0

Hello,

The day before yesterday I ran into problem which is rather peculiar. I was doing my own business on the laptop and decided to start watching TV Series "The Sons of Anarchy". Great show! I think I had watched around 5 minutes then suddenly the laptop made a strange noise and I could not hear any sound anymore. I though that the laptop was just tired and needed some rest, no biggies. The next day when I powered the computer the problem remained. Now I sawy that my WiFi icon next to the clock was disabled although I can still use the Internet, the icon is just in disabled mode. I cannot access program properties, windows updates, open pictures (class not registered) and probably there are other stuff too. I've tried installing and scanning with various AV programs, but all of the have failed. Maybe you guys can help me.

This is my HiJackThis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:35:20, on 30.03.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\John S. Wallace\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: (no name) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-871688123-1330305446-1716116605-1001\..\Run: [Google Update] "C:\Users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-871688123-1330305446-1716116605-1001\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (User '?')
O4 - HKUS\S-1-5-21-871688123-1330305446-1716116605-1001\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (User '?')
O4 - S-1-5-21-871688123-1330305446-1716116605-1001 Startup: setup_9.0.0.722_28.03.2011_04-16.lnk = John S. Wallace\Desktop\Virus Removal Tool\setup_9.0.0.722_28.03.2011_04-16\startup.exe (User '?')
O4 - Startup: setup_9.0.0.722_28.03.2011_04-16.lnk = John S. Wallace\Desktop\Virus Removal Tool\setup_9.0.0.722_28.03.2011_04-16\startup.exe
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10764 bytes

Kind Regards,
Viljar Lumi

5
Contributors
27
Replies
29
Views
6 Years
Discussion Span
Last Post by crunchie
0

I restarted my laptop to scan it in safe mode. Now I'm back in normal mode and in the mean time something else has happened. I cannot open Microsoft Words or other programs anymore, I haven't closed my browser that's why I can still use it. Please help me.

0

You need to follow the steps on our Read Me sticky and post back here with all the logs
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

We ask that you please just copy/paste them and NOT quote them because the quoted logs because they are extremely difficult to see.

I do see though that you have NO antivirus program running on the computer, that is extremely dangerous, attempting to run a computer without proper protection.
You also seem to be using P2P programs,also VERY dangerous. Please note this warning at the very beginning of the Read Me sticky:
Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:

P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.
Please complete the steps in the Read Me sticky, post back with the logs and you will receive assistance after we see all the logs.

0

Alright, thanks for the info.

I followed the tutorial and this is what happened:

1. I ran GMER Rootkit Scanner, but it won't save any files. By performing full scan it founds one entry but I can't save a log file.

2. I downloaded Malwarebytes' Anti-Malware (MBA-M) and tried to install it, but the setup gievs me errors - like most programs that deal with viruses.

What should I do next?

0

Alright, I'm in Safe Mode with Network now and I want to note down everything so that you could benefit from my reply and maybe it will help towards the removal of the virus.

Another things I have observed is that, while I can surf in the Internet and browse through websites, all animated images, videos, clips etc and extremely slow. For example I cannot watch clips from YouTube and I saw that google has this new scientfic animated logo today and that moves really slowly for me. Alrigh I'll continue with the manual now.

1. Firstly I ran Microsoft Windows Malicious Software Removal Tool - March 2011 x64 and I performed a Full Scan. 2 hours and 30 minutes later the scan has finished and he programs has found 0 files infected. No mlaicious software was detected. On to the next step.

2. I ran ATF-Cleaner. Cleaneed everything - main, firefox and opera; except firefox passwords.

3. After ATF-Cleaner I ran GMER Rootkit Scanner, it started with an automatic quick scan, but it didn't find anything and I can't save a log file of the scan either. The weird thing is that with or without administrator privileges, I cannot choose what the program can search for ... meaning, the only things I can (un)tick are Services, Registry, Files, C:\ and ADS. So I perform a scan after the first, automatic one. The scan find only one entry but since I cant save a log file I tihnk I should copy it here:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-31 14:08:36
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows Live\Companion\viljarlumi@hotmail.com@e5150aaeac670cbbe758da4fd480526e\r\n 0x74 0xCF 0x7F 0x45 ...

---- EOF - GMER 1.0.15 ----


4. I tried to install Malwarebytes' Anti-Malware (MBA-M) but it gives me errors, runtime etc. and I can't install it. For the last error during the installation I get Class Not Registered.

5. Alright, time to start DDS ScanLog.

dds.log file:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK
Run by John S. Wallace at 14:15:20,55 on N 31.03.2011
Internet Explorer: 8.0.7600.16385
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No File
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {90D46C30-9F25-4104-AEA9-35C3F84477FF} - No File
uRun: [Google Update] "C:\Users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-P4C13.exe" /REG
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {90D46C30-9F25-4104-AEA9-35C3F84477FF} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JOHNS~1.WAL\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - mipony-plugin Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: C:\Users\John S. Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\John S. Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\John S. Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\John S. Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\John S. Wallace\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\John S. Wallace\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Veoh Web Player Community Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
FF - Ext: mipony-plugin Community Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - %profile%\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-03-31 11:14:36 711168 ----a-w- C:\Windows\is-P4C13.exe
2011-03-30 17:31:06 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-30 17:31:05 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-30 17:31:03 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-30 17:31:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-30 10:21:55 -------- d-----w- C:\PROGRA~3\MFAData
2011-03-29 14:03:54 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-03-29 14:02:39 40464 ----a-w- C:\Windows\System32\drivers\71125392.sys
2011-03-29 14:02:39 352784 ----a-w- C:\Windows\System32\drivers\7112539.sys
2011-03-29 14:02:39 157712 ----a-w- C:\Windows\System32\drivers\71125391.sys
2011-03-29 13:45:18 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-03-29 13:18:27 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\ElevatedDiagnostics
2011-03-29 12:49:48 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-03-29 12:49:48 428136 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-03-29 08:10:12 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{A4A3257E-A142-4431-97AC-11A642B25B83}
2011-03-28 20:10:49 -------- d-----w- C:\PROGRA~3\Nexon
2011-03-28 19:42:13 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{871827A6-85BF-48F5-95A3-A3C44E7DFF5E}
2011-03-28 12:08:08 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Collectorz.com
2011-03-28 12:08:04 -------- d-----w- C:\Program Files (x86)\Collectorz.com
2011-03-28 09:12:13 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2011-03-28 09:02:16 -------- d-----w- C:\PROGRA~3\NexonUS
2011-03-28 07:41:48 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{12368CA5-B578-4E76-A0CB-E8542E8112F0}
2011-03-28 07:24:49 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-03-27 16:02:22 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Merit Aktiva
2011-03-27 16:01:27 -------- d-----w- C:\Merit
2011-03-27 15:43:21 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\Peachtree
2011-03-27 15:41:30 2134016 ----a-w- C:\Windows\SysWow64\cdintf251.dll
2011-03-27 15:40:52 -------- d-----w- C:\Windows\Crystal
2011-03-27 15:40:32 -------- d-----w- C:\Program Files (x86)\Common Files\Peach
2011-03-27 15:39:17 -------- d-----w- C:\Program Files (x86)\Business Objects
2011-03-27 15:37:17 -------- d-----w- C:\Program Files (x86)\Pervasive Software
2011-03-27 15:36:52 -------- d-----w- C:\Program Files (x86)\Sage Software
2011-03-27 15:31:16 655872 ----a-w- C:\Windows\SysWow64\msvcr90.dll
2011-03-27 15:31:16 568832 ----a-w- C:\Windows\SysWow64\msvcp90.dll
2011-03-27 15:31:16 1156600 ----a-w- C:\Windows\SysWow64\MFC90.dll
2011-03-27 15:31:16 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2011-03-27 15:30:32 -------- d-----w- C:\Windows\PeachInst
2011-03-27 08:05:26 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{BA527FD0-D53F-40E6-91FA-DFBF657D955C}
2011-03-26 20:05:01 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{86B39EA0-FF30-4D16-A607-83C8F12D1118}
2011-03-26 08:04:37 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{0082E903-F520-4D70-B399-A97AF7EE9AF5}
2011-03-25 09:51:40 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{4E755C97-5856-4E72-83A0-09C61A263E28}
2011-03-25 09:51:01 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{72667CA4-9452-40E9-851F-D1CC50DEA3E6}
2011-03-25 07:59:34 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{D320B60E-E6F9-4398-8C14-2E9CE618334A}\mpengine.dll
2011-03-25 07:57:10 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{85E3603D-F410-4589-8794-F71D7B64F3DE}
2011-03-24 08:46:50 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{5E13E403-C60D-40A7-929D-E9958DB0226D}
2011-03-23 20:15:59 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{C82A65FE-2BE6-4BD9-98DD-3CD82CF7D71F}
2011-03-23 08:15:36 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{30A791B6-6ED0-4EB6-A27F-5848C87D390D}
2011-03-22 08:32:26 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{960D21BD-BE2F-4C4A-A0B6-67468180D042}
2011-03-21 09:20:41 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{B3E0070F-CB54-4A12-811E-F8BAE68EB4E4}
2011-03-20 21:20:16 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{98BF37A0-A761-49A0-9FD1-2F176E2AF301}
2011-03-20 09:56:34 -------- d-----r- C:\Program Files (x86)\Skype
2011-03-20 09:19:51 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{CC8D4F52-358C-419D-ABC8-BD6245EE1BEE}
2011-03-19 09:07:35 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{CCE86BF6-151D-4631-B7DB-5AD3F5F8C0C2}
2011-03-18 09:47:02 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{C72ACC80-C7CA-4D94-84A7-F076614A6777}
2011-03-17 21:23:20 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-03-17 21:23:16 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-03-17 21:22:44 -------- d-----w- C:\Windows\SysWow64\xlive
2011-03-17 21:22:44 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-03-17 14:55:18 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Ubisoft Game Launcher
2011-03-17 14:46:21 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\PunkBuster
2011-03-17 14:44:57 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-03-17 14:44:57 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-03-17 14:44:57 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-03-17 14:44:57 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-03-17 14:44:54 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-03-17 14:44:54 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-03-17 10:44:34 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{0EE22538-00BF-4C44-AE3F-BC060447CB3D}
2011-03-17 05:41:43 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{56AD03C4-F2E8-4279-A651-00DE95C1D40E}
2011-03-16 20:05:04 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\PunkBuster
2011-03-16 19:39:26 266293 ----a-w- C:\Windows\SysWow64\temp.000
2011-03-16 08:27:04 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{970EE0BE-2F14-48D2-BCF4-D63DE1053197}
2011-03-15 14:21:10 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{1623F24E-C980-4AE2-B1DB-5011766C161D}
2011-03-14 21:08:19 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-03-14 11:50:45 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Apple Computer
2011-03-14 11:48:54 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Apple
2011-03-14 11:33:19 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-03-14 07:59:30 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{C0D09933-11E3-4E9C-ADDE-3D045DDDE821}
2011-03-13 19:21:52 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2011-03-13 19:02:29 -------- d-----w- C:\Windows\System32\SPReview
2011-03-13 19:01:53 -------- d-----w- C:\Windows\System32\EventProviders
2011-03-13 14:13:41 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Serif
2011-03-13 14:13:40 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\Serif
2011-03-13 12:34:40 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\Unity
2011-03-13 12:33:53 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\PACE Anti-Piracy
2011-03-13 12:33:53 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\PACE Anti-Piracy
2011-03-13 12:33:53 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
2011-03-13 12:33:53 -------- d-----w- C:\PROGRA~3\PACE Anti-Piracy
2011-03-13 12:25:22 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Unity
2011-03-13 12:19:46 -------- d-----w- C:\Program Files (x86)\Unity
2011-03-13 11:24:17 -------- d-----w- C:\Program Files (x86)\Fraps
2011-03-13 11:15:48 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Sony
2011-03-13 11:08:17 -------- d-----w- C:\Program Files\Sony
2011-03-13 11:08:17 -------- d-----w- C:\Program Files (x86)\Sony
2011-03-13 09:54:56 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{69B3A67C-A939-42DF-BE75-0A115D58659E}
2011-03-12 11:49:03 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{F9B30348-0FCB-4096-807A-101616C8E0AE}
2011-03-12 11:30:23 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{CFD6FFE2-7518-4AB9-B937-AF68AF6BDC68}
2011-03-11 17:51:21 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\PCSX2
2011-03-11 17:50:43 -------- d-----w- C:\Program Files (x86)\PCSX2 0.9.7
2011-03-11 12:42:22 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\Mipony
2011-03-11 12:42:06 -------- d-----w- C:\Program Files (x86)\MiPony
2011-03-11 12:19:18 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\DMCache
2011-03-11 11:06:38 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{03CDF9CC-D972-47D5-A5CF-76B36D4494D6}
2011-03-10 21:50:00 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{82FF04DB-ECBA-4F09-87BD-2EDF2E976EBD}
2011-03-10 08:55:36 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{0A615E22-CC61-43A5-ADFB-31D8DD29FED7}
2011-03-10 08:55:36 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{04B6E114-8A1C-4943-9947-7DD151FCAFB1}
2011-03-09 14:20:02 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Adobe
2011-03-09 12:11:16 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\GHISLER
2011-03-09 11:44:19 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2011-03-09 11:44:18 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-03-09 08:56:05 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{67D3342E-78DD-4C87-87AA-22FCF865A7DA}
2011-03-08 19:50:43 -------- d--h--w- C:\Windows\msdownld.tmp
2011-03-08 19:50:31 -------- d-----w- C:\Windows\SysWow64\directx
2011-03-08 15:54:07 545 ----a-w- C:\Windows\UC.PIF
2011-03-08 15:54:07 545 ----a-w- C:\Windows\RAR.PIF
2011-03-08 15:54:07 545 ----a-w- C:\Windows\PKUNZIP.PIF
2011-03-08 15:54:07 545 ----a-w- C:\Windows\PKZIP.PIF
2011-03-08 15:54:07 545 ----a-w- C:\Windows\NOCLOSE.PIF
2011-03-08 15:54:07 545 ----a-w- C:\Windows\LHA.PIF
2011-03-08 15:54:07 545 ----a-w- C:\Windows\ARJ.PIF
2011-03-08 15:54:07 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\GHISLER
2011-03-08 15:54:07 -------- d-----w- C:\Program Files (x86)\totalcmd
2011-03-08 11:18:08 -------- d-----w- C:\PROGRA~3\launcher
2011-03-08 10:52:08 37392 ----a-w- C:\Windows\System32\drivers\hotcore3.sys
2011-03-08 10:51:39 -------- d-----w- C:\Program Files (x86)\Paragon Software
2011-03-08 08:55:07 -------- d-----w- C:\Program Files\Validity Sensors
2011-03-08 08:52:51 -------- d-----w- C:\Windows\SysWow64\SDA
2011-03-08 08:52:29 -------- d-----w- C:\Program Files (x86)\JMicron
2011-03-08 08:51:28 1542656 ----a-w- C:\Windows\System32\drivers\athrx.sys
2011-03-08 08:51:21 -------- d-----w- C:\Program Files (x86)\Atheros
2011-03-08 08:51:16 -------- d-----w- C:\PROGRA~3\Atheros
2011-03-08 08:48:50 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-03-08 08:48:47 -------- d-----w- C:\Program Files (x86)\Realtek
2011-03-08 08:47:58 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\AMD
2011-03-08 08:47:44 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\ATI
2011-03-08 08:47:40 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-03-08 08:47:40 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-03-08 08:47:21 -------- d-----w- C:\PROGRA~3\AMD
2011-03-08 08:47:17 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-03-08 08:46:27 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-03-08 08:43:48 -------- d-----w- C:\Program Files\ATI Technologies
2011-03-08 08:43:45 -------- d-----w- C:\Program Files\ATI
2011-03-08 08:43:04 -------- d-----w- C:\Program Files (x86)\ATI
2011-03-08 08:42:08 -------- d-----w- C:\Program Files\Realtek
2011-03-08 08:41:57 97624 ----a-w- C:\Windows\System32\RTEEL64H.dll
2011-03-08 08:41:57 83048 ----a-w- C:\Windows\System32\RHCoInst64.dll
2011-03-08 08:41:57 78680 ----a-w- C:\Windows\System32\RTEEG64H.dll
2011-03-08 08:41:57 372056 ----a-w- C:\Windows\System32\RTEEP64H.dll
2011-03-08 08:41:57 310104 ----a-w- C:\Windows\System32\RH3DHT64.dll
2011-03-08 08:41:57 310104 ----a-w- C:\Windows\System32\RH3DAA64.dll
2011-03-08 08:41:57 300648 ----a-w- C:\Windows\System32\drivers\RtHDMIVX.sys
2011-03-08 08:41:57 2813544 ----a-w- C:\Windows\System32\RtkHDM64.dll
2011-03-08 08:41:57 2185832 ----a-w- C:\Windows\System32\RHDMEx64.dll
2011-03-08 08:41:57 204120 ----a-w- C:\Windows\System32\RTEED64H.dll
2011-03-08 08:41:54 -------- d--h--w- C:\Program Files (x86)\Temp
2011-03-08 08:40:31 -------- d-----w- C:\Program Files\Synaptics
2011-03-08 08:09:19 -------- d-----w- C:\Program Files (x86)\Python27
2011-03-08 08:07:23 -------- d-----w- C:\Program Files (x86)\Driver-Soft
2011-03-08 08:05:24 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\Blender Foundation
2011-03-08 07:38:25 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{50D40DBC-C37E-4F0F-9A49-7864C5F55155}
2011-03-08 07:27:29 -------- d-----w- C:\Windows\SysWow64\Wat
2011-03-08 07:27:29 -------- d-----w- C:\Windows\System32\Wat
2011-03-07 15:26:43 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-03-07 15:26:43 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-03-07 15:12:47 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-03-07 15:12:47 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-03-07 15:12:47 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-03-07 15:12:47 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-03-07 15:12:47 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-03-07 15:12:47 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-03-07 15:12:47 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-03-07 15:12:47 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-03-07 15:12:47 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-03-07 15:12:47 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-03-07 15:05:18 -------- d-----w- C:\Windows\System Files
2011-03-07 14:57:49 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-03-07 14:57:48 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-03-07 14:16:38 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\VS Revo Group
2011-03-07 13:37:47 -------- d-----w- C:\Program Files (x86)\RapidShareManager
2011-03-07 13:27:32 -------- d-----w- C:\Program Files (x86)\Veoh Networks
2011-03-07 13:14:48 -------- d-----w- C:\Program Files (x86)\FlashFXP 4
2011-03-07 13:14:48 -------- d-----w- C:\PROGRA~3\FlashFXP
2011-03-07 13:09:53 -------- d-----w- C:\Users\John S. Wallace\Tracing
2011-03-07 13:07:51 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2011-03-07 13:07:51 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-03-07 13:07:50 -------- d-----w- C:\Program Files (x86)\MagicDisc
2011-03-07 13:05:03 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-03-07 12:58:57 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\VS Revo Group
2011-03-07 12:58:53 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2011-03-07 12:58:51 -------- d-----w- C:\Program Files\VS Revo Group
2011-03-07 12:55:41 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\CleanMyPC Software
2011-03-07 12:53:33 -------- d-----w- C:\Program Files (x86)\CleanMyPC
2011-03-07 12:48:21 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-03-07 12:48:20 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2011-03-07 12:47:56 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2011-03-07 12:47:53 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-03-07 12:40:51 -------- d-----w- C:\Program Files (x86)\GRETECH
2011-03-07 12:40:13 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-03-07 12:35:45 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\{751DDE12-3941-4C6E-BEB3-37F624ACDCE1}
2011-03-07 12:35:31 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\Windows Live Writer
2011-03-07 12:35:31 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Windows Live Writer
2011-03-07 12:31:44 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2011-03-07 12:31:29 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-03-07 12:30:46 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Roaming\uTorrent
2011-03-07 12:25:31 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Opera
2011-03-07 12:20:12 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Google
2011-03-07 12:19:26 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Apps
2011-03-07 12:19:25 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Deployment
2011-03-07 12:15:33 -------- d-----w- C:\Windows\et
2011-03-07 12:11:12 -------- d-----w- C:\Windows\en
2011-03-07 12:10:23 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-03-07 12:08:07 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-03-07 12:05:47 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-03-07 12:05:13 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-03-07 12:05:12 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-03-07 12:05:12 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-03-07 12:05:12 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-03-07 12:04:25 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-03-07 12:04:25 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-03-07 12:02:42 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-03-07 12:02:42 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-03-07 12:02:42 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-03-07 12:02:42 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-03-07 12:00:49 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4a9eb1f41cbdcbf0a\Silverlight.4.0.exe
2011-03-07 11:59:07 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Windows Live
2011-03-07 11:59:04 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-03-07 06:31:26 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-03-07 06:31:26 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-03-07 06:31:23 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-03-07 06:31:23 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-03-07 06:29:49 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-03-07 06:28:55 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2011-03-07 06:27:51 395776 ----a-w- C:\Windows\System32\webio.dll
2011-03-07 06:27:51 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-03-07 06:27:48 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-03-07 06:27:44 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-03-07 06:27:44 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-03-07 06:27:15 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2011-03-07 06:27:14 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2011-03-07 06:25:11 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-03-07 06:25:11 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-03-07 06:25:10 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-03-07 06:25:10 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-03-07 06:25:10 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-03-07 06:25:10 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-03-07 06:25:10 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-03-07 06:25:10 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-03-07 06:25:10 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-03-07 06:25:10 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-03-07 06:25:06 112000 ----a-w- C:\Windows\System32\consent.exe
2011-03-07 06:24:50 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-03-07 06:24:50 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-03-07 06:24:50 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-03-07 06:24:50 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-03-07 06:24:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-03-07 06:24:28 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-03-07 06:23:34 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-03-07 06:22:01 -------- d-----w- C:\Users\JOHNS~1.WAL\AppData\Local\Microsoft Help
2011-03-07 06:21:49 -------- d-sh--w- C:\Windows\Installer
2011-03-06 21:21:24 0 ----a-w- C:\Windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-03-26 08:22:56 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2011-03-26 08:22:56 14848 ----a-w- C:\Windows\System32\slwga.dll
2011-03-26 08:22:56 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2011-03-26 08:22:54 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2011-03-26 08:22:54 1008640 ----a-w- C:\Windows\System32\user32.dll
2011-03-14 07:41:19 175104 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-14 07:41:19 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-10 13:00:20 86016 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-02-10 13:00:18 84992 ----a-w- C:\Windows\System32\frapsv64.dll
2011-02-09 12:26:50 26712 ----a-w- C:\Windows\System32\drivers\johci.sys
2011-02-02 16:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-31 14:04:40 174168 ----a-w- C:\Windows\System32\drivers\jmcr.sys
2011-01-26 23:37:20 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-01-26 23:22:18 22295040 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-26 23:00:44 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-26 22:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-26 22:56:14 479232 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-26 22:55:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-26 22:54:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-26 22:54:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-26 22:53:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-26 22:53:36 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-26 22:53:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-26 22:53:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-26 22:40:02 4847616 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-26 22:32:12 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-01-26 22:32:00 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-26 22:28:52 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-26 22:27:52 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-26 22:27:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-26 22:27:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-26 22:27:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-26 22:27:30 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-26 22:25:50 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-26 22:21:58 5316096 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-26 22:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-26 22:14:14 354304 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-26 22:14:08 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-26 22:13:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-26 22:13:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-26 22:13:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-26 22:13:32 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-01-26 22:12:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-26 22:12:40 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-26 22:12:32 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-26 22:12:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-01-26 22:11:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:07:24 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 08:07:24 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:31:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-11-18 19:27:34 162816 ----a-w- C:\Program Files (x86)\7z.sfx
2010-11-18 19:27:34 152064 ----a-w- C:\Program Files (x86)\7zCon.sfx
2010-11-18 19:24:20 1422336 ----a-w- C:\Program Files (x86)\7z.dll
2010-11-18 19:11:38 387072 ----a-w- C:\Program Files (x86)\7zG.exe
2010-11-18 19:10:48 740352 ----a-w- C:\Program Files (x86)\7zFM.exe
2010-11-18 19:08:50 86016 ----a-w- C:\Program Files (x86)\7-zip.dll
2010-11-18 19:08:30 284160 ----a-w- C:\Program Files (x86)\7z.exe
.
============= FINISH: 14:15:59,88 ===============

attach.log file:
.
==== Installed Programs ======================
.
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Reader X (10.0.1)
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
µTorrent
Bandisoft MPEG-1 Decoder
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help English
CleanMyPC - Registry Cleaner
Collectorz.com Movie Collector
Crystal Reports 2008 Runtime SP1
D3DX10
Driver Genius Professional Edition
FlashFXP v4.0
Fraps (remove only)
GOM Player
Google Chrome
JMicron 1394 Filter Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Merit Aktiva
Mesh Runtime
Messenger Companion
Messengeri kaaslane
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiPony 1.2.2
Mozilla Firefox (3.6.16)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
Opera 11.01
PCSX2 - Playstation 2 Emulator
PDF Settings CS5
Photoshop Camera Raw
Pixel Bender Toolkit
Python 2.7.1
QuickTime
RapidShare Manager 2
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
Suite Shared Configuration CS4
Total Commander (Remove or Repair)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
uTorrentBar Toolbar
Veoh Web Player
Winamp
Winamp Detector Plug-in
Windows Live'i fotogalerii
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-i juhtelement kaugühendustele
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00
WinZip 15.0
VLC media player 1.1.7
.
==== End Of File ===========================

I hope my reply is helpful.

Kind regards,
Viljar Lumi

0

Please give the full error that MBA-M gives so that we can try and rectify the installation problem.

0

Alright, I started M-BAM installer.

Selecting my language: English - OK
blablabla NEXT - I accept the agreement - NEXT - blablabla - NEXT - Select Destination Folder (C:\Program Files (x86)\Malwarebytes' Anti-Malware) - NEXT - Select Start Menu Folder (Malwarebytes' Anti-Malware) - NEXT - Select Additional Tasks (ticked Crate a desktop icon) - NEXT - Ready to Install - INSTALL.

The setup runs almost to the end and then I get thsi error box:

vbAccelerator SGrid II Con...
Runtime error '0'

And that's when the whole setup freezes. I have to start the Task Manager and end the setup, then I can see the error box again. Now when I click OK on the errors box I get another error box:

Malwarebytes' Anti-Malware
Run-time error '440':
Automation error

and when I click OK, the box closes and that's that. Hopefully this was helpful.

0

MBAM runtime error 'O' and '440'

Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):

regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"

Once you've done that click on File and select Save As...
In the Save dialogue box click on the drop down menu next to Save as type and select All Files
Name the file MBAM Fix.bat (the .bat extension is very important)
Save the file to your desktop and double click it to run it on XP. For Vista please right click on it and choose Run As Admin
Click OK to each of the 3 dialog boxes that should show a success message for each file registered
If you get an error that REGSVR32 "is not recognized as an internal or external command, operable program or batch file", then ensure that the file REGSVR32.EXE exists in the %WINDIR%\SYSTEM32 folder. If it's not found there you can copy if from another Computer running the same operating system and service pack level.
If that doesn't fix it then please download and install the Microsoft Visual Basic Common Controls from here to see if it helps.

http://www.malwarebytes.org/forums/index.php?showtopic=10138

0

I followed your instructions and run the MBAM Fix.bat but I get this error:

RegSvr32
The module "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files.

The specified module could not be load.


When I press okay, I get the same error about the file ssubtmr6.dll file and after that, the same error about vbalsgrid6.ocx.

I will now try to download and install the Microsoft Visual Basic Common Controls and see how that goes.

//Edit
I managed to install Microsoft Visual Basic Common Controls I also had to reboot my laptop. Now I tried to install Malwarebytes Anti-Malware again, this time the setup didn't freeze, but I still got the same two errors as I got before. But this time after I pressed OK on the last errir I got a new one:

Setup
CoCreateInstance failed; code 0x80040154
Class not registered.

Edited by Wman21: n/a

0

Ok. Try this please:

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

ComboFix Log:

ComboFix 11-03-31.03 - John S. Wallace 01.04.2011 13:38:28.1.2 - x64
Running from: c:\users\John S. Wallace\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John S. Wallace\AppData\Roaming\Microsoft\Windows\Recent\S013.Wail - World of Lordcraft.url
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2011-04-01 10:49 . 2011-04-01 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-30 17:31 . 2010-04-29 12:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-30 17:31 . 2011-03-30 17:31 -------- d-----w- c:\programdata\Malwarebytes
2011-03-30 17:31 . 2010-04-29 12:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 17:31 . 2011-04-01 10:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-30 10:21 . 2011-03-30 10:21 -------- d-----w- c:\programdata\MFAData
2011-03-29 14:03 . 2011-03-30 06:07 -------- d-----w- c:\programdata\Kaspersky Lab
2011-03-29 14:02 . 2009-10-22 10:54 40464 ----a-w- c:\windows\system32\drivers\71125392.sys
2011-03-29 14:02 . 2009-10-09 20:30 352784 ----a-w- c:\windows\system32\drivers\7112539.sys
2011-03-29 14:02 . 2009-09-25 14:59 157712 ----a-w- c:\windows\system32\drivers\71125391.sys
2011-03-29 13:45 . 2011-03-29 13:45 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-03-29 12:49 . 2011-02-16 14:11 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-03-29 12:49 . 2011-02-16 14:11 428136 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-03-28 20:10 . 2011-03-28 20:10 -------- d-----w- c:\programdata\Nexon
2011-03-28 12:08 . 2011-03-28 12:08 -------- d-----w- c:\program files (x86)\Collectorz.com
2011-03-28 09:12 . 2011-03-28 09:12 -------- d-----w- c:\program files (x86)\BandiMPEG1
2011-03-28 07:24 . 2011-03-30 11:33 -------- d-----w- c:\program files (x86)\Pando Networks
2011-03-27 16:01 . 2011-03-27 16:01 -------- d-----w- C:\Merit
2011-03-27 15:41 . 2009-04-06 14:52 2134016 ----a-w- c:\windows\SysWow64\cdintf251.dll
2011-03-27 15:40 . 2011-03-28 07:21 -------- d-----w- c:\windows\Crystal
2011-03-27 15:40 . 2011-03-28 07:21 -------- d-----w- c:\program files (x86)\Common Files\Peach
2011-03-27 15:39 . 2011-03-27 15:39 -------- d-----w- c:\program files (x86)\Business Objects
2011-03-27 15:37 . 2011-03-27 15:37 -------- d-----w- c:\program files (x86)\Pervasive Software
2011-03-27 15:36 . 2011-03-28 07:41 -------- d-----w- c:\program files (x86)\Sage Software
2011-03-27 15:30 . 2011-03-27 15:30 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-03-27 15:30 . 2011-03-27 15:30 -------- d-----w- c:\windows\PeachInst
2011-03-25 07:59 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D320B60E-E6F9-4398-8C14-2E9CE618334A}\mpengine.dll
2011-03-20 09:56 . 2011-03-20 09:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-03-20 09:56 . 2011-03-20 09:56 -------- d-----r- c:\program files (x86)\Skype
2011-03-20 09:56 . 2011-03-20 09:56 -------- d-----w- c:\programdata\Skype
2011-03-17 21:23 . 2011-03-17 21:23 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-03-17 21:23 . 2011-03-17 21:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-03-17 21:22 . 2011-03-19 09:10 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-03-17 21:22 . 2011-03-17 21:22 -------- d-----w- c:\windows\SysWow64\xlive
2011-03-17 14:58 . 2011-03-17 17:23 -------- d-----w- c:\programdata\Ubisoft
2011-03-17 14:44 . 2008-10-15 04:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-03-17 14:44 . 2008-10-15 04:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-03-17 14:44 . 2008-10-15 04:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-03-17 14:44 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-03-17 14:44 . 2008-10-15 04:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-03-17 14:44 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-03-16 19:39 . 2001-06-19 15:53 266293 ----a-w- c:\windows\SysWow64\temp.000
2011-03-14 21:08 . 2011-03-14 21:08 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-14 11:49 . 2011-03-14 11:50 -------- d-----w- c:\programdata\Apple Computer
2011-03-14 11:49 . 2011-03-14 11:49 -------- d-----w- c:\program files (x86)\QuickTime
2011-03-14 11:49 . 2011-03-14 11:49 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-03-14 11:48 . 2011-03-14 11:48 -------- d-----w- c:\programdata\Apple
2011-03-14 11:48 . 2011-03-14 11:48 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-03-14 11:42 . 2011-03-14 11:42 -------- d-----w- c:\programdata\FLEXnet
2011-03-14 11:36 . 2011-03-14 11:37 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-14 11:33 . 2011-03-14 11:33 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-03-13 19:21 . 2011-03-13 19:26 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-03-13 19:17 . 2011-03-13 19:17 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-03-13 19:02 . 2011-03-13 19:02 -------- d-----w- c:\windows\system32\SPReview
2011-03-13 19:01 . 2011-03-13 19:01 -------- d-----w- c:\windows\system32\EventProviders
2011-03-13 14:08 . 2011-03-13 14:08 -------- d-----w- c:\users\JOHNS~1
2011-03-13 12:33 . 2011-03-13 12:34 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-03-13 12:33 . 2011-03-13 12:33 -------- d-----w- c:\program files (x86)\Common Files\PACE Anti-Piracy
2011-03-13 12:19 . 2011-03-16 19:31 -------- d-----w- c:\program files (x86)\Unity
2011-03-13 11:24 . 2011-04-01 10:01 -------- d-----w- c:\program files (x86)\Fraps
2011-03-13 11:08 . 2011-03-13 11:08 -------- d-----w- c:\programdata\Sony
2011-03-13 11:08 . 2011-03-13 11:18 -------- d-----w- c:\program files (x86)\Sony
2011-03-13 11:08 . 2011-03-13 11:08 -------- d-----w- c:\program files\Sony
2011-03-11 17:50 . 2011-03-11 17:51 -------- d-----w- c:\program files (x86)\PCSX2 0.9.7
2011-03-11 12:42 . 2011-03-11 12:42 -------- d-----w- c:\program files (x86)\MiPony
2011-03-09 14:21 . 2011-03-14 11:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-03-09 14:20 . 2011-03-09 14:20 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-03-09 14:19 . 2011-03-09 14:19 -------- d-----w- c:\programdata\McAfee
2011-03-09 11:44 . 2011-03-16 19:29 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-03-09 11:44 . 2011-03-16 19:30 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-03-08 19:55 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-03-08 19:50 . 2011-03-11 17:50 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-08 15:54 . 2011-03-08 15:54 -------- d-----w- c:\program files (x86)\totalcmd
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-03-08 11:18 . 2011-03-08 11:18 -------- d-----w- c:\programdata\launcher
2011-03-08 11:10 . 2011-03-08 11:10 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-03-08 10:52 . 2009-03-24 17:07 37392 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-03-08 10:51 . 2011-03-08 10:51 -------- d-----w- c:\program files (x86)\Paragon Software
2011-03-08 08:55 . 2011-03-08 08:55 -------- d-----w- c:\program files\Validity Sensors
2011-03-08 08:52 . 2011-03-08 08:52 -------- d-----w- c:\windows\SysWow64\SDA
2011-03-08 08:52 . 2011-03-08 08:53 -------- d-----w- c:\program files (x86)\JMicron
2011-03-08 08:51 . 2009-10-05 07:34 1542656 ----a-w- c:\windows\system32\drivers\athrx.sys
2011-03-08 08:51 . 2011-03-08 08:51 -------- d-----w- c:\program files (x86)\Atheros
2011-03-08 08:51 . 2011-03-08 08:51 -------- d-----w- c:\programdata\Atheros
2011-03-08 08:48 . 2011-02-16 14:11 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-03-08 08:48 . 2011-03-29 12:49 -------- d-----w- c:\program files (x86)\Realtek
2011-03-08 08:48 . 2011-03-28 07:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-03-08 08:47 . 2011-03-08 08:47 -------- d-----w- c:\programdata\ATI
2011-03-08 08:47 . 2011-03-08 08:47 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-03-08 08:47 . 2011-03-08 08:47 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-03-08 08:47 . 2011-03-08 08:47 -------- d-----w- c:\programdata\AMD
2011-03-08 08:47 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-03-08 08:46 . 2011-03-08 08:46 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-03-08 08:43 . 2011-03-08 08:47 -------- d-----w- c:\program files\ATI Technologies
2011-03-08 08:43 . 2011-03-08 08:43 -------- d-----w- c:\program files\ATI
2011-03-08 08:43 . 2011-03-08 08:43 -------- d-----w- c:\program files (x86)\ATI
2011-03-08 08:42 . 2011-03-08 08:42 -------- d-----w- c:\program files\Realtek
2011-03-08 08:41 . 2010-11-23 16:33 300648 ----a-w- c:\windows\system32\drivers\RtHDMIVX.sys
2011-03-08 08:41 . 2010-11-18 13:01 2813544 ----a-w- c:\windows\system32\RtkHDM64.dll
2011-03-08 08:41 . 2010-11-18 13:01 2185832 ----a-w- c:\windows\system32\RHDMEx64.dll
2011-03-08 08:41 . 2010-11-11 11:27 83048 ----a-w- c:\windows\system32\RHCoInst64.dll
2011-03-08 08:41 . 2010-11-08 05:31 97624 ----a-w- c:\windows\system32\RTEEL64H.dll
2011-03-08 08:41 . 2010-11-08 05:31 78680 ----a-w- c:\windows\system32\RTEEG64H.dll
2011-03-08 08:41 . 2010-11-08 05:31 372056 ----a-w- c:\windows\system32\RTEEP64H.dll
2011-03-08 08:41 . 2010-11-08 05:31 310104 ----a-w- c:\windows\system32\RH3DHT64.dll
2011-03-08 08:41 . 2010-11-08 05:31 310104 ----a-w- c:\windows\system32\RH3DAA64.dll
2011-03-08 08:41 . 2010-11-08 05:31 204120 ----a-w- c:\windows\system32\RTEED64H.dll
2011-03-08 08:41 . 2011-03-08 08:42 -------- d--h--w- c:\program files (x86)\Temp
2011-03-08 08:40 . 2011-03-08 08:40 -------- d-----w- c:\program files\Synaptics
2011-03-08 08:38 . 2011-03-08 08:38 -------- d-----w- c:\program files\DIFX
2011-03-08 08:09 . 2011-03-08 08:09 -------- d-----w- c:\program files (x86)\Python27
2011-03-08 08:07 . 2011-03-08 08:07 -------- d-----w- c:\program files (x86)\Driver-Soft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 08:22 . 2009-07-13 23:56 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-03-26 08:22 . 2009-07-13 23:38 1008640 ----a-w- c:\windows\system32\user32.dll
2011-03-26 08:22 . 2009-07-13 23:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2011-03-14 07:41 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2011-03-14 07:41 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-09 14:17 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-10 13:00 . 2011-02-10 13:00 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-02-10 13:00 . 2011-02-10 13:00 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-02-09 12:26 . 2011-02-09 12:26 26712 ----a-w- c:\windows\system32\drivers\johci.sys
2011-02-02 16:11 . 2010-06-09 02:19 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-31 14:04 . 2011-01-31 14:04 174168 ----a-w- c:\windows\system32\drivers\jmcr.sys
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2011-01-26 23:00 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2011-01-26 22:59 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2009-08-18 00:31 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2009-07-13 21:59 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2011-01-26 22:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2009-08-18 00:20 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2009-08-18 00:05 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2011-01-26 22:21 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2011-01-26 22:20 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:14 . 2011-01-26 22:14 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2011-01-26 22:12 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2011-01-26 22:12 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2011-01-26 22:12 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2010-11-18 19:27 . 2010-11-18 19:27 162816 ----a-w- c:\program files (x86)\7z.sfx
2010-11-18 19:27 . 2010-11-18 19:27 152064 ----a-w- c:\program files (x86)\7zCon.sfx
2010-11-18 19:24 . 2010-11-18 19:24 1422336 ----a-w- c:\program files (x86)\7z.dll
2010-11-18 19:11 . 2010-11-18 19:11 387072 ----a-w- c:\program files (x86)\7zG.exe
2010-11-18 19:10 . 2010-11-18 19:10 740352 ----a-w- c:\program files (x86)\7zFM.exe
2010-11-18 19:08 . 2010-11-18 19:08 86016 ----a-w- c:\program files (x86)\7-zip.dll
2010-11-18 19:08 . 2010-11-18 19:08 284160 ----a-w- c:\program files (x86)\7z.exe
.
.
------- Sigcheck -------
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-03-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-03-26 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-03-07 136176]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 71125392;71125392 Boot Guard Driver;c:\windows\system32\DRIVERS\71125392.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 71125391;71125391;c:\windows\system32\DRIVERS\71125391.sys [x]
S1 setup_9.0.0.722_28.03.2011_04-16drv;setup_9.0.0.722_28.03.2011_04-16drv;c:\windows\system32\DRIVERS\7112539.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-07 1926448]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871688123-1330305446-1716116605-1001Core.job
- c:\users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 12:20]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871688123-1330305446-1716116605-1001UA.job
- c:\users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 12:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\John S. Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - mipony-plugin Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Veoh Web Player Community Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
FF - Ext: mipony-plugin Community Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - %profile%\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{90d46c30-9f25-4104-aea9-35c3f84477ff} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{90D46C30-9F25-4104-AEA9-35C3F84477FF} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-01 14:02:51
ComboFix-quarantined-files.txt 2011-04-01 11:02
.
Pre-Run: 115 680 083 968 bytes free
Post-Run: 115 898 929 152 bytes free
.
- - End Of File - - 4E97CA68111484B4C24913F2B7847C25

0

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

c:\windows\system32\drivers\71125392.sys
c:\windows\system32\drivers\7112539.sys
c:\windows\system32\drivers\71125391.sys

==================================

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:



KillAll::

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWOW64\user32.dll


RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Edited by crunchie: n/a

Attachments CFScript.gif 27.09 KB
0

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

c:\windows\system32\drivers\71125392.sys
c:\windows\system32\drivers\7112539.sys
c:\windows\system32\drivers\71125391.sys

// I am sorry but I cannot do that. I cannot browse files through any web page - I cannot upload any files. When I click on "browse" nothing happens. Can I copy those files to my flash drive and then scan them on another computer or should I follow the instructions you gave me?

0

Yep, will do. I did not want co continue with combofix until you had replied.

0

I haven't had the chance to scan those three files since I do not have any extra PCs to test with, at the moment. I will deal with it as soon as possible, but in the meantime, here's my ComboFix log:

ComboFix 11-03-31.03 - John S. Wallace 02.04.2011 14:16:02.2.2 - x64
Running from: c:\users\John S. Wallace\Downloads\ComboFix.exe
Command switches used :: c:\users\John S. Wallace\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 11:27 . 2011-04-02 11:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-30 17:31 . 2010-04-29 12:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-30 17:31 . 2011-03-30 17:31 -------- d-----w- c:\programdata\Malwarebytes
2011-03-30 17:31 . 2010-04-29 12:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 17:31 . 2011-04-01 10:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-30 10:21 . 2011-03-30 10:21 -------- d-----w- c:\programdata\MFAData
2011-03-29 14:03 . 2011-03-30 06:07 -------- d-----w- c:\programdata\Kaspersky Lab
2011-03-29 14:02 . 2009-10-22 10:54 40464 ----a-w- c:\windows\system32\drivers\71125392.sys
2011-03-29 14:02 . 2009-10-09 20:30 352784 ----a-w- c:\windows\system32\drivers\7112539.sys
2011-03-29 14:02 . 2009-09-25 14:59 157712 ----a-w- c:\windows\system32\drivers\71125391.sys
2011-03-29 13:45 . 2011-03-29 13:45 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-03-29 12:49 . 2011-02-16 14:11 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-03-29 12:49 . 2011-02-16 14:11 428136 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-03-28 20:10 . 2011-03-28 20:10 -------- d-----w- c:\programdata\Nexon
2011-03-28 12:08 . 2011-03-28 12:08 -------- d-----w- c:\program files (x86)\Collectorz.com
2011-03-28 09:12 . 2011-03-28 09:12 -------- d-----w- c:\program files (x86)\BandiMPEG1
2011-03-28 07:24 . 2011-03-30 11:33 -------- d-----w- c:\program files (x86)\Pando Networks
2011-03-27 16:01 . 2011-03-27 16:01 -------- d-----w- C:\Merit
2011-03-27 15:41 . 2009-04-06 14:52 2134016 ----a-w- c:\windows\SysWow64\cdintf251.dll
2011-03-27 15:40 . 2011-03-28 07:21 -------- d-----w- c:\windows\Crystal
2011-03-27 15:40 . 2011-03-28 07:21 -------- d-----w- c:\program files (x86)\Common Files\Peach
2011-03-27 15:39 . 2011-03-27 15:39 -------- d-----w- c:\program files (x86)\Business Objects
2011-03-27 15:37 . 2011-03-27 15:37 -------- d-----w- c:\program files (x86)\Pervasive Software
2011-03-27 15:36 . 2011-03-28 07:41 -------- d-----w- c:\program files (x86)\Sage Software
2011-03-27 15:30 . 2011-03-27 15:30 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-03-27 15:30 . 2011-03-27 15:30 -------- d-----w- c:\windows\PeachInst
2011-03-25 07:59 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D320B60E-E6F9-4398-8C14-2E9CE618334A}\mpengine.dll
2011-03-20 09:56 . 2011-03-20 09:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-03-20 09:56 . 2011-03-20 09:56 -------- d-----r- c:\program files (x86)\Skype
2011-03-20 09:56 . 2011-03-20 09:56 -------- d-----w- c:\programdata\Skype
2011-03-17 21:23 . 2011-03-17 21:23 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-03-17 21:23 . 2011-03-17 21:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-03-17 21:22 . 2011-03-19 09:10 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-03-17 21:22 . 2011-03-17 21:22 -------- d-----w- c:\windows\SysWow64\xlive
2011-03-17 14:58 . 2011-03-17 17:23 -------- d-----w- c:\programdata\Ubisoft
2011-03-17 14:44 . 2008-10-15 04:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-03-17 14:44 . 2008-10-15 04:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-03-17 14:44 . 2008-10-15 04:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-03-17 14:44 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-03-17 14:44 . 2008-10-15 04:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-03-17 14:44 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-03-16 19:39 . 2001-06-19 15:53 266293 ----a-w- c:\windows\SysWow64\temp.000
2011-03-14 21:08 . 2011-03-14 21:08 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-14 11:49 . 2011-03-14 11:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-14 11:49 . 2011-03-14 11:50 -------- d-----w- c:\programdata\Apple Computer
2011-03-14 11:49 . 2011-03-14 11:49 -------- d-----w- c:\program files (x86)\QuickTime
2011-03-14 11:49 . 2011-03-14 11:49 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-03-14 11:48 . 2011-03-14 11:48 -------- d-----w- c:\programdata\Apple
2011-03-14 11:48 . 2011-03-14 11:48 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-03-14 11:42 . 2011-03-14 11:42 -------- d-----w- c:\programdata\FLEXnet
2011-03-14 11:36 . 2011-03-14 11:37 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-14 11:33 . 2011-03-14 11:33 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-03-13 19:21 . 2011-03-13 19:26 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-03-13 19:17 . 2011-03-13 19:17 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-03-13 19:02 . 2011-03-13 19:02 -------- d-----w- c:\windows\system32\SPReview
2011-03-13 19:01 . 2011-03-13 19:01 -------- d-----w- c:\windows\system32\EventProviders
2011-03-13 14:08 . 2011-03-13 14:08 -------- d-----w- c:\users\JOHNS~1
2011-03-13 12:33 . 2011-03-13 12:34 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-03-13 12:33 . 2011-03-13 12:33 -------- d-----w- c:\program files (x86)\Common Files\PACE Anti-Piracy
2011-03-13 12:19 . 2011-03-16 19:31 -------- d-----w- c:\program files (x86)\Unity
2011-03-13 11:24 . 2011-04-02 11:30 -------- d-----w- c:\program files (x86)\Fraps
2011-03-13 11:08 . 2011-03-13 11:08 -------- d-----w- c:\programdata\Sony
2011-03-13 11:08 . 2011-03-13 11:18 -------- d-----w- c:\program files (x86)\Sony
2011-03-13 11:08 . 2011-03-13 11:08 -------- d-----w- c:\program files\Sony
2011-03-11 17:50 . 2011-03-11 17:51 -------- d-----w- c:\program files (x86)\PCSX2 0.9.7
2011-03-11 12:42 . 2011-03-11 12:42 -------- d-----w- c:\program files (x86)\MiPony
2011-03-09 14:21 . 2011-03-14 11:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-03-09 14:20 . 2011-03-09 14:20 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-03-09 14:19 . 2011-03-09 14:19 -------- d-----w- c:\programdata\McAfee
2011-03-09 11:44 . 2011-03-16 19:29 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-03-09 11:44 . 2011-03-16 19:30 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-03-08 19:55 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-03-08 19:50 . 2011-03-11 17:50 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-08 15:54 . 2011-03-08 15:54 -------- d-----w- c:\program files (x86)\totalcmd
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-03-08 15:54 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-03-08 11:18 . 2011-03-08 11:18 -------- d-----w- c:\programdata\launcher
2011-03-08 11:10 . 2011-03-08 11:10 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-03-08 10:52 . 2009-03-24 17:07 37392 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-03-08 10:51 . 2011-03-08 10:51 -------- d-----w- c:\program files (x86)\Paragon Software
2011-03-08 08:55 . 2011-03-08 08:55 -------- d-----w- c:\program files\Validity Sensors
2011-03-08 08:52 . 2011-03-08 08:52 -------- d-----w- c:\windows\SysWow64\SDA
2011-03-08 08:52 . 2011-03-08 08:53 -------- d-----w- c:\program files (x86)\JMicron
2011-03-08 08:51 . 2009-10-05 07:34 1542656 ----a-w- c:\windows\system32\drivers\athrx.sys
2011-03-08 08:51 . 2011-03-08 08:51 -------- d-----w- c:\program files (x86)\Atheros
2011-03-08 08:51 . 2011-03-08 08:51 -------- d-----w- c:\programdata\Atheros
2011-03-08 08:48 . 2011-02-16 14:11 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-03-08 08:48 . 2011-03-29 12:49 -------- d-----w- c:\program files (x86)\Realtek
2011-03-08 08:48 . 2011-03-28 07:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-03-08 08:47 . 2011-03-08 08:47 -------- d-----w- c:\programdata\ATI
2011-03-08 08:47 . 2011-03-08 08:47 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-03-08 08:47 . 2011-03-08 08:47 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-03-08 08:47 . 2011-03-08 08:47 -------- d-----w- c:\programdata\AMD
2011-03-08 08:47 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-03-08 08:46 . 2011-03-08 08:46 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-03-08 08:43 . 2011-03-08 08:47 -------- d-----w- c:\program files\ATI Technologies
2011-03-08 08:43 . 2011-03-08 08:43 -------- d-----w- c:\program files\ATI
2011-03-08 08:43 . 2011-03-08 08:43 -------- d-----w- c:\program files (x86)\ATI
2011-03-08 08:42 . 2011-03-08 08:42 -------- d-----w- c:\program files\Realtek
2011-03-08 08:41 . 2010-11-23 16:33 300648 ----a-w- c:\windows\system32\drivers\RtHDMIVX.sys
2011-03-08 08:41 . 2010-11-18 13:01 2813544 ----a-w- c:\windows\system32\RtkHDM64.dll
2011-03-08 08:41 . 2010-11-18 13:01 2185832 ----a-w- c:\windows\system32\RHDMEx64.dll
2011-03-08 08:41 . 2010-11-11 11:27 83048 ----a-w- c:\windows\system32\RHCoInst64.dll
2011-03-08 08:41 . 2010-11-08 05:31 97624 ----a-w- c:\windows\system32\RTEEL64H.dll
2011-03-08 08:41 . 2010-11-08 05:31 78680 ----a-w- c:\windows\system32\RTEEG64H.dll
2011-03-08 08:41 . 2010-11-08 05:31 372056 ----a-w- c:\windows\system32\RTEEP64H.dll
2011-03-08 08:41 . 2010-11-08 05:31 310104 ----a-w- c:\windows\system32\RH3DHT64.dll
2011-03-08 08:41 . 2010-11-08 05:31 310104 ----a-w- c:\windows\system32\RH3DAA64.dll
2011-03-08 08:41 . 2010-11-08 05:31 204120 ----a-w- c:\windows\system32\RTEED64H.dll
2011-03-08 08:41 . 2011-03-08 08:42 -------- d--h--w- c:\program files (x86)\Temp
2011-03-08 08:40 . 2011-03-08 08:40 -------- d-----w- c:\program files\Synaptics
2011-03-08 08:38 . 2011-03-08 08:38 -------- d-----w- c:\program files\DIFX
2011-03-08 08:09 . 2011-03-08 08:09 -------- d-----w- c:\program files (x86)\Python27
2011-03-08 08:07 . 2011-03-08 08:07 -------- d-----w- c:\program files (x86)\Driver-Soft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 08:22 . 2009-07-13 23:56 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-03-14 07:41 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2011-03-14 07:41 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-09 14:17 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-10 13:00 . 2011-02-10 13:00 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-02-10 13:00 . 2011-02-10 13:00 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-02-09 12:26 . 2011-02-09 12:26 26712 ----a-w- c:\windows\system32\drivers\johci.sys
2011-02-02 16:11 . 2010-06-09 02:19 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-31 14:04 . 2011-01-31 14:04 174168 ----a-w- c:\windows\system32\drivers\jmcr.sys
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2011-01-26 23:00 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2011-01-26 22:59 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2009-08-18 00:31 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2009-07-13 21:59 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2011-01-26 22:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2009-08-18 00:20 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2009-08-18 00:05 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2011-01-26 22:21 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2011-01-26 22:20 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:14 . 2011-01-26 22:14 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2011-01-26 22:12 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2011-01-26 22:12 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2011-01-26 22:12 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2010-11-18 19:27 . 2010-11-18 19:27 162816 ----a-w- c:\program files (x86)\7z.sfx
2010-11-18 19:27 . 2010-11-18 19:27 152064 ----a-w- c:\program files (x86)\7zCon.sfx
2010-11-18 19:24 . 2010-11-18 19:24 1422336 ----a-w- c:\program files (x86)\7z.dll
2010-11-18 19:11 . 2010-11-18 19:11 387072 ----a-w- c:\program files (x86)\7zG.exe
2010-11-18 19:10 . 2010-11-18 19:10 740352 ----a-w- c:\program files (x86)\7zFM.exe
2010-11-18 19:08 . 2010-11-18 19:08 86016 ----a-w- c:\program files (x86)\7-zip.dll
2010-11-18 19:08 . 2010-11-18 19:08 284160 ----a-w- c:\program files (x86)\7z.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-01_10.50.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 02:37 . 2011-04-01 21:05 33550 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-02 11:31 50954 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-07 06:11 . 2011-04-02 11:31 11448 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-871688123-1330305446-1716116605-1001_UserData.bin
+ 2011-03-06 21:23 . 2011-04-01 11:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-06 21:23 . 2011-03-31 12:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-06 21:23 . 2011-04-01 11:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-06 21:23 . 2011-03-31 12:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-31 12:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-01 11:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-07 06:10 . 2011-04-01 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-07 06:10 . 2011-04-02 11:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-07 06:10 . 2011-04-01 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-07 06:10 . 2011-04-02 11:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-02 11:29 . 2011-04-02 11:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-01 10:01 . 2011-04-01 10:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-02 11:29 . 2011-04-02 11:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-01 10:01 . 2011-04-01 10:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-07 17:52 . 2011-04-02 10:49 260040 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2011-04-02 11:28 629000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-04-01 10:00 629000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-08 11:14 . 2011-04-02 11:28 1916640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-03-07 136176]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 71125392;71125392 Boot Guard Driver;c:\windows\system32\DRIVERS\71125392.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 71125391;71125391;c:\windows\system32\DRIVERS\71125391.sys [x]
S1 setup_9.0.0.722_28.03.2011_04-16drv;setup_9.0.0.722_28.03.2011_04-16drv;c:\windows\system32\DRIVERS\7112539.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-07 1926448]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871688123-1330305446-1716116605-1001Core.job
- c:\users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 12:20]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871688123-1330305446-1716116605-1001UA.job
- c:\users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 12:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\John S. Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - mipony-plugin Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Veoh Web Player Community Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
FF - Ext: mipony-plugin Community Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - %profile%\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
Completion time: 2011-04-02 14:44:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-02 11:44
ComboFix2.txt 2011-04-01 11:02
.
Pre-Run: 116 244 627 456 bytes free
Post-Run: 116 197 937 152 bytes free
.
- - End Of File - - 1D77015145FE47E3F1D530E99ACFA876

0

Looks ok, but I need you to get those files scanned as soon as possible.

How is the computer at the moment?

=============

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
0

Well apart from the obvious major faults I can access the Internet and read your forum, which is good.

I downloaded OTL.exe but I get this error message:

Application Error
Exception EOleSysError in module OTL.exe at 000571A5.
Class not registered.

0

Hey crunchie!

Mm I get the following error when running lichtinsdunkel.exe:

Application Error
Exception EOleSysError in module lichtinsdunkel.exe at 000571A5.
Class not registered

:(

0

Do you have your Operating System CD? If so, try the following:

Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your CD if/when requested.

0

Hey mate,

Sorry I haven't replied in a while. I couldn't access my laptop for some time, but now I'm back online.

I tried to copy these files to my flashdrive and external hdd but the system says that these files do not exist. I'm talking about these files.

c:\windows\system32\drivers\71125392.sys
c:\windows\system32\drivers\7112539.sys
c:\windows\system32\drivers\71125391.sys

I also tried this:
"Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your CD if/when requested."

I enter the command, a window pops up and disappears. It only flashes.

//EDIT
I opened the command prompt and inserted the command there and this is the result I got:
Windows Resource Protection could not start the repair service.

Edited by Wman21: n/a

0

if all antimalware fail to resolve the issue the only thing you can do is have a fresh install back up your important data, after you finish reinstall the windows install a license antivirus before you transfer the data back, after you transfer all scan all the data you have... hope it works....

0

ok three month old thread. first post. I registered just to point that I got the same problem... two days trying to solve, tried unhackme, sfc offline in another W7 machine, virus scans... nothing can help it. about to format as last ticket out (and long one).
Maybe the OP got an answer since didnt keep up with the issue? Thanks.

0

ok three month old thread. first post. I registered just to point that I got the same problem... two days trying to solve, tried unhackme, sfc offline in another W7 machine, virus scans... nothing can help it. about to format as last ticket out (and long one).
Maybe the OP got an answer since didnt keep up with the issue? Thanks.

Hi and welcome to the Daniweb forums :).

==========

Try reading the sticky at the top of the forum :)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.