Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Damn Limewire gave me a virus!


  • This topic is locked This topic is locked
17 replies to this topic

#1 Chillie

Chillie

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:05:27 PM

Posted 14 April 2011 - 12:05 PM

Im broke now thanks to myself for buying this new rig and I wanted only 2 songs. I downloaded Limewire and was bombarded with a number of adware/spyware warnings from my Kaspersky Internet Security 2011. Now Kaspersky freezes up everytime while trying to scan my pc. I used malwarebytes and nothing shows up. How can I fix this? Thanks..

Here are my results.


Mod Edit Merged posts

Today I uninstalled my old hard drive and instralled a brand new WD Caviar Black 1tb. Yet my problem still persists. When my Kaspersky Full Scan come to a certain limewire folder it feezes up. It only gets to 2% scanned when this happens. I know this virus/etc. has got something to do with this since I installed it a couple days ago and Kaspersky went nuts screaming at me about viruses and the like. Here are brand new scans since I've installed the new hard drive. Please help me guys, this is a BRAND NEW RIG. Thanks...

Attached Files


Edited by boopme, 16 April 2011 - 08:00 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 23 April 2011 - 03:38 PM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Chillie

Chillie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:05:27 PM

Posted 24 April 2011 - 01:58 AM

DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Kyle at 1:39:35.31 on Sun 04/24/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6323 [GMT -5:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Enabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
FW: BitDefender Firewall *Enabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
E:\Programs\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
E:\Programs\BitDefender 2010\bdagent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
E:\Programs\BitDefender 2010\seccenter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Programs\RealTemp_360\RealTemp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kyle\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - No File
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - "E:\Programs\BitDefender 2010\Antispam32\IEToolbar.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
TB-X64: BitDefender Toolbar: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "E:\Programs\BitDefender 2010\IEToolbar.dll"
mRun-x64: [BitDefender Antiphishing Helper 32] "E:\Programs\BitDefender 2010\Antispam32\IEShow.exe"
mRun-x64: [BitDefender Antiphishing Helper] "E:\Programs\BitDefender 2010\IEShow.exe"
mRun-x64: [BDAgent] "E:\Programs\BitDefender 2010\bdagent.exe"
IE-X64: {7815BE26-237D-41A8-A98F-F7BD75F71086}
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Windows\System32\drivers\BdfNdisf6.sys [2009-6-26 88144]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2009-6-26 89680]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-4-11 586880]
R2 BDVEDISK;BDVEDISK;E:\Programs\BitDefender 2010\bdvedisk.sys [2009-4-1 103944]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-4-11 133800]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]
R3 BDFM;BDFM;C:\Windows\System32\drivers\bdfm.sys [2009-6-29 163936]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2011-4-11 313520]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2011-4-11 28928]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-11 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-4-11 155752]
R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-4-11 13312]
R3 WinRing0_1_2_0;WinRing0_1_2_0;E:\Programs\RealTemp_360\WinRing0x64.sys [2011-4-19 14544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-4-11 21992]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-4-16 278224]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-19 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-19 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-16 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-11 1255736]
.
=============== Created Last 30 ================
.
2011-04-24 03:13:29 -------- d-----w- C:\PROGRA~3\Cisco Systems
2011-04-23 20:45:03 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-04-19 15:59:14 -------- d-----w- C:\PROGRA~3\Creative Labs
2011-04-19 15:48:29 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2011-04-19 14:55:54 -------- d-----w- C:\Program Files\CPUID
2011-04-19 14:55:48 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-04-19 14:03:38 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-04-19 14:03:17 -------- d-----w- C:\Program Files (x86)\Common Files\Futuremark Shared
2011-04-19 14:02:58 -------- d-----w- C:\Program Files (x86)\Futuremark
2011-04-17 04:32:30 -------- d-----w- C:\Program Files\Ventrilo
2011-04-17 04:32:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-04-17 00:18:14 -------- d-----w- C:\Windows\System32\SPReview
2011-04-17 00:18:05 -------- d-----w- C:\Windows\System32\EventProviders
2011-04-17 00:16:58 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-04-17 00:16:58 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-04-17 00:16:58 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-04-17 00:16:58 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-04-17 00:16:57 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-04-17 00:16:55 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-04-17 00:16:55 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-04-17 00:11:36 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-04-17 00:11:36 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-04-16 23:44:25 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-04-16 23:44:25 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-04-16 23:44:25 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-04-16 23:44:25 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-04-16 23:44:25 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-04-16 23:41:20 -------- d-----w- C:\Users\Kyle\AppData\Roaming\BitDefender
2011-04-16 23:41:17 -------- d-----w- C:\Program Files\Common Files\BitDefender
2011-04-16 23:41:17 -------- d-----w- C:\PROGRA~3\BitDefender
2011-04-16 23:40:00 -------- d-----w- C:\Program Files (x86)\Common Files\BitDefender
2011-04-16 01:27:19 -------- d-----w- C:\Users\Kyle\AppData\Local\Microsoft Games
2011-04-15 23:49:35 -------- d-----w- C:\Temp
2011-04-15 23:48:52 59904 ----a-w- C:\Windows\SysWow64\wbemdisp.tlb
2011-04-15 23:48:52 115016 ----a-w- C:\Windows\SysWow64\MSINET.OCX
2011-04-15 23:48:52 102912 ----a-w- C:\Windows\SysWow64\Vb6stkit.dll
2011-04-15 23:48:52 102160 ----a-w- C:\Windows\SysWow64\VB6KO.DLL
2011-04-14 05:41:20 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-04-14 02:02:03 -------- d-----w- C:\Users\Kyle\AppData\Roaming\AVS4YOU
2011-04-14 02:01:28 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2011-04-14 02:01:04 10833920 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2011-04-14 02:01:03 10915840 ----a-w- C:\Windows\SysWow64\libmfxhw32.dll
2011-04-14 02:01:01 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-04-14 02:01:01 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2011-04-14 02:01:01 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2011-04-14 02:01:01 -------- d-----w- C:\PROGRA~3\AVS4YOU
2011-04-14 00:42:41 -------- d-----w- C:\PROGRA~3\29311
2011-04-14 00:04:37 -------- d-----w- C:\PROGRA~3\25229
2011-04-13 23:59:51 -------- d-----w- C:\Users\Kyle\AppData\Local\BearShare
2011-04-13 23:58:25 -------- d-----w- C:\Users\Kyle\AppData\Local\PackageAware
2011-04-12 03:44:20 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2011-04-12 03:44:20 1614440 ----a-w- C:\Windows\System32\nvdispco642090.dll
2011-04-12 03:44:20 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2011-04-12 03:44:20 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2011-04-12 03:44:20 1359976 ----a-w- C:\Windows\System32\nvgenco642040.dll
2011-04-12 02:09:45 -------- d-----w- C:\Windows\SysWow64\directx
2011-04-12 01:56:14 -------- d-----w- C:\Program Files (x86)\RIFT Game
2011-04-12 01:09:00 -------- d-----w- C:\Users\Kyle\AppData\Local\Google
2011-04-12 01:08:47 -------- d-----w- C:\Users\Kyle\AppData\Local\Deployment
2011-04-12 01:08:47 -------- d-----w- C:\Users\Kyle\AppData\Local\Apps
2011-04-12 00:49:48 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2011-04-12 00:02:58 -------- d-----w- C:\Users\Kyle\AppData\Local\ElevatedDiagnostics
2011-04-11 23:54:09 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
2011-04-11 23:41:41 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Rift
2011-04-11 23:13:49 -------- d-----w- C:\Users\Kyle\AppData\Local\CrashDumps
2011-04-11 20:29:46 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Razer
2011-04-11 20:10:30 -------- d-----w- C:\Users\Kyle\AppData\Local\NeoSmart_Technologies
2011-04-11 20:10:17 -------- d-----w- C:\Program Files (x86)\NeoSmart Technologies
2011-04-11 19:56:22 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Malwarebytes
2011-04-11 19:56:18 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-11 19:56:18 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-11 19:56:14 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-11 19:52:56 93696 ----a-w- C:\Windows\System32\Lycosa.cpl
2011-04-11 19:52:55 6656 ----a-w- C:\Windows\System32\drivers\hidkmdf.sys
2011-04-11 19:52:55 65536 ----a-w- C:\Windows\SysWow64\Lycosa.cpl
2011-04-11 19:52:55 28928 ----a-w- C:\Windows\System32\drivers\Lycosa.sys
2011-04-11 19:52:55 13312 ----a-w- C:\Windows\System32\drivers\VKbms.sys
2011-04-11 19:49:33 -------- d-----w- C:\Program Files\CCleaner
2011-04-11 19:48:07 -------- d-----w- C:\Users\Kyle\AppData\Roaming\NVIDIA
2011-04-11 19:31:48 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-04-11 19:31:48 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-04-11 19:25:15 -------- d-----w- C:\Program Files (x86)\Yahoo!
2011-04-11 17:16:11 -------- d-----w- C:\Users\Kyle\AppData\Local\Yahoo
2011-04-11 08:32:51 -------- d-----w- C:\Windows\Panther
2011-04-11 07:29:54 -------- d-----w- C:\Windows\SysWow64\Wat
2011-04-11 07:29:54 -------- d-----w- C:\Windows\System32\Wat
2011-04-11 07:28:39 1032144 ----a-w- C:\Windows\PE_Rom.dll
2011-04-11 07:03:55 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-11 07:03:55 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-11 06:50:49 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{76982275-AD54-4760-8F05-8F149F32215D}\mpengine.dll
2011-04-11 06:50:49 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-04-11 06:36:57 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-04-11 06:31:15 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2011-04-11 06:31:00 647872 ------w- C:\Windows\SysWow64\Mscomct2.ocx
2011-04-11 06:30:59 53248 ------w- C:\Windows\Ctregrun.exe
2011-04-11 06:27:50 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2011-04-11 06:27:50 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2011-04-11 06:27:50 190976 ----a-w- C:\Windows\System32\APOMgr64.DLL
2011-04-11 06:27:50 148480 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2011-04-11 06:27:46 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-04-11 06:27:46 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-04-11 06:27:46 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-04-11 06:27:46 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-04-11 06:27:45 2873820 ------w- C:\Windows\SysWow64\Sens_oal.dll
2011-04-11 06:27:45 1908736 ------w- C:\Windows\System32\Sens_oal.dll
2011-04-11 06:26:46 -------- d-----w- C:\Program Files (x86)\Creative
2011-04-11 06:25:10 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-04-11 06:25:10 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-04-11 06:25:10 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-04-11 06:25:10 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-04-11 06:25:08 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-04-11 06:25:08 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-04-11 06:25:08 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-04-11 06:19:52 255592 ----a-w- C:\Windows\System32\nvcohda6.dll
2011-04-11 06:19:51 -------- d-----w- C:\NVIDIA
2011-04-11 06:18:59 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-04-11 06:18:50 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-04-11 06:18:48 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-04-11 06:15:15 -------- d-----w- C:\PROGRA~3\ASUS OC Profiles
2011-04-11 06:14:18 -------- d-----w- C:\Windows\AsusInstAll
2011-04-11 06:13:59 94208 ------w- C:\Windows\SysWow64\IccLibDll.dll
2011-04-11 06:12:41 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2011-04-11 06:12:34 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-04-11 06:12:34 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-04-11 06:12:34 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-04-11 06:12:34 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-04-11 06:12:21 -------- d-----w- C:\PROGRA~3\ASUS
2011-04-11 06:12:14 28672 ----a-r- C:\Windows\SysWow64\AsIO.dll
2011-04-11 06:12:14 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2011-04-11 06:12:14 -------- d-----w- C:\Program Files (x86)\ASUS
2011-04-11 06:12:09 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-04-11 06:09:06 -------- d-----w- C:\Users\Kyle\AppData\Local\BMExplorer
2011-04-11 06:05:25 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2011-04-11 06:05:03 315904 ----a-w- C:\Windows\SysWow64\Difxdf56.rra
2011-04-11 06:05:03 -------- d-----w- C:\RaidTool
2011-04-11 06:05:02 120920 ----a-w- C:\Windows\System32\drivers\jraid.sys
2011-04-11 06:03:51 68264 ----a-w- C:\Windows\System32\e1cmsg.dll
2011-04-11 06:03:51 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2011-04-11 06:03:51 313520 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2011-04-11 06:03:49 91840 ----a-w- C:\Windows\System32\NicInstC.dll
2011-04-11 06:03:10 -------- d-----w- C:\Program Files (x86)\Marvell
2011-04-11 06:02:56 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2011-04-11 06:02:44 -------- d-sh--w- C:\Windows\Installer
2011-04-11 06:02:38 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2011-04-11 06:02:36 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2011-04-11 06:02:17 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2011-04-11 06:02:12 -------- d-----w- C:\Intel
2011-03-29 07:30:14 86016 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-03-29 07:30:12 84992 ----a-w- C:\Windows\System32\frapsv64.dll
.
==================== Find3M ====================
.
2011-04-17 01:15:59 102720 ----a-w- C:\Windows\System32\drivers\bdhv.sys
2011-04-17 01:14:12 163936 ----a-w- C:\Windows\System32\drivers\bdfm.sys
2011-04-17 01:08:56 347336 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2011-04-17 01:07:50 88144 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys
2011-04-17 00:19:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-17 00:19:46 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe
.
============= FINISH: 1:39:49.08 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/11/2011 12:38:29 AM
System Uptime: 4/23/2011 10:41:10 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 PRO
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 8.789 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 897.914 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP46: 4/21/2011 1:03:14 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
3DMark06
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
AI Suite II
Ask Toolbar
AVS Update Manager 1.0
Creative ALchemy
Creative Audio Control Panel
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
EasyBCD 2.0
Futuremark SystemInfo
Intel® Management Engine Components
Intel® Watchdog Timer Driver (Intel® WDT)
JMicron JMB36X Driver
LightScribe System Software
Malwarebytes' Anti-Malware
marvell 91xx console driver
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Razer Lycosa
Renesas Electronics USB 3.0 Host Controller Driver
RIFT
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Sound Blaster X-Fi Xtreme Audio
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Winamp
Winamp Detector Plug-in
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/23/2011 10:41:50 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
4/20/2011 6:02:24 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================


Well, what happened was about 2 weeks ago. I downloaded Limewire just for 2 measly songs and Kaspersky immediately started spamming me messages saying virus this, trojan that. So I freaked out, closed Limewire and deleted it. Then I did a virus check with all settings on high to find these viruses I supposebly got. That time and everytime after while scanning Kaspersky would stop at the limewire folder and freeze. I waited for a week and I figured no one here could find a problem on my PC. So I deleted my Kaspersky and am now using Bit Defender. Ran scans with it and it found nothing nor did Malwarebytes.
So I have no clue what's goin on. Please let me know asap. Thank you.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 24 April 2011 - 07:03 AM

Hi again,
Besides this, how is your computer running?

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Chillie

Chillie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:05:27 PM

Posted 24 April 2011 - 02:30 PM

ComboFix 11-04-23.02 - Kyle 04/24/2011 13:53:19.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6857 [GMT -5:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
FW: BitDefender Firewall *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Data
c:\windows\SysWow64\local.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))
.
.
2011-04-24 18:54 . 2011-04-24 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-24 03:13 . 2011-04-24 03:13 -------- d-----w- c:\programdata\Cisco Systems
2011-04-23 20:45 . 2011-04-23 20:45 -------- d-----w- c:\programdata\Hewlett-Packard
2011-04-23 20:45 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-04-19 15:59 . 2011-04-19 15:59 -------- d-----w- c:\programdata\Creative Labs
2011-04-19 15:48 . 2011-04-19 15:48 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2011-04-19 14:55 . 2011-04-19 14:55 -------- d-----w- c:\program files\CPUID
2011-04-19 14:03 . 2011-04-19 14:03 -------- d-----w- c:\program files (x86)\OpenAL
2011-04-19 14:03 . 2011-04-19 14:03 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2011-04-19 14:02 . 2011-04-19 14:02 -------- d-----w- c:\program files (x86)\Futuremark
2011-04-17 19:57 . 2011-04-17 19:57 -------- d-----w- c:\program files (x86)\Winamp
2011-04-17 04:32 . 2011-04-17 04:32 -------- d-----w- c:\program files\Ventrilo
2011-04-17 04:32 . 2011-04-17 04:32 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-04-17 00:18 . 2011-04-17 00:18 -------- d-----w- c:\windows\system32\SPReview
2011-04-17 00:18 . 2011-04-17 00:18 -------- d-----w- c:\windows\system32\EventProviders
2011-04-17 00:16 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-17 00:16 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-17 00:16 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-17 00:16 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-17 00:16 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-17 00:16 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-04-17 00:16 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-04-17 00:11 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-17 00:11 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-04-16 23:44 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-04-16 23:44 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-04-16 23:44 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-04-16 23:44 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-04-16 23:44 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-04-16 23:41 . 2011-04-16 23:42 -------- d-----w- c:\programdata\BitDefender
2011-04-16 23:41 . 2011-04-16 23:41 -------- d-----w- c:\program files\Common Files\BitDefender
2011-04-16 23:40 . 2011-04-16 23:40 -------- d-----w- c:\program files (x86)\Common Files\BitDefender
2011-04-15 23:52 . 2011-04-15 23:52 -------- d-----w- c:\users\Public\CyberLink
2011-04-15 23:49 . 2011-04-15 23:50 -------- d-----w- C:\Temp
2011-04-15 23:48 . 2001-08-30 02:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb
2011-04-15 23:48 . 1998-07-22 05:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
2011-04-15 23:48 . 1998-07-22 05:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL
2011-04-15 23:48 . 1998-06-24 05:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX
2011-04-15 23:43 . 2011-04-15 23:43 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-04-15 23:40 . 2011-04-16 01:07 -------- d-----w- c:\program files (x86)\CyberLink
2011-04-15 23:40 . 2011-04-15 23:53 -------- d-----w- c:\programdata\CyberLink
2011-04-14 07:47 . 2011-04-14 07:47 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-04-14 07:47 . 2011-04-14 07:47 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-04-14 05:41 . 2011-04-14 05:41 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-04-14 02:01 . 2011-04-14 04:32 -------- d-----w- c:\program files (x86)\AVS4YOU
2011-04-14 02:01 . 2010-12-02 15:11 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-04-14 02:01 . 2010-12-02 15:11 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll
2011-04-14 02:01 . 2011-04-14 02:02 -------- d-----w- c:\programdata\AVS4YOU
2011-04-14 02:01 . 2011-04-14 02:01 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2011-04-14 02:01 . 2010-12-02 15:12 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-04-14 02:01 . 2010-12-02 15:12 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2011-04-14 00:42 . 2011-04-14 00:42 -------- d-----w- c:\programdata\29311
2011-04-14 00:15 . 2011-04-14 00:15 -------- d-----w- c:\windows\system32\Macromed
2011-04-14 00:04 . 2011-04-14 00:04 -------- d-----w- c:\programdata\25229
2011-04-12 03:44 . 2011-02-23 13:28 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-04-12 03:44 . 2011-02-23 13:28 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-04-12 03:44 . 2010-12-02 09:12 1359976 ----a-w- c:\windows\system32\nvgenco64hda.dll
2011-04-12 03:44 . 2010-11-11 23:10 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2011-04-12 03:44 . 2010-11-11 23:10 155752 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2011-04-12 01:56 . 2011-04-24 09:08 -------- d-----w- c:\program files (x86)\RIFT Game
2011-04-12 00:49 . 2011-04-12 00:49 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-04-11 23:54 . 2010-11-09 20:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2011-04-11 20:10 . 2011-04-11 20:10 -------- d-----w- c:\program files (x86)\NeoSmart Technologies
2011-04-11 19:56 . 2011-04-11 19:56 -------- d-----w- c:\programdata\Malwarebytes
2011-04-11 19:56 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-11 19:56 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 19:53 . 2011-04-11 19:53 -------- d-----w- c:\programdata\Razer
2011-04-11 19:52 . 2007-09-27 23:07 93696 ----a-w- c:\windows\system32\Lycosa.cpl
2011-04-11 19:52 . 2010-10-01 05:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2011-04-11 19:52 . 2010-09-30 01:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2011-04-11 19:52 . 2010-09-08 16:01 28928 ----a-w- c:\windows\system32\drivers\Lycosa.sys
2011-04-11 19:52 . 2007-09-28 00:44 65536 ----a-w- c:\windows\SysWow64\Lycosa.cpl
2011-04-11 19:49 . 2011-04-11 19:49 -------- d-----w- c:\program files\CCleaner
2011-04-11 19:31 . 2010-01-11 00:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-04-11 19:31 . 2010-01-11 00:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2011-04-11 19:25 . 2011-04-16 01:01 -------- d-----w- c:\program files (x86)\Yahoo!
2011-04-11 17:14 . 2011-04-11 20:35 -------- d-----w- c:\programdata\Yahoo!
2011-04-11 08:32 . 2011-04-11 05:38 -------- d-----w- c:\windows\Panther
2011-04-11 07:53 . 2011-04-11 07:53 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-04-11 07:29 . 2011-04-11 07:29 -------- d-----w- c:\windows\SysWow64\Wat
2011-04-11 07:29 . 2011-04-11 07:29 -------- d-----w- c:\windows\system32\Wat
2011-04-11 07:28 . 2011-04-11 07:28 1032144 ----a-w- c:\windows\PE_Rom.dll
2011-04-11 07:03 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-11 07:03 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-11 06:50 . 2011-03-23 15:11 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76982275-AD54-4760-8F05-8F149F32215D}\mpengine.dll
2011-04-11 06:50 . 2011-02-02 23:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-04-11 06:36 . 2011-04-11 06:36 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-04-11 06:31 . 2003-06-13 04:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2011-04-11 06:31 . 2000-05-22 21:58 647872 ------w- c:\windows\SysWow64\Mscomct2.ocx
2011-04-11 06:30 . 2006-10-06 19:17 53248 ------w- c:\windows\Ctregrun.exe
2011-04-11 06:28 . 2011-04-19 15:57 -------- d-----w- c:\program files\Creative
2011-04-11 06:28 . 2011-04-19 16:20 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2011-04-11 06:28 . 2011-04-11 06:28 -------- d-----w- c:\program files (x86)\Common Files\Creative
2011-04-11 06:28 . 2011-04-19 15:59 -------- d-----w- c:\programdata\Creative
2011-04-11 06:28 . 2007-04-09 01:42 148480 ----a-w- c:\windows\SysWow64\OemSpiE.dll
2011-04-11 06:28 . 2007-04-09 01:40 14848 ----a-w- c:\windows\SysWow64\P17RunE.dll
2011-04-11 06:28 . 2007-04-05 02:40 1265152 ----a-w- c:\windows\system32\drivers\P17.sys
2011-04-11 06:28 . 2007-03-13 01:53 55296 ----a-w- c:\windows\system32\ctppld.dll
2011-04-11 06:28 . 2007-03-13 01:52 598528 ----a-w- c:\windows\system32\CTAPO64.dll
2011-04-11 06:28 . 2006-12-03 15:12 137216 ----a-w- c:\windows\system32\P17res.dll
2011-04-11 06:28 . 2011-04-11 06:28 -------- d-----w- c:\windows\system32\Data
2011-04-11 06:28 . 2005-06-15 03:07 11264 ----a-w- c:\windows\SysWow64\INRES.DLL
2011-04-11 06:27 . 2009-03-26 19:48 190976 ----a-w- c:\windows\system32\APOMgr64.DLL
2011-04-11 06:27 . 2009-03-26 19:46 148480 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2011-04-11 06:27 . 2009-02-06 23:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2011-04-11 06:27 . 2009-02-06 23:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2011-04-11 06:27 . 2011-04-19 15:48 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-11 06:27 . 2011-04-19 15:48 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-04-11 06:27 . 2011-04-19 15:48 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-11 06:27 . 2011-04-19 15:48 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-04-11 06:27 . 2009-04-02 16:38 1908736 ------w- c:\windows\system32\Sens_oal.dll
2011-04-11 06:27 . 2009-04-02 16:33 2873820 ------w- c:\windows\SysWow64\Sens_oal.dll
2011-04-11 06:26 . 2011-04-19 15:58 -------- d-----w- c:\program files (x86)\Creative
2011-04-11 06:19 . 2010-05-21 03:08 255592 ----a-w- c:\windows\system32\nvcohda6.dll
2011-04-11 06:19 . 2011-04-12 03:41 -------- d-----w- C:\NVIDIA
2011-04-11 06:19 . 2011-04-24 09:05 -------- d-----w- c:\programdata\NVIDIA
2011-04-11 06:18 . 2011-04-12 03:45 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-04-11 06:18 . 2011-04-11 06:18 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-04-11 06:18 . 2011-04-12 03:44 -------- d-----w- c:\program files\NVIDIA Corporation
2011-04-11 06:15 . 2011-04-11 06:15 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-04-11 06:15 . 2011-04-11 06:15 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-04-11 06:15 . 2011-04-11 06:15 -------- d-----w- c:\programdata\ASUS OC Profiles
2011-04-11 06:14 . 2011-04-11 06:14 -------- d-----w- c:\windows\AsusInstAll
2011-04-11 06:13 . 2011-04-11 06:13 -------- d-----w- c:\windows\SysWow64\Macromed
2011-04-11 06:13 . 2010-09-19 19:52 94208 ------w- c:\windows\SysWow64\IccLibDll.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-17 01:15 . 2009-06-29 19:12 102720 ----a-w- c:\windows\system32\drivers\bdhv.sys
2011-04-17 01:14 . 2009-06-29 19:12 163936 ----a-w- c:\windows\system32\drivers\bdfm.sys
2011-04-17 01:08 . 2009-06-24 18:13 347336 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-04-17 01:07 . 2009-06-26 23:01 88144 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2011-04-17 00:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-17 00:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-23 13:28 . 2011-02-23 13:28 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 13:28 . 2011-02-23 13:28 6606440 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 13:28 . 2011-02-23 13:28 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-02-23 13:28 . 2011-02-23 13:28 5654120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-02-23 13:28 . 2011-02-23 13:28 4942952 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-02-23 13:28 . 2011-02-23 13:28 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 13:28 . 2011-02-23 13:28 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-02-23 13:28 . 2011-02-23 13:28 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 13:28 . 2011-02-23 13:28 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-02-23 13:28 . 2011-02-23 13:28 20473960 ----a-w- c:\windows\system32\nvoglv64.dll
2011-02-23 13:28 . 2011-02-23 13:28 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-02-23 13:28 . 2011-02-23 13:28 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 13:28 . 2011-02-23 13:28 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-02-23 13:28 . 2011-02-23 13:28 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-02-23 13:28 . 2011-02-23 13:28 12962792 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-23 13:28 . 2011-02-23 13:28 10079336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-02-23 13:28 . 2010-06-14 14:43 7732328 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-02-23 13:28 . 2010-06-14 14:43 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-02-23 13:28 . 2010-06-14 14:43 12862568 ----a-w- c:\windows\system32\nvd3dumx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
"P17RunE"="P17RunE.dll" [2007-04-09 14848]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Kyle\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-04-17 278224]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 cpuz130;cpuz130;c:\users\Kyle\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-19 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-19 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2011-04-17 89680]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 BDVEDISK;BDVEDISK;e:\programs\BitDefender 2010\bdvedisk.sys [2011-04-17 103944]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
*Deregistered* - WinRing0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 18:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper 32"="e:\programs\BitDefender 2010\Antispam32\IEShow.exe" [2011-04-17 71152]
"BitDefender Antiphishing Helper"="e:\programs\BitDefender 2010\IEShow.exe" [2011-04-17 76296]
"BDAgent"="e:\programs\BitDefender 2010\bdagent.exe" [2011-04-17 1668776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-24 13:55:36
ComboFix-quarantined-files.txt 2011-04-24 18:55
.
Pre-Run: 8,811,655,168 bytes free
Post-Run: 9,343,102,976 bytes free
.
- - End Of File - - 190DED3BE9E1682E4FCA10FE3050E9DD


PC seems to be a bit slower, nothing very noticable.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 24 April 2011 - 03:03 PM

That all looks good. Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Chillie

Chillie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:05:27 PM

Posted 24 April 2011 - 04:19 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6435

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

4/24/2011 3:37:36 PM
mbam-log-2011-04-24 (15-37-36).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 278471
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Chillie

Chillie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:05:27 PM

Posted 24 April 2011 - 07:16 PM

Oh great... Now When I try to play a cd it tells me, "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. What's that all about?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 25 April 2011 - 10:29 AM

Is this only when trying to play audio CD's? If so, what mediaplayer are you trying to use?

Can you access the content of a CD using My Computer?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Chillie

Chillie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:05:27 PM

Posted 25 April 2011 - 01:22 PM

It happens when trying to click on the cd in the my computer screen. I use winamp for audio cd's.

Edited by Chillie, 25 April 2011 - 01:23 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 25 April 2011 - 01:30 PM

Please try the steps here: http://support.microsoft.com/mats/cd_dvd_drive_problems/en-us

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Chillie

Chillie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:05:27 PM

Posted 25 April 2011 - 03:23 PM

Tried it, says "it doesn't apply to my computer".

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 25 April 2011 - 03:27 PM

Sorry, try the steps here instead: http://support.microsoft.com/kb/982116

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Chillie

Chillie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:05:27 PM

Posted 25 April 2011 - 04:14 PM

Same message.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:27 AM

Posted 25 April 2011 - 04:26 PM

I mean not the Fix-It solution, but the steps under that. You'll see specific steps for Windows 7.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





7 user(s) are reading this topic

0 members, 7 guests, 0 anonymous users