1185-7A98-DBE3-BC26CD85352E}" = CCC Help Korean
"{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{205534F9-935B-4F67-6CA1-0356441E78F9}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{2AD89908-0987-4B9E-8AB4-905899E4D754}_is1" = Next Video Converter 3.56
"{2C15735B-1EBA-5719-4ADD-F457205F1BA6}" = Catalyst Control Center Graphics Previews Common
"{2CA51DE4-4B69-EF24-841E-32363DE7D374}" = CCC Help Japanese
"{2E7A3D47-285C-AA71-5F43-7AD3C45A24C1}" = CCC Help English
"{2FE0023B-3858-3D60-DC15-E325E7BBBCE0}" = CCC Help Greek
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3C12C57B-8BD0-25E0-57C6-63DBB96AF447}" = CCC Help German
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{558C02DD-1EC8-4835-889C-B13EE02FBE36}" = Chicken Shake Game
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD0CFB1-3FE9-600A-36E4-03E1523C4989}" = CCC Help Swedish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6E209506-FD15-E2CC-AF7E-D1B9C5C83DC3}" = CCC Help Chinese Standard
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB20 PC Camera-268
"{75B2E11A-BAB8-4AC3-8CE3-56C0C2027DCA}" = Star Mission Game
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E5B60E2-32F4-1052-8471-708EF7965167}" = Catalyst Control Center Profiles Desktop
"{81D34549-684B-86FC-B25F-AA948D831194}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B079C58-860B-4715-BDEC-5FBAAB1719AF}" = Browser Configuration Utility
"{9400B65A-43D5-9A1F-9A94-28126CB7F684}" = CCC Help Italian
"{9FF1B47E-957E-DE11-6610-799DD98BAD42}" = CCC Help Czech
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AE1A891D-68BF-0BE5-A51D-7EF7187230D4}" = CCC Help French
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C0EAE1CA-EBF0-4A55-BEA9-EA79FAF40889}" = MAGIX Video easy SE
"{C66B45D6-0A09-0F9A-39EC-06AE4B2C1DB5}" = CCC Help Portuguese
"{C82EB045-FD47-F4F9-2527-F0195DEE1637}" = CCC Help Danish
"{CE0EF487-4B1D-7800-2BCE-CC931A6DEE3E}" = CCC Help Spanish
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D7171331-0DE2-4D8C-BB8A-97CB229AF24D}" = mufin player 1.5
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D85DCD8F-2FED-306F-0BF4-9508722A1D92}" = CCC Help Chinese Traditional
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E30037F1-29B8-4A98-B673-C47C27641793}" = MSI Q-Face
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB0B4C36-0171-73BF-B119-11FE8E641F6E}" = ccc-core-static
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F39B1FAE-1E05-E275-2594-C22F91D585F0}" = CCC Help Hungarian
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F67958D5-BF91-56EF-3792-363A555155B3}" = CCC Help Polish
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.96.5
"ControlCenter_is1" = ControlCenter
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Edirol HQ Orchestral v1.01" = Edirol HQ Orchestral v1.01
"ESET Online Scanner" = ESET Online Scanner v3
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"i-Charger_is1" = i-Charger
"Impulse" = Impulse
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"iZotope Ozone 4_is1" = iZotope Ozone 4
"Liveupdate4_is1" = Liveupdate4
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MAGIX Photo Manager 9 US" = MAGIX Photo Manager 9
"MAGIX Screenshare US" = MAGIX Screenshare
"MAGIX_MSI_mufin_player_1_5" = mufin player 1.5
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mv61xxMRU" = Marvell MRU V4
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Supreme Commander 2_is1" = Supreme Commander 2 1.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.7.0
"WinGimp-2.0_is1" = GIMP 2.6.11
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4233734158-2516205787-1407012267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 19 February 2011 - 05:17 AM

Hello, and sorry for the delay.

First of all, I'd like some more details about the problem you are having. I have read through your previous topics, but that doesn't help much.
When do you get those BSODs? Have you tried booting in Safe Mode and do they occur there too?

Lets also scan for malware.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 AnaLoGMunKy

AnaLoGMunKy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edinburgh
  • Local time:02:26 PM

Posted 19 February 2011 - 02:51 PM

BSOD occured from the time I first installed my computer and I have re-installed since to make sure it wasnt a bad install (although there is still a chance of this). It still happens in safe mode and is random. I can walk out the room and my computer is idle and come back in to find its been restarted. About half the time, when restarted from BSOD, the computer advises that a startup program is not working and had to be stopped. Also when the comp is restarted after BSOD the likelihood of another BSOD increases until a full power off and reboot. I can have a week between BSOD or it can happen several times a day.

Here is the ComboFix Log you requested.




ComboFix 11-02-19.01 - MunKy 19-Feb-11 19:34:29.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4644 [GMT 0:00]
Running from: c:\users\MunKy\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\~27EF.tmp

.
((((((((((((((((((((((((( Files Created from 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))))
.

2011-02-19 19:37 . 2011-02-19 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-19 13:50 . 2011-02-02 17:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADC8533F-9208-47A9-8B94-5F8A4B83388E}\mpengine.dll
2011-02-13 02:32 . 2011-02-13 02:32 -------- d-----w- C:\Next Video Converter
2011-02-11 18:22 . 2011-02-11 18:22 -------- d-----w- c:\program files (x86)\ESET
2011-02-11 18:15 . 2011-02-11 18:15 -------- d-----w- c:\users\MunKy\AppData\Roaming\Malwarebytes
2011-02-11 18:15 . 2011-02-11 18:15 -------- d-----w- c:\programdata\Malwarebytes
2011-02-11 18:15 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-11 18:15 . 2011-02-11 18:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-11 18:15 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-06 13:00 . 2011-02-06 13:00 -------- d-----w- c:\program files\CCleaner
2011-02-03 15:45 . 2011-02-05 22:47 -------- d-----w- c:\users\MunKy\AppData\Roaming\gtk-2.0
2011-02-03 15:45 . 2011-02-03 15:45 -------- d-----w- c:\users\MunKy\.thumbnails
2011-02-03 15:03 . 2011-02-05 23:20 -------- d-----w- c:\users\MunKy\.gimp-2.6
2011-02-03 15:03 . 2011-02-03 15:03 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-02-03 10:34 . 2011-02-03 10:34 35365 ----a-w- c:\windows\SysWow64\uninstHelixYUV.exe
2011-02-03 10:14 . 2011-02-03 10:14 -------- d-----w- c:\program files (x86)\Xvid
2011-02-03 10:14 . 2009-06-07 16:25 77824 ----a-w- c:\windows\SysWow64\xvid.ax
2011-02-03 02:44 . 2011-02-03 02:44 -------- d-----w- c:\users\MunKy\AppData\Local\Apple Computer
2011-02-03 02:44 . 2011-02-03 02:44 -------- d-----w- c:\users\MunKy\AppData\Roaming\Apple Computer
2011-02-03 02:43 . 2011-02-03 02:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-03 02:43 . 2011-02-03 02:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-03 02:43 . 2011-02-03 02:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-03 02:43 . 2011-02-03 02:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-03 02:43 . 2011-02-03 02:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-03 02:43 . 2011-02-03 02:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-03 02:43 . 2011-02-03 02:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-03 02:43 . 2011-02-03 02:43 -------- d-----w- c:\program files (x86)\QuickTime
2011-02-03 02:43 . 2011-02-03 02:43 -------- d-----w- c:\programdata\Apple Computer
2011-02-03 02:42 . 2011-02-03 02:42 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-02-03 02:42 . 2011-02-03 02:42 -------- d-----w- c:\users\MunKy\AppData\Local\Apple
2011-02-03 02:42 . 2011-02-03 02:42 -------- d-----w- c:\programdata\Apple
2011-02-03 02:42 . 2011-02-03 02:42 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-02-03 02:13 . 2011-02-13 02:32 -------- d-----w- c:\program files (x86)\Next Video Converter
2011-02-03 02:06 . 2011-02-03 02:06 -------- d-----w- c:\users\MunKy\AppData\Roaming\AVS4YOU
2011-02-03 02:06 . 2010-12-13 14:37 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-02-03 02:06 . 2010-12-13 14:37 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll
2011-02-03 02:06 . 2011-02-03 02:06 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2011-02-03 02:05 . 2011-02-03 02:06 -------- d-----w- c:\programdata\AVS4YOU
2011-02-03 02:05 . 2011-02-03 02:06 -------- d-----w- c:\program files (x86)\AVS4YOU
2011-02-03 02:05 . 2010-09-14 17:38 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2011-02-03 02:05 . 2010-09-14 17:38 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-02-03 01:54 . 2011-02-03 01:54 -------- d-----w- c:\program files (x86)\avic100
2011-02-02 23:10 . 2011-02-02 23:10 -------- d-----w- c:\users\MunKy\AppData\Roaming\DivX
2011-02-02 23:09 . 2011-02-02 23:09 -------- d-----w- c:\windows\SysWow64\custom matrices
2011-02-02 23:09 . 2011-02-02 23:09 -------- d-----w- c:\windows\SysWow64\C2MP
2011-02-02 21:50 . 2011-02-02 22:52 -------- d-----w- c:\users\MunKy\AppData\Roaming\Publish Providers
2011-02-02 21:50 . 2011-02-02 22:50 -------- d-----w- c:\users\MunKy\AppData\Roaming\Sony
2011-02-02 21:50 . 2011-02-02 21:50 -------- d-----w- c:\users\MunKy\AppData\Local\Sony
2011-01-31 21:44 . 2011-01-31 21:44 -------- d-----w- c:\program files (x86)\Edirol
2011-01-31 19:55 . 2011-01-31 21:45 -------- d-----w- c:\program files (x86)\Vstplugins
2011-01-31 19:55 . 2011-01-31 19:55 -------- d-----w- c:\programdata\Sony
2011-01-31 19:55 . 2011-01-31 19:55 -------- d-----w- c:\program files (x86)\Sony
2011-01-31 19:47 . 2011-01-31 19:47 -------- d-----w- c:\program files (x86)\Sony Setup
2011-01-28 23:06 . 2011-01-28 23:06 -------- d-----w- c:\users\MunKy\AppData\Local\Gas Powered Games
2011-01-28 22:49 . 2011-02-19 00:27 -------- d-----w- C:\game
2011-01-27 00:23 . 2011-01-27 00:23 -------- d-----w- c:\users\MunKy\AppData\Local\Ironclad Games
2011-01-26 21:04 . 2011-01-26 21:04 -------- d-----w- c:\users\MunKy\AppData\Roaming\Stardock
2011-01-26 21:04 . 2011-01-26 21:04 -------- dc-h--w- c:\programdata\{6C72D0C5-6D41-4646-A187-62A044E7F55E}
2011-01-26 21:04 . 2011-01-26 21:04 -------- d-----w- c:\programdata\Stardock
2011-01-26 21:04 . 2011-01-26 21:04 -------- d-----w- c:\program files (x86)\Stardock
2011-01-26 20:58 . 2011-01-26 20:58 -------- dc-h--w- c:\users\MunKy\AppData\Local\{6CB64CD5-C014-45A7-88E2-55D8C0DB6489}
2011-01-26 20:58 . 2011-01-26 20:58 -------- d-----w- c:\program files (x86)\Stardock Games
2011-01-26 20:57 . 2011-01-26 20:57 -------- d-----w- c:\users\MunKy\AppData\Local\PackageAware
2011-01-24 06:37 . 2011-02-18 14:36 -------- d-----w- c:\users\MunKy\AppData\Local\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 17:11 . 2011-01-06 19:57 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 22:29 . 2009-08-18 12:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-07 22:29 . 2009-08-18 11:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-26 04:20 . 2010-11-26 04:20 8120320 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:19 . 2010-11-26 03:19 21610496 ----a-w- c:\windows\system32\atio6axx.dll
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-11-26 02:57 . 2010-11-26 02:57 648704 ----a-w- c:\windows\system32\aticfx64.dll
2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54 478720 ----a-w- c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2010-11-26 02:53 . 2010-11-26 02:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-11-26 02:52 . 2010-11-26 02:52 423424 ----a-w- c:\windows\system32\atipdl64.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 16384 ----a-w- c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-11-26 02:40 . 2010-11-26 02:40 4794368 ----a-w- c:\windows\system32\atidxx64.dll
2010-11-26 02:30 . 2010-11-26 02:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-11-26 02:29 . 2010-11-26 02:29 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2010-11-26 02:29 . 2010-11-26 02:29 3217408 ----a-w- c:\windows\system32\atiumd6a.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-11-26 02:24 . 2010-11-26 02:24 58880 ----a-w- c:\windows\system32\coinst.dll
2010-11-26 02:24 . 2010-11-26 02:24 5258240 ----a-w- c:\windows\system32\atiumd64.dll
2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 351232 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-11-26 02:17 . 2010-11-26 02:17 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 31744 ----a-w- c:\windows\system32\atig6txx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 289792 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:16 . 2010-11-26 02:16 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 37888 ----a-w- c:\windows\system32\atiu9p64.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\atimpc64.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClamWin"="c:\program files (x86)\ClamWin\bin\ClamTray.exe" [2010-12-06 86016]
"Clam Sentinel"="c:\program files (x86)\ClamSentinel\ClamSentinel.exe" [2010-12-04 649728]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-01-07 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Q-Face agent"="c:\program files (x86)\MSI\MSI Q-Face\webtest.exe" [2008-12-16 20792]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2010-04-12 731176]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 270336]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

c:\users\MunKy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HP SimpleSave Monitor.lnk - c:\users\MunKy\AppData\Roaming\HP SimpleSave Application\StartHelper.exe [2011-1-6 481176]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-1-18 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS64_100507.sys [2010-05-10 28984]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys [2010-05-10 33592]
R3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS64_100507.sys [2010-05-10 14960]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-27 22568]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-03-17 302632]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 BackupService;BackupService;c:\users\MunKy\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-28 1253376]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-04-12 235560]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-05-21 13832]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-05-21 134928]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\DRIVERS\MSILiveVirtualCamera.sys [2007-01-29 456192]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 Saffire;Saffire;c:\windows\system32\Drivers\Saffire.sys [2010-06-11 211936]
S3 SaffireAudio;Saffire Audio;c:\windows\system32\drivers\SaffireAudio.sys [2010-06-11 38880]
S3 SaffireMidi;Saffire MIDI;c:\windows\system32\drivers\SaffireMidi.sys [2010-06-11 43232]

.
Contents of the 'Scheduled Tasks' folder
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKLM-Run-TaskTray - (no file)
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ClamWin\bin\clamscan.exe
.
**************************************************************************
.
Completion time: 2011-02-19 19:41:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-19 19:41

Pre-Run: 236,981,436,416 bytes free
Post-Run: 237,392,986,112 bytes free

- - End Of File - - 7A2A43B0E1A5C2174A66B2DB3AE6D7DC

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 19 February 2011 - 02:54 PM

The BSOD's are not related to malware, most likely there is a hardware problem or a compatibility problem.

Can you press Windows key + R, type eventvwr.msc and press enter and look in the Event Viewer under both System and Application for Errors around the time the BSOD's occur? If you find any, let me know what the error(s) are.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 AnaLoGMunKy

AnaLoGMunKy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edinburgh
  • Local time:02:26 PM

Posted 19 February 2011 - 03:23 PM

I had looked in the event viewer before but sadly I am not at the level of knowledge to decipher these hieroglyphics :wacko:

Here is a recent bugcheck from a reboot on the 17th (the last BSOD)

The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xfffffa800547e710, 0xfffffa800547e710, 0xfffffa800447e710). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021711-17175-01.

And here is one from the 12th of feb just past.

The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000028c19, 0x0000000000000000, 0x000000000007dc19). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021211-20529-01.

What kind of events would be useful. Is there a way I can save them in a log that will be usefull to you.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 19 February 2011 - 03:36 PM

Both errors point to a possible memory problem. I recommend you to run Memtest to check out your RAM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 AnaLoGMunKy

AnaLoGMunKy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edinburgh
  • Local time:02:26 PM

Posted 19 February 2011 - 04:43 PM

Ok I will do this very soon. Shall I post the results up in this forum or in one of the previous threads?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 19 February 2011 - 04:49 PM

For now lets keep it here, to avoid any confusion. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 AnaLoGMunKy

AnaLoGMunKy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edinburgh
  • Local time:02:26 PM

Posted 20 February 2011 - 09:45 AM

I did a quick memory check on startup and it came up fine. I will do a test overnight to see if a more thorough examination will reveal anything.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 20 February 2011 - 10:14 AM

Okay, please keep me posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 AnaLoGMunKy

AnaLoGMunKy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edinburgh
  • Local time:02:26 PM

Posted 21 February 2011 - 11:24 AM

I tried the 90 minute test and that came up with no errors. How would I set it to non stop testing so I can leave it overnight? Cant seem to work it out :crazy: even after looking at the Memtest86+ website. (as a side note, does this program work with 64bit systems?)

I know enough to go poking around inside my machine. I think I will have to start taking bits out ( I can feel ur foreheads wrinkle in worry :o ) until I get to the bottom of this barrel and see what components BSOD.

A couple of things to note. When I install my firewire Focusright saffire soundcard drivers or install the drivers for my Epson SX215 and I get an increased frequency of BSOD.

Focusright (the company that makes the saffire soundcard) advises that in the most recent update, which is v2.2, they have sorted some BSOD issues but also advises to use the old Legacy firewire drivers as well. It did indeed result in less BSOD but I cant be sure that the new drivers have ultimatly worked. I feel almost compelled to take it back and get the USB 2.0 version :blink: ...

The epson drivers deffo result in more problems regardless of how I install them (i.e. using windows xp or vista compatibility and install as admin)

I feel I need to get to the bottom of this as if it really is hardware thats faulty then I need to send it back to Overclockers uk and get a replacement (or go to the manufacturer)

I hope some of this helps and all the help so far has been good :clapping:


Also anything you need me to do just ask, I am an open book and willing to learn :wink:

Edited by AnaLoGMunKy, 21 February 2011 - 11:26 AM.


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 21 February 2011 - 11:44 AM

Is your system overclocked? If so, this also might cause the issue.

To be sure, lets also do a disk check.

Press Windows key + R, type chkdsk /r and press enter.
Type Y and press enter to schedule the disk check for next reboot.
Restart your computer and allow the disk check to run unhindered. Note, this may take some time.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 AnaLoGMunKy

AnaLoGMunKy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edinburgh
  • Local time:02:26 PM

Posted 21 February 2011 - 11:59 AM

Will schedule a disk check a bit later.

I think the system automatically overclocks as its an i7 but I dont think this is the same as a manual overclock i.e. it does it within safe parameters and is under warranty for such things, although you could well be right, this may still mess things up. Here is a blurb from Toms Hardware...

if you are using a Core i7 with 4 cores, and the game you are using uses only a single core, the other three cores will turn off, reducing the heat produced by your processor, allowing the only running core to be automatically overclocked for higher performance.


Maybe I could turn this feature off and if I can perhaps this might help get to the bottom of things.

My friend told me just now he went into the bios earlier and turned off the onboard soundcard and the usb 3. I have previously disabled the onboard soundcard in windows before but it made no difference, perhaps being disabled in the bios might yeild better results. Will just have to wait and see if this also helps. Is there anything I can do to stress test and force a situation where it tries to use all the memory to see if I can recreate the memory errors?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users