View Full Version : sabkutil stopped Spybot
LBFF8882
2011-04-03, 17:03
Hello Spybot community,
I am new to the forums but not new to Spybot. I have used this wonderful tool for years with great success keeping my computer super clean.
Recently, I came across a fairly nasty bug. Sabkutil. After it blocked Spybot from running / updating, I did some searches online and saw references to 2006 or other years. I even downloaded the uninstaller for SuperAntiSpyware to make sure it wasnt an orphan'd file.
I have tried several things to get rid of this bug Kaspersky nor MBAM can get rid of it, even in safe mode. Any help you can provide I would greatly appreciate.
Thank you again for your time. I will post the DDS file in a second post behind this one as requested by the forum sticky.
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by C at 9:49:37.53 on Sun 04/03/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.797 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\C\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO: QuickNet: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - QuickNet BHO
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
StartupFolder: C:\Users\C\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-23 378984]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-23 1974080]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-3-31 155752]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-8-19 11856]
R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2007-8-17 30336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-9 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-3-21 130976]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-21 413800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-8 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-04-03 14:11:02 -------- d-----w- C:\Users\C\AppData\Local\{B4E1ADDB-2C6A-4BC8-9650-D06C485C2987}
2011-04-02 03:43:30 -------- d-----w- C:\Users\C\AppData\Local\{EB808FAD-E006-4115-ADA8-292705989B5F}
2011-04-01 13:47:07 -------- d-----w- C:\Users\C\AppData\Local\{DF8239AE-C3A3-4F2B-A44A-96D8738C7EA1}
2011-04-01 13:46:38 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F43F1B90-82FC-414D-A674-CDC677D1F519}\mpengine.dll
2011-04-01 04:24:04 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-04-01 03:23:49 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-04-01 03:23:49 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-04-01 03:22:31 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-03-31 21:27:12 -------- d-----w- C:\Users\C\AppData\Local\{440AF234-055A-4515-8A58-C5244A20B349}
2011-03-31 02:54:33 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-03-31 00:37:15 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-31 00:37:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-30 15:56:35 9548 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2011-03-30 15:56:35 729600 ----a-w- C:\Windows\System32\cohelper.dll
2011-03-30 05:15:26 -------- d-----w- C:\Program Files (x86)\RIFT Game
2011-03-30 03:49:49 -------- d-----w- C:\Program Files (x86)\oZone3D
2011-03-29 03:27:37 -------- d-----w- C:\Program Files (x86)\SpeedFan
2011-03-29 03:16:31 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-29 03:08:37 98816 ----a-w- C:\Windows\sed.exe
2011-03-29 03:08:37 89088 ----a-w- C:\Windows\MBR.exe
2011-03-29 03:08:37 256512 ----a-w- C:\Windows\PEV.exe
2011-03-29 03:08:37 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-28 17:32:00 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2011-03-28 17:32:00 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2011-03-28 17:32:00 214528 ----a-w- C:\Windows\System32\APOMgr64.DLL
2011-03-28 17:32:00 166912 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2011-03-28 01:00:00 -------- d-----w- C:\Users\C\AppData\Local\IsolatedStorage
2011-03-28 00:59:59 -------- d-----w- C:\Users\C\AppData\Local\Futuremark_Corporation
2011-03-28 00:56:52 -------- d-----w- C:\Program Files\Futuremark
2011-03-27 21:53:45 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2011-03-27 21:53:44 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2011-03-27 21:53:44 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2011-03-27 21:53:44 25920 ----a-w- C:\Windows\System32\authuitu.dll
2011-03-27 21:53:44 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2011-03-27 21:53:41 -------- d-----w- C:\Users\C\AppData\Roaming\TuneUp Software
2011-03-27 21:52:40 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2011
2011-03-27 21:48:01 -------- d-----w- C:\PROGRA~3\TuneUp Software
2011-03-27 05:08:04 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2011-03-27 02:13:43 -------- d-----w- C:\Program Files\EVGA
2011-03-26 03:11:24 11264 ----a-w- C:\Windows\SysWow64\INRES.DLL
2011-03-26 03:11:24 10752 ----a-w- C:\Windows\System32\INRES.DLL
2011-03-23 23:57:53 -------- d-----w- C:\Windows\System32\appmgmt
2011-03-23 14:44:57 -------- d-----w- C:\Users\C\AppData\Roaming\SuperAdBlocker.com
2011-03-23 14:44:49 -------- d-----w- C:\Windows\SysWow64\URTTemp
2011-03-23 14:44:48 -------- d--h--w- C:\Program Files (x86)\SuperAdBlocker.com
2011-03-22 02:31:16 -------- d-----w- C:\Users\C\AppData\Roaming\NVIDIA
2011-03-22 02:22:33 -------- d-----w- C:\PROGRA~3\Futuremark
2011-03-22 02:14:43 -------- d--h--w- C:\Program Files (x86)\Futuremark
2011-03-20 14:48:27 20480 ----a-w- C:\Windows\System32\drivers\usbicp.sys
2011-03-10 06:25:40 -------- d-----w- C:\Windows\Downloaded Installations
2011-03-09 13:34:16 -------- d--h--w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-03-09 03:44:20 -------- d-----w- C:\Windows\System32\SPReview
2011-03-09 03:43:27 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-03-09 03:43:27 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-03-09 03:38:17 1940480 ------w- C:\Windows\System32\Sens_oal.dll
2011-03-09 03:37:45 729088 ---ha-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-03-09 03:37:45 69715 ---ha-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-03-09 03:37:45 5632 ---ha-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-03-09 03:37:45 266240 ---ha-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-03-09 03:37:45 192512 ---ha-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-03-09 03:37:45 188548 ---ha-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-03-09 03:37:44 311428 ---ha-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-03-09 03:18:58 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-03-09 03:17:59 1009152 ----a-w- C:\Windows\System32\mcmde.dll
2011-03-09 03:16:59 81920 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll
2011-03-09 03:15:57 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2011-03-09 03:15:57 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-03-09 03:14:58 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-03-09 03:14:58 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-03-09 03:14:55 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-03-09 03:14:55 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-03-09 03:14:05 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-03-09 03:14:05 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-03-09 03:14:05 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-03-09 03:13:59 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-03-09 03:13:57 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-03-09 03:13:29 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-03-09 03:13:28 399872 ----a-w- C:\Windows\System32\dpx.dll
.
==================== Find3M ====================
.
2011-03-09 03:49:40 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-09 03:49:39 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-02-24 23:21:10 2753512 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-02-23 06:38:58 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-02-23 06:38:52 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-02-23 06:38:36 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-02-23 06:38:26 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-02-23 06:38:24 61032 ----a-w- C:\Windows\System32\nvshext.dll
2011-02-23 06:38:24 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-02-22 20:52:00 2075712 ----a-w- C:\Windows\System32\FMAPO64.dll
2011-02-22 18:20:24 820224 ----a-w- C:\Windows\System32\RCoRes64.dat
2011-02-22 16:16:26 2369128 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-02-21 16:42:50 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-18 15:49:40 2839656 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-02-17 19:03:54 648296 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-02-16 18:11:28 84072 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-02-11 19:39:00 1247848 ----a-w- C:\Windows\System32\RTCOM64.dll
2011-02-09 20:56:00 1284712 ----a-w- C:\Windows\RtlExUpd.dll
2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-21 12:36:02 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-01-21 12:36:02 413800 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-01-21 12:36:02 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 06:01:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys
2011-01-05 05:55:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 9:50:38.53 ===============
Hi
You probably missed Please do NOT run 'FIXES' (ComboFix etc) without being asked (http://forums.spybot.info/showthread.php?t=16806) sticky. Please post existing c:\ComboFix.txt contents + fresh dds logs (including both dds.txt & attach.txt contents).
LBFF8882
2011-04-07, 14:31
Combo fix was run prior to posting on this forum. I can post the logs for and updated DDS and Combo fix. However, Combo fix did not find any Root Kits when it was run on 03 28 2011. This led me to posting here on 04 03 2011.
I came here after Spybot was stopped, one to get help and to also notify Spybot of a possible problem. In the days following, while waiting I have been working to free my computer from the grip something has on it.
With the time while waiting until 04 06 2011 and looking at the DDS logs and searching out what is there I have found several bugs: Trojan.Gamemon.des, msadcheck browser hijack, and Sabkutil, from appearances I have removed them not with the COMBO fix or any other tool excepting Registry deletion and AutoRuns.
I can tell you and the team at Spybot are very busy just by looking at the # of post each day in these forums. I don't want to take away from your time with other people in need, so if you feel like this is a waste to continue this path you can lock the thread and I can move in another direction ..ie new disk new os install.
Rather than clutter this post with more logs I await your next post in the days to come. Thanks again for your help.
Hi,
I can try to give your case a shot if you post the requested logs + description of current symptoms :)
LBFF8882
2011-04-08, 05:34
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by C at 22:22:41.88 on Thu 04/07/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.1061 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Users\C\Desktop\Malware Fights\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO: QuickNet: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - QuickNet BHO
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
StartupFolder: C:\Users\C\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-23 378984]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-23 1974080]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-3-31 155752]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-8-19 11856]
R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2007-8-17 30336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-9 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-3-21 130976]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-21 413800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-8 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-04-08 01:21:01 -------- d-----w- C:\Users\C\AppData\Local\{541F4075-25A4-4A68-A82F-BC98614A312F}
2011-04-06 13:08:43 2594608 ----a-w- C:\Program Files\Internet Explorer\ienrbreakaway.exe
2011-04-06 02:56:26 -------- d-----w- C:\Users\C\AppData\Local\{B60E6D57-7BB2-4DC1-8E76-058FAD04FCB0}
2011-04-05 13:32:49 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{1ADCE431-270C-4E06-895D-DB1CCA28CC88}\mpengine.dll
2011-04-05 03:17:03 -------- d-----w- C:\Users\C\AppData\Local\{DDD9A20F-7BB0-4F49-BBDF-F85442D1F480}
2011-04-04 15:01:57 -------- d-----w- C:\Users\C\AppData\Local\{08B37A23-2229-4CF3-A5A2-68440B233EAC}
2011-04-04 03:01:21 -------- d-----w- C:\Users\C\AppData\Local\{E35F4D39-FB7D-4A99-A683-BE77D4D68F8D}
2011-04-03 14:11:02 -------- d-----w- C:\Users\C\AppData\Local\{B4E1ADDB-2C6A-4BC8-9650-D06C485C2987}
2011-04-02 03:43:30 -------- d-----w- C:\Users\C\AppData\Local\{EB808FAD-E006-4115-ADA8-292705989B5F}
2011-04-01 13:47:07 -------- d-----w- C:\Users\C\AppData\Local\{DF8239AE-C3A3-4F2B-A44A-96D8738C7EA1}
2011-04-01 04:24:04 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-04-01 03:23:49 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-04-01 03:23:49 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-04-01 03:22:31 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-03-31 21:27:12 -------- d-----w- C:\Users\C\AppData\Local\{440AF234-055A-4515-8A58-C5244A20B349}
2011-03-31 02:54:33 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-03-31 00:37:15 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-31 00:37:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-30 15:56:35 9548 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2011-03-30 15:56:35 729600 ----a-w- C:\Windows\System32\cohelper.dll
2011-03-30 05:15:26 -------- d-----w- C:\Program Files (x86)\RIFT Game
2011-03-30 03:49:49 -------- d-----w- C:\Program Files (x86)\oZone3D
2011-03-29 03:27:37 -------- d-----w- C:\Program Files (x86)\SpeedFan
2011-03-29 03:16:31 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-29 03:08:37 98816 ----a-w- C:\Windows\sed.exe
2011-03-29 03:08:37 89088 ----a-w- C:\Windows\MBR.exe
2011-03-29 03:08:37 256512 ----a-w- C:\Windows\PEV.exe
2011-03-29 03:08:37 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-28 17:32:00 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2011-03-28 17:32:00 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2011-03-28 17:32:00 214528 ----a-w- C:\Windows\System32\APOMgr64.DLL
2011-03-28 17:32:00 166912 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2011-03-28 01:00:00 -------- d-----w- C:\Users\C\AppData\Local\IsolatedStorage
2011-03-28 00:59:59 -------- d-----w- C:\Users\C\AppData\Local\Futuremark_Corporation
2011-03-28 00:56:52 -------- d-----w- C:\Program Files\Futuremark
2011-03-27 21:53:45 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2011-03-27 21:53:44 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2011-03-27 21:53:44 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2011-03-27 21:53:44 25920 ----a-w- C:\Windows\System32\authuitu.dll
2011-03-27 21:53:44 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2011-03-27 21:53:41 -------- d-----w- C:\Users\C\AppData\Roaming\TuneUp Software
2011-03-27 21:52:40 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2011
2011-03-27 21:48:01 -------- d-----w- C:\PROGRA~3\TuneUp Software
2011-03-27 05:08:04 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2011-03-27 02:13:43 -------- d-----w- C:\Program Files\EVGA
2011-03-26 03:11:24 11264 ----a-w- C:\Windows\SysWow64\INRES.DLL
2011-03-26 03:11:24 10752 ----a-w- C:\Windows\System32\INRES.DLL
2011-03-23 23:57:53 -------- d-----w- C:\Windows\System32\appmgmt
2011-03-23 14:44:57 -------- d-----w- C:\Users\C\AppData\Roaming\SuperAdBlocker.com
2011-03-23 14:44:49 -------- d-----w- C:\Windows\SysWow64\URTTemp
2011-03-23 14:44:48 -------- d-----w- C:\Program Files (x86)\SuperAdBlocker.com
2011-03-22 02:31:16 -------- d-----w- C:\Users\C\AppData\Roaming\NVIDIA
2011-03-22 02:22:33 -------- d-----w- C:\PROGRA~3\Futuremark
2011-03-22 02:14:43 -------- d-----w- C:\Program Files (x86)\Futuremark
2011-03-20 14:48:27 20480 ----a-w- C:\Windows\System32\drivers\usbicp.sys
2011-03-10 06:25:40 -------- d-----w- C:\Windows\Downloaded Installations
2011-03-09 13:34:16 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-03-09 03:44:20 -------- d-----w- C:\Windows\System32\SPReview
2011-03-09 03:43:27 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-03-09 03:43:27 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-03-09 03:38:17 1940480 ------w- C:\Windows\System32\Sens_oal.dll
2011-03-09 03:37:45 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-03-09 03:37:45 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-03-09 03:37:45 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-03-09 03:37:45 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-03-09 03:37:45 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-03-09 03:37:45 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-03-09 03:37:44 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
.
==================== Find3M ====================
.
2011-03-09 03:49:40 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-09 03:49:39 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-02-24 23:21:10 2753512 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-02-23 06:38:58 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-02-23 06:38:52 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-02-23 06:38:36 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-02-23 06:38:26 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-02-23 06:38:24 61032 ----a-w- C:\Windows\System32\nvshext.dll
2011-02-23 06:38:24 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-02-22 20:52:00 2075712 ----a-w- C:\Windows\System32\FMAPO64.dll
2011-02-22 18:20:24 820224 ----a-w- C:\Windows\System32\RCoRes64.dat
2011-02-22 16:16:26 2369128 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-02-21 16:42:50 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-18 15:49:40 2839656 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-02-17 19:03:54 648296 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-02-16 18:11:28 84072 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-02-11 19:39:00 1247848 ----a-w- C:\Windows\System32\RTCOM64.dll
2011-02-09 20:56:00 1284712 ----a-w- C:\Windows\RtlExUpd.dll
2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-21 12:36:02 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-01-21 12:36:02 413800 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-01-21 12:36:02 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
.
============= FINISH: 22:23:52.03 ===============
************************************************
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/23/2010 5:03:08 PM
System Uptime: 4/7/2011 9:57:59 PM (1 hours ago)
.
Motherboard: EVGA | | 132-YW-E179-FTW
Processor: Intel(R) Core(TM)2 Extreme CPU X9650 @ 3.00GHz | Socket 775 | 3400/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 335.565 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP143: 3/31/2011 10:23:18 PM - Installed Kaspersky Internet Security 2011.
RP144: 3/31/2011 11:23:44 PM - Device Driver Package Install: NVIDIA Display adapters
RP145: 3/31/2011 11:31:21 PM - Windows Update
RP146: 4/5/2011 8:32:35 AM - Windows Update
RP147: 4/6/2011 8:02:35 AM - Windows Update
.
==== Installed Programs ======================
.
3DMark 11
3DMark Vantage
A+ 2009 Book Demo
A+ 2009 Sample
A+ Complete
Adobe Flash Player 10 ActiveX
Counter-Strike
Counter-Strike: Condition Zero
Counter-Strike: Condition Zero Deleted Scenes
Counter-Strike: Source
D3DX10
DC Universe Online
DC Universe Online Live
Definition update for Microsoft Office 2010 (KB982726)
Download Manager 2.3.10
ERUNT 1.1j
Futuremark SystemInfo
Google Update Helper
Junk Mail filter update
Kaspersky Internet Security 2011
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
oZone3D.Net FurMark v1.8.2
Pando Media Booster
Realtek High Definition Audio Driver
RIFT
RocketFish 5.1 PCI Sound Card
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SimulationExams A+ Practical
SpeedFan (remove only)
Spybot - Search & Destroy
Steam
System Requirements Lab
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2289116)
Ventrilo Client
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.0
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
4/7/2011 9:58:27 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function
Discovery Provider Host service which failed to start because of the following error: The service cannot be started,
either because it is disabled or because it has no enabled devices associated with it.
4/7/2011 9:58:15 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while
initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean
there was an error initializing logging resources as well.
4/4/2011 8:30:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service
which failed to start because of the following error: The dependency service or group failed to start.
4/4/2011 8:30:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/4/2011 8:29:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the
service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/4/2011 8:29:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to
load: discache KLIF spldr Wanarpv6
4/4/2011 11:00:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the
service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/4/2011 10:55:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed
to load: discache KLIF SABKUTIL spldr Wanarpv6
4/4/2011 10:45:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed
to load: SABKUTIL
4/3/2011 10:00:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a
bugcheck. The bugcheck was: 0x000000fe (0x0000000000000005, 0xfffffa80034b21a0, 0x0000000010de036c, 0xfffffa8004a23f60).
A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040311-16036-01.
.
==== End Of File ===========================
**************************************************
ComboFix 11-03-28.03 - C 03/28/2011 22:09:22.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2883 [GMT -5:00]
Running from: c:\users\C\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\Data
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 )))))))))))))))))))))))))))))))
.
.
2011-03-29 03:13 . 2011-03-29 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-28 18:05 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63FFE886-AE7C-403B-8C21-A9B363F5205B}\mpengine.dll
2011-03-28 17:33 . 2011-03-28 17:33 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-28 17:33 . 2011-03-28 17:33 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-03-28 17:33 . 2011-03-28 17:33 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-28 17:33 . 2011-03-28 17:33 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-03-28 17:33 . 2009-10-19 20:21 2902495 ------w- c:\windows\SysWow64\Sens_oal.dll
2011-03-28 17:33 . 2011-03-28 17:33 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2011-03-28 17:32 . 2009-07-10 14:09 214528 ----a-w- c:\windows\system32\APOMgr64.DLL
2011-03-28 17:32 . 2009-07-10 14:07 166912 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2011-03-28 17:32 . 2009-02-06 23:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2011-03-28 17:32 . 2009-02-06 23:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2011-03-28 01:00 . 2011-03-28 01:00 -------- d-----w- c:\users\C\AppData\Local\IsolatedStorage
2011-03-28 00:59 . 2011-03-28 00:59 -------- d-----w- c:\users\C\AppData\Local\Futuremark_Corporation
2011-03-28 00:56 . 2011-03-28 00:56 -------- d-----w- c:\program files\Futuremark
2011-03-27 21:53 . 2010-11-23 16:43 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-27 21:53 . 2010-11-23 16:39 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-03-27 21:53 . 2010-11-23 16:39 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-03-27 21:53 . 2010-11-23 16:39 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-27 21:53 . 2010-11-23 16:39 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-03-27 21:53 . 2011-03-27 21:53 -------- d-----w- c:\users\C\AppData\Roaming\TuneUp Software
2011-03-27 21:52 . 2011-03-27 21:55 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-03-27 21:48 . 2011-03-27 21:56 -------- d-----w- c:\programdata\TuneUp Software
2011-03-27 05:08 . 2011-03-27 05:08 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-03-27 02:54 . 2011-03-27 02:54 -------- d-----w- c:\program files\CCleaner
2011-03-27 02:13 . 2010-11-09 19:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2011-03-27 02:13 . 2011-03-27 02:16 -------- d-----w- c:\program files\EVGA
2011-03-26 03:11 . 2005-06-15 03:09 10752 ----a-w- c:\windows\system32\INRES.DLL
2011-03-26 03:11 . 2005-06-15 03:07 11264 ----a-w- c:\windows\SysWow64\INRES.DLL
2011-03-25 13:45 . 2010-11-30 16:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DCAD157-885F-4771-9755-61D2819AFE8C}\gapaengine.dll
2011-03-23 23:57 . 2011-03-23 23:57 -------- d-----w- c:\windows\system32\appmgmt
2011-03-23 14:44 . 2011-03-23 14:44 -------- d-----w- c:\users\C\AppData\Roaming\SuperAdBlocker.com
2011-03-23 14:44 . 2011-03-23 14:44 -------- d-----w- c:\windows\SysWow64\URTTemp
2011-03-23 14:44 . 2011-03-23 14:45 -------- d--h--w- c:\program files (x86)\SuperAdBlocker.com
2011-03-22 02:31 . 2011-03-22 02:31 -------- d-----w- c:\users\C\AppData\Roaming\NVIDIA
2011-03-22 02:22 . 2011-03-22 02:22 -------- d-----w- c:\programdata\Futuremark
2011-03-22 02:14 . 2011-03-22 02:15 -------- d--h--w- c:\program files (x86)\Futuremark
2011-03-22 02:14 . 2011-03-22 02:14 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-03-20 14:48 . 2010-08-24 14:45 20480 ----a-w- c:\windows\system32\drivers\usbicp.sys
2011-03-10 06:25 . 2011-03-10 06:25 -------- d-----w- c:\windows\Downloaded Installations
2011-03-09 13:34 . 2011-03-09 13:34 -------- d--h--w- c:\program files (x86)\Microsoft Synchronization Services
2011-03-09 03:44 . 2011-03-09 03:44 -------- d-----w- c:\windows\system32\SPReview
2011-03-09 03:43 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-09 03:43 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-03-09 03:38 . 2009-10-19 21:23 1940480 ------w- c:\windows\system32\Sens_oal.dll
2011-03-09 03:37 . 2011-03-09 03:37 188548 ---ha-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-03-09 03:37 . 2003-11-11 00:14 729088 ---ha-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-03-09 03:37 . 2003-11-11 00:13 69715 ---ha-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-03-09 03:37 . 2003-11-11 00:12 266240 ---ha-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-03-09 03:37 . 2003-11-11 00:12 192512 ---ha-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-03-09 03:37 . 2003-11-11 00:11 5632 ---ha-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-03-09 03:37 . 2011-03-09 03:37 311428 ---ha-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-03-09 03:18 . 2010-11-20 13:28 1731936 ----a-w- c:\windows\system32\ntdll.dll
2011-03-09 03:17 . 2010-11-20 13:26 1009152 ----a-w- c:\windows\system32\mcmde.dll
2011-03-09 03:16 . 2010-11-20 13:27 172544 ----a-w- c:\windows\system32\twext.dll
2011-03-09 03:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-03-09 03:15 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-03-09 03:14 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-03-09 03:14 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-03-09 03:14 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-03-09 03:14 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-03-09 03:14 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-09 03:14 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-09 03:14 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-09 03:13 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-09 03:13 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-09 03:13 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-03-09 03:13 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-03-09 03:07 . 2011-02-23 15:34 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F58DD13B-76DD-4E20-88D0-0BD965E7779F}\mpengine.dll
2011-03-09 00:14 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-09 00:08 . 2011-03-09 00:08 -------- d--h--w- c:\program files (x86)\Microsoft Security Client
2011-03-09 00:07 . 2011-03-09 03:10 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-05 04:28 . 2011-03-29 02:27 -------- d--h--w- c:\program files (x86)\RIFT Game
2011-03-03 16:44 . 2011-03-03 16:44 -------- d--h--w- c:\program files (x86)\Microsoft Sync Framework
2011-03-03 16:42 . 2011-03-09 13:31 -------- d--h--w- c:\program files (x86)\Microsoft Visual Studio 8
2011-03-03 16:42 . 2011-03-03 16:42 -------- d--h--w- c:\program files (x86)\Microsoft Analysis Services
2011-03-03 16:41 . 2011-03-09 04:05 -------- d-----w- c:\users\C\AppData\Local\Microsoft Help
2011-03-03 16:41 . 2011-03-09 13:44 -------- d-----w- c:\programdata\Microsoft Help
2011-03-03 16:41 . 2011-03-03 16:41 -------- d-----r- C:\MSOCache
2011-02-27 05:53 . 2011-03-09 04:05 -------- d--h--w- c:\program files (x86)\Common Files\BioWare
2011-02-27 05:53 . 2011-03-09 04:05 -------- d--h--w- c:\program files (x86)\Dragon Age 2 Demo
2011-02-27 04:15 . 2011-03-25 19:59 -------- d-----w- c:\programdata\Creative
2011-02-27 04:15 . 2009-02-26 01:36 140800 ----a-w- c:\windows\system32\P17res.dll
2011-02-27 04:15 . 2011-02-27 04:15 -------- d-----w- c:\windows\system32\Data
2011-02-27 04:14 . 2011-02-27 04:14 -------- d-----w- c:\program files\Creative
2011-02-27 04:14 . 2011-03-28 17:33 -------- d--h--w- c:\program files (x86)\Creative
2011-02-27 04:14 . 2011-02-27 04:15 -------- d--h--w- c:\program files (x86)\RocketFish
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 12:45 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-09 03:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-09 03:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-21 16:42 . 2011-02-21 16:37 525792 ----a-w- c:\windows\DIFxAPI.dll
2011-01-13 08:47 . 2011-01-17 13:33 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-08 03:27 . 2011-02-15 16:11 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-15 16:11 6604904 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-15 16:11 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-01-08 03:27 . 2011-02-15 16:11 4941928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-01-08 03:27 . 2011-02-15 16:11 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-15 16:11 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-01-08 03:27 . 2011-02-15 16:11 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-15 16:11 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-15 16:11 20471912 ----a-w- c:\windows\system32\nvoglv64.dll
2011-01-08 03:27 . 2011-02-15 16:11 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-01-08 03:27 . 2011-02-15 16:11 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-15 16:11 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-01-08 03:27 . 2011-02-15 16:11 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-01-08 03:27 . 2011-02-15 16:11 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-01-08 03:27 . 2011-02-15 16:11 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-01-08 03:27 . 2011-02-15 16:11 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-15 16:11 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-01-08 03:27 . 2010-12-19 14:49 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-01-08 03:27 . 2010-10-23 23:32 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-01-08 03:27 . 2010-07-10 10:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-08 03:27 . 2009-07-13 21:59 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-08 01:49 . 2011-01-08 01:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-08 01:49 . 2011-01-08 01:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 01:49 . 2011-01-08 01:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-08 01:48 . 2011-01-08 01:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 01:48 . 2011-01-08 01:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 12:17 . 2011-02-23 14:02 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 12:17 . 2011-02-23 14:02 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 12:14 . 2011-02-09 23:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 09:51 . 2011-02-09 23:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 09:20 . 2011-02-09 23:03 366592 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 07:46 . 2011-02-23 14:02 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:46 . 2011-02-23 14:02 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-09 23:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 06:01 . 2011-02-09 23:03 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-01-07 05:43 . 2011-02-09 23:03 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 10:34 . 2011-02-09 23:03 612864 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 06:56 . 2011-02-09 23:03 3129344 ----a-w- c:\windows\system32\win32k.sys
2011-01-05 05:55 . 2011-02-09 23:03 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SABKUTIL;SABKUTIL;c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-28 79360]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 Normandy;Normandy SR2; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-23 1974080]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-08-20 11856]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 03:24]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 03:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3237839460-2603368293-229235254-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3237839460-2603368293-229235254-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-28 22:14:38
ComboFix-quarantined-files.txt 2011-03-29 03:14
.
Pre-Run: 355,858,624,512 bytes free
Post-Run: 355,791,196,160 bytes free
.
- - End Of File - - 9BF001093D3F1766338E1FF9BD10BE1A
***********************************
Symptoms vary sometimes the Win 7 will lock up and wont finish booting even though POST has completed. Some times webpages will hour glass or go other sites. I have seen it lock up several times for varied reasons: playing any online game( DCUO, CS:S, RIFT), surfing the web, using Office 2010, watching some videos' online, some times nothing (i can be watching tv and bamm look back to monitor to surf or start to playing and its locked up, hard boot to get it back).
I have double check temps and did a MEM86 test with 7 passes no fails. Video card updated to latest software. Hard drive with firmware update as well to SP25.
Thanks again for your time.
Hi,
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
LBFF8882
2011-04-09, 06:21
I downloaded the file in its winzip format, my copy expired, EVERY time i go to the site to pay to download bammm computer locks up. Here is the list of Event Viewer Errors:
Error 4/8/2011 11:04:29 PM Service Control Manager 7001 None
Warning 4/8/2011 11:04:24 PM Wininit 11 None
Error 4/8/2011 11:04:15 PM Eventlog 22 Service startup
Error 4/8/2011 11:04:15 PM Eventlog 1101 Event processing
Error 4/8/2011 11:04:14 PM EventLog 6008 None
Critical 4/8/2011 11:04:05 PM Kernel-Power 41 (63)
Error 4/8/2011 11:02:12 PM Service Control Manager 7001 None
Warning 4/8/2011 11:02:04 PM Wininit 11 None
Error 4/8/2011 11:01:55 PM Eventlog 22 Service startup
Error 4/8/2011 11:01:55 PM EventLog 6008 None
Error 4/8/2011 11:01:56 PM Eventlog 1101 Event processing
Critical 4/8/2011 11:01:46 PM Kernel-Power 41 (63)
Error 4/8/2011 10:54:21 PM Service Control Manager 7001 None
Error 4/8/2011 10:53:54 PM Application Error 1000 (100)
Error 4/8/2011 10:52:33 PM Service Control Manager 7001 None
Warning 4/8/2011 10:52:28 PM Wininit 11 None
Error 4/8/2011 10:52:19 PM Eventlog 22 Service startup
Error 4/8/2011 10:52:19 PM EventLog 6008 None
Error 4/8/2011 10:52:20 PM Eventlog 1101 Event processing
Critical 4/8/2011 10:52:09 PM Kernel-Power 41 (63)
Hi,
You can unzip the file by using the feature built in Windows:
1. Right click zip file -> open with -> Windows Explorer. Windows Explorer should open up with zip contents in it.
2. Drag 'n' drop the file inside to your desktop.
LBFF8882
2011-04-10, 04:22
011/04/09 21:17:10.0590 0168 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/09 21:17:10.0808 0168 ================================================================================
2011/04/09 21:17:10.0808 0168 SystemInfo:
2011/04/09 21:17:10.0808 0168
2011/04/09 21:17:10.0808 0168 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/09 21:17:10.0808 0168 Product type: Workstation
2011/04/09 21:17:10.0808 0168 ComputerName: C-PC
2011/04/09 21:17:10.0808 0168 UserName: C
2011/04/09 21:17:10.0808 0168 Windows directory: C:\Windows
2011/04/09 21:17:10.0808 0168 System windows directory: C:\Windows
2011/04/09 21:17:10.0808 0168 Running under WOW64
2011/04/09 21:17:10.0808 0168 Processor architecture: Intel x64
2011/04/09 21:17:10.0808 0168 Number of processors: 4
2011/04/09 21:17:10.0808 0168 Page size: 0x1000
2011/04/09 21:17:10.0808 0168 Boot type: Normal boot
2011/04/09 21:17:10.0808 0168 ================================================================================
2011/04/09 21:17:11.0026 0168 Initialize success
2011/04/09 21:17:14.0458 4700 ================================================================================
2011/04/09 21:17:14.0458 4700 Scan started
2011/04/09 21:17:14.0458 4700 Mode: Manual;
2011/04/09 21:17:14.0458 4700 ================================================================================
2011/04/09 21:17:16.0908 4700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers
\1394ohci.sys
2011/04/09 21:17:16.0954 4700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/04/09 21:17:16.0970 4700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/04/09 21:17:17.0017 4700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/09 21:17:17.0064 4700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/09 21:17:17.0095 4700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/09 21:17:17.0142 4700 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/04/09 21:17:17.0157 4700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/04/09 21:17:17.0204 4700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/04/09 21:17:17.0235 4700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/04/09 21:17:17.0251 4700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/09 21:17:17.0266 4700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/09 21:17:17.0298 4700 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/04/09 21:17:17.0313 4700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/09 21:17:17.0329 4700 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/04/09 21:17:17.0376 4700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/04/09 21:17:17.0391 4700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/09 21:17:17.0422 4700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/09 21:17:17.0438 4700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS
\asyncmac.sys
2011/04/09 21:17:17.0454 4700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/04/09 21:17:17.0500 4700 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/04/09 21:17:17.0563 4700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/09 21:17:17.0594 4700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS
\b57nd60a.sys
2011/04/09 21:17:17.0625 4700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/09 21:17:17.0656 4700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS
\blbdrive.sys
2011/04/09 21:17:17.0672 4700 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/09 21:17:17.0688 4700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS
\BrFiltLo.sys
2011/04/09 21:17:17.0703 4700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS
\BrFiltUp.sys
2011/04/09 21:17:17.0719 4700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/09 21:17:17.0750 4700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers
\BrSerWdm.sys
2011/04/09 21:17:17.0766 4700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers
\BrUsbMdm.sys
2011/04/09 21:17:17.0781 4700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers
\BrUsbSer.sys
2011/04/09 21:17:17.0781 4700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS
\bthmodem.sys
2011/04/09 21:17:17.0812 4700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/09 21:17:17.0828 4700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/04/09 21:17:17.0844 4700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS
\circlass.sys
2011/04/09 21:17:17.0859 4700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/09 21:17:17.0890 4700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/09 21:17:17.0906 4700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/04/09 21:17:17.0922 4700 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/04/09 21:17:17.0953 4700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS
\compbatt.sys
2011/04/09 21:17:17.0968 4700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers
\CompositeBus.sys
2011/04/09 21:17:17.0984 4700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/09 21:17:18.0015 4700 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/04/09 21:17:18.0031 4700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/04/09 21:17:18.0046 4700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers
\discache.sys
2011/04/09 21:17:18.0062 4700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/09 21:17:18.0093 4700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/09 21:17:18.0124 4700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/09 21:17:18.0202 4700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/09 21:17:18.0280 4700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/09 21:17:18.0296 4700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/04/09 21:17:18.0327 4700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/09 21:17:18.0343 4700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/09 21:17:18.0374 4700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/09 21:17:18.0405 4700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers
\fileinfo.sys
2011/04/09 21:17:18.0421 4700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers
\filetrace.sys
2011/04/09 21:17:18.0421 4700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS
\flpydisk.sys
2011/04/09 21:17:18.0452 4700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/04/09 21:17:18.0468 4700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers
\FsDepends.sys
2011/04/09 21:17:18.0483 4700 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/09 21:17:18.0514 4700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/09 21:17:18.0577 4700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/09 21:17:18.0655 4700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS
\gagp30kx.sys
2011/04/09 21:17:18.0686 4700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers
\hcw85cir.sys
2011/04/09 21:17:18.0702 4700 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/04/09 21:17:18.0733 4700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS
\HDAudBus.sys
2011/04/09 21:17:18.0748 4700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/09 21:17:18.0764 4700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/09 21:17:18.0811 4700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/09 21:17:18.0826 4700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/04/09 21:17:18.0842 4700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/09 21:17:18.0873 4700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/04/09 21:17:18.0904 4700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers
\hwpolicy.sys
2011/04/09 21:17:18.0920 4700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers
\i8042prt.sys
2011/04/09 21:17:18.0967 4700 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/04/09 21:17:18.0982 4700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/09 21:17:19.0060 4700 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\Windows\system32\drivers
\RTKVHD64.sys
2011/04/09 21:17:19.0154 4700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers
\intelide.sys
2011/04/09 21:17:19.0170 4700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS
\intelppm.sys
2011/04/09 21:17:19.0201 4700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS
\ipfltdrv.sys
2011/04/09 21:17:19.0263 4700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/09 21:17:19.0294 4700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/09 21:17:19.0310 4700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/09 21:17:19.0372 4700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/04/09 21:17:19.0419 4700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/04/09 21:17:19.0435 4700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS
\kbdclass.sys
2011/04/09 21:17:19.0466 4700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/09 21:17:19.0528 4700 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
2011/04/09 21:17:19.0544 4700 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
2011/04/09 21:17:19.0606 4700 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
2011/04/09 21:17:19.0638 4700 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
2011/04/09 21:17:19.0653 4700 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS
\klmouflt.sys
2011/04/09 21:17:19.0669 4700 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/09 21:17:19.0684 4700 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/09 21:17:19.0684 4700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/09 21:17:19.0731 4700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/09 21:17:19.0762 4700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/09 21:17:19.0778 4700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/09 21:17:19.0809 4700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS
\lsi_sas2.sys
2011/04/09 21:17:19.0825 4700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS
\lsi_scsi.sys
2011/04/09 21:17:19.0840 4700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/09 21:17:19.0872 4700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/09 21:17:19.0887 4700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/09 21:17:19.0934 4700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/09 21:17:19.0950 4700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/09 21:17:19.0950 4700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS
\mouclass.sys
2011/04/09 21:17:19.0965 4700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/09 21:17:19.0981 4700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers
\mountmgr.sys
2011/04/09 21:17:20.0012 4700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/04/09 21:17:20.0043 4700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/09 21:17:20.0059 4700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/04/09 21:17:20.0074 4700 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/09 21:17:20.0090 4700 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS
\mrxsmb10.sys
2011/04/09 21:17:20.0121 4700 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS
\mrxsmb20.sys
2011/04/09 21:17:20.0121 4700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/04/09 21:17:20.0152 4700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/04/09 21:17:20.0168 4700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/09 21:17:20.0184 4700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers
\mshidkmdf.sys
2011/04/09 21:17:20.0199 4700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers
\msisadrv.sys
2011/04/09 21:17:20.0215 4700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/09 21:17:20.0230 4700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers
\MSPCLOCK.sys
2011/04/09 21:17:20.0246 4700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/09 21:17:20.0262 4700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/04/09 21:17:20.0277 4700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers
\mssmbios.sys
2011/04/09 21:17:20.0293 4700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/09 21:17:20.0308 4700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS
\MTConfig.sys
2011/04/09 21:17:20.0324 4700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/09 21:17:20.0355 4700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/09 21:17:20.0386 4700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/04/09 21:17:20.0418 4700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/09 21:17:20.0433 4700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
\ndistapi.sys
2011/04/09 21:17:20.0449 4700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/09 21:17:20.0464 4700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/09 21:17:20.0480 4700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/04/09 21:17:20.0496 4700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/09 21:17:20.0527 4700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/09 21:17:20.0558 4700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/09 21:17:20.0620 4700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/09 21:17:20.0698 4700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
\nsiproxy.sys
2011/04/09 21:17:20.0745 4700 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/04/09 21:17:20.0776 4700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/09 21:17:20.0808 4700 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS
\nvm62x64.sys
2011/04/09 21:17:20.0854 4700 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers
\nvhda64v.sys
2011/04/09 21:17:21.0120 4700 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS
\nvlddmkm.sys
2011/04/09 21:17:21.0229 4700 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/04/09 21:17:21.0244 4700 nvrd64 (694f5e9d9d624d47f432f5b2e66a0528) C:\Windows\system32\DRIVERS\nvrd64.sys
2011/04/09 21:17:21.0260 4700 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/04/09 21:17:21.0276 4700 nvstor64 (05de5dc43afe6cab78f9c7ca044cbcbe) C:\Windows\system32\DRIVERS
\nvstor64.sys
2011/04/09 21:17:21.0307 4700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/04/09 21:17:21.0322 4700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers
\ohci1394.sys
2011/04/09 21:17:21.0385 4700 P17 (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys
2011/04/09 21:17:21.0432 4700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/09 21:17:21.0447 4700 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/04/09 21:17:21.0463 4700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/04/09 21:17:21.0478 4700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/04/09 21:17:21.0510 4700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/09 21:17:21.0510 4700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/09 21:17:21.0541 4700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/09 21:17:21.0603 4700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/09 21:17:21.0619 4700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS
\processr.sys
2011/04/09 21:17:21.0681 4700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/09 21:17:21.0759 4700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/09 21:17:21.0806 4700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/09 21:17:21.0822 4700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers
\qwavedrv.sys
2011/04/09 21:17:21.0837 4700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/09 21:17:21.0853 4700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS
\AgileVpn.sys
2011/04/09 21:17:21.0868 4700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/09 21:17:21.0884 4700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS
\raspppoe.sys
2011/04/09 21:17:21.0900 4700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/09 21:17:21.0915 4700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/09 21:17:21.0931 4700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/09 21:17:21.0946 4700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/09 21:17:21.0962 4700 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/04/09 21:17:21.0993 4700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers
\rdpencdd.sys
2011/04/09 21:17:22.0009 4700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers
\rdprefmp.sys
2011/04/09 21:17:22.0024 4700 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/04/09 21:17:22.0040 4700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers
\rdyboost.sys
2011/04/09 21:17:22.0071 4700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/09 21:17:22.0087 4700 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS
\Rt64win7.sys
2011/04/09 21:17:22.0118 4700 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/04/09 21:17:22.0134 4700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers
\sbp2port.sys
2011/04/09 21:17:22.0149 4700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS
\scfilter.sys
2011/04/09 21:17:22.0180 4700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/09 21:17:22.0196 4700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/09 21:17:22.0212 4700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/09 21:17:22.0227 4700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS
\sermouse.sys
2011/04/09 21:17:22.0258 4700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/04/09 21:17:22.0290 4700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers
\sffp_mmc.sys
2011/04/09 21:17:22.0305 4700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/09 21:17:22.0321 4700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/09 21:17:22.0336 4700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS
\SiSRaid2.sys
2011/04/09 21:17:22.0352 4700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS
\sisraid4.sys
2011/04/09 21:17:22.0368 4700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/09 21:17:22.0430 4700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/09 21:17:22.0461 4700 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
2011/04/09 21:17:22.0492 4700 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/09 21:17:22.0508 4700 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/09 21:17:22.0555 4700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS
\stexstor.sys
2011/04/09 21:17:22.0570 4700 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers
\vmstorfl.sys
2011/04/09 21:17:22.0586 4700 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/04/09 21:17:22.0602 4700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/04/09 21:17:22.0680 4700 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/04/09 21:17:22.0758 4700 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/09 21:17:22.0789 4700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers
\tcpipreg.sys
2011/04/09 21:17:22.0804 4700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/09 21:17:22.0804 4700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/09 21:17:22.0820 4700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/09 21:17:22.0836 4700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/04/09 21:17:22.0882 4700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS
\tssecsrv.sys
2011/04/09 21:17:22.0898 4700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers
\tsusbflt.sys
2011/04/09 21:17:22.0945 4700 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp
Utilities 2011\TuneUpUtilitiesDriver64.sys
2011/04/09 21:17:22.0960 4700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/09 21:17:22.0976 4700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/09 21:17:23.0007 4700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/09 21:17:23.0023 4700 uisp (b1d1fe35303e3aee6d5af69f09f12e87) C:\Windows\system32\Drivers\usbicp.sys
2011/04/09 21:17:23.0054 4700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers
\uliagpkx.sys
2011/04/09 21:17:23.0070 4700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/04/09 21:17:23.0085 4700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/09 21:17:23.0101 4700 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/09 21:17:23.0132 4700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/04/09 21:17:23.0148 4700 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/09 21:17:23.0163 4700 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/04/09 21:17:23.0194 4700 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/09 21:17:23.0210 4700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS
\usbprint.sys
2011/04/09 21:17:23.0241 4700 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/09 21:17:23.0257 4700 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/09 21:17:23.0288 4700 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/09 21:17:23.0335 4700 VaneFltr (81a9f455bf2c9180348949f7c8d93e66) C:\Windows\system32\drivers
\Lachesis.sys
2011/04/09 21:17:23.0350 4700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers
\vdrvroot.sys
2011/04/09 21:17:23.0366 4700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/09 21:17:23.0382 4700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/09 21:17:23.0397 4700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/04/09 21:17:23.0413 4700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/04/09 21:17:23.0428 4700 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/04/09 21:17:23.0444 4700 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers
\VMBusHID.sys
2011/04/09 21:17:23.0475 4700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/04/09 21:17:23.0491 4700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/04/09 21:17:23.0506 4700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/04/09 21:17:23.0538 4700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/09 21:17:23.0553 4700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS
\vwifibus.sys
2011/04/09 21:17:23.0569 4700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS
\vwififlt.sys
2011/04/09 21:17:23.0584 4700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS
\wacompen.sys
2011/04/09 21:17:23.0600 4700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/09 21:17:23.0600 4700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/09 21:17:23.0647 4700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/09 21:17:23.0662 4700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers
\Wdf01000.sys
2011/04/09 21:17:23.0725 4700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/09 21:17:23.0740 4700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers
\wimmount.sys
2011/04/09 21:17:23.0787 4700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/09 21:17:23.0803 4700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/09 21:17:23.0850 4700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/04/09 21:17:23.0865 4700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/09 21:17:23.0896 4700 ================================================================================
2011/04/09 21:17:23.0896 4700 Scan finished
2011/04/09 21:17:23.0896 4700 ================================================================================
Hi,
Ok, that log was clean. By looking at those errors in event viewer you listed I'd suggest to post at Tech Support Guy (http://forums.techguy.org) forum. They have areas for non malware related issues too. To me this doesn't look like malware caused.
LBFF8882
2011-04-11, 04:44
Thank you for your help. I will take a look at the Tech Help Forum.
You're welcome. Hopefully the issue gets sorted out :)