53 replies to this topic

[nemises1236]

hey guys! started an account just so i can resolve this issue that im having. Almost everytime my computer accesses the internet i get a blue screen of death with tcpip.sys error written on it ive got a few minidump files that ill be attaching in a zip file 3 total files. Any help would be greatly appreciated! Ive already tried to uninstall the driver on the integrated lan controller...didnt help not sure what to do at this point so anything would help!

Attached Files

•  032411-17113-01.zip   75.61K   52 downloads

[Broni]

Welcome aboard

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

[nemises1236]

Again Thanks Alot for your time and effort it is GREATLY appreciated!


==================================================
Dump File : 040111-15428-01.dmp
Crash Time : 4/1/2011 2:24:48 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`018b6a14
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+49a14
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\040111-15428-01.dmp
Processors Count : 6
Major Version : 15
Minor Version : 7601
Dump File Size : 276,152
==================================================

==================================================
Dump File : 040111-17128-01.dmp
Crash Time : 4/1/2011 12:35:10 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`01af0a14
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+49a14
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\040111-17128-01.dmp
Processors Count : 6
Major Version : 15
Minor Version : 7601
Dump File Size : 276,152
==================================================

==================================================
Dump File : 032411-17113-01.dmp
Crash Time : 3/24/2011 10:06:30 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff880`28522368
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`0215b0f7
Parameter 4 : 00000000`00000002
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+80640
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\032411-17113-01.dmp
Processors Count : 6
Major Version : 15
Minor Version : 7601
Dump File Size : 276,264
==================================================

[Broni]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
  
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  
• Copy the content of the following box into the main textfield:
  

  :filefind
  tcpip.sys
  

  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[nemises1236]

SystemLook 04.09.10 by jpshortstuff
Log created at 22:34 on 01/04/2011 by Paradox
Administrator - Elevation successful

========== filefind ==========

Searching for "tcpip.sys"
C:\Windows\System32\drivers\tcpip.sys --a---- 1924480 bytes [04:58 12/03/2011] [13:33 20/11/2010] 509383E505C973ED7534A06B3D19688D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys --a---- 1898576 bytes [23:25 13/07/2009] [01:45 14/07/2009] 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys --a---- 1896832 bytes [02:50 11/03/2011] [06:37 14/06/2010] 90A2D722CF64D911879D6C4A4F802A4D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys --a---- 1889152 bytes [02:50 11/03/2011] [06:39 14/06/2010] 542C6767C68C9D6AAACA59436B0D15C2
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys --a---- 1924480 bytes [04:58 12/03/2011] [13:33 20/11/2010] 509383E505C973ED7534A06B3D19688D

-= EOF =-

[Broni]

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Windows\System32\drivers\tcpip.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

[nemises1236]

Antivirus Version Last update Result

AhnLab-V3 2011.04.02.00 2011.04.01 -

AntiVir 7.11.5.168 2011.04.01 -

Antiy-AVL 2.0.3.7 2011.04.01 -

Avast 4.8.1351.0 2011.04.01 -

Avast5 5.0.677.0 2011.04.01 -

AVG 10.0.0.1190 2011.04.01 -

BitDefender 7.2 2011.04.02 -

CAT-QuickHeal 11.00 2011.04.01 -

ClamAV 0.97.0.0 2011.04.01 -

Commtouch None None.. -

Comodo 8189 2011.04.02 -

DrWeb 5.0.2.03300 2011.04.02 -

eSafe None None.. -

eTrust-Vet 36.1.8248 2011.04.01 -

F-Prot 4.6.2.117 2011.04.02 -

F-Secure 9.0.16440.0 2011.04.02 -

Fortinet 4.2.254.0 2011.04.02 -

GData 22 2011.04.02 -

Ikarus T3.1.1.103.0 2011.04.02 -

Jiangmin None None.. -

K7AntiVirus 9.96.4276 2011.04.01 -

McAfee 5.400.0.1158 2011.04.02 -

McAfee-GW-Edition 2010.1C 2011.04.01 -

Microsoft 1.6702 2011.04.01 -

NOD32 6008 2011.04.02 -

Norman 6.07.03 2011.04.01 -

Panda 10.0.3.5 2011.04.01 -

PCTools None None.. -

Prevx 3.0 2011.04.02 -

Rising 23.51.04.06 2011.04.01 -

Sophos 4.64.0 2011.04.02 -

SUPERAntiSpyware 4.40.0.1006 2011.04.02 -

Symantec 20101.3.2.89 2011.04.02 -

TheHacker 6.7.0.1.164 2011.04.01 -

TrendMicro None None.. -

TrendMicro-HouseCall 9.200.0.1012 2011.04.02 -

VBA32 3.12.14.3 2011.04.01 -

VIPRE 8893 2011.04.02 -

ViRobot 2011.4.1.4388 2011.04.01 -

VirusBuster 13.6.282.0 2011.04.01 -

MD5: 13b9ada4397762d0d9b0bcee1fff31c4

SHA1: f9315a726e87bdc361172b700a7523773b232327

SHA256: 0ee256262154b1a74e546b878f4dc7c9b08d64d0fb905fd0bbc9396824a665d0

File size: 44032 bytes

Scan date: 2011-04-02 02:54:12 (UTC)

i left the window open if this isnt all the data but i think its all of it!

[Broni]

You did fine.
Let's try to replace the file with a different copy.
Maybe, it's corrupted.

Download BlitzBlank and save it to your desktop.
Double click on Blitzblank.exe

• Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  
• Click the Script tab and copy/paste the following text there:

CopyFile:
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys C:\Windows\System32\drivers\tcpip.sys

• Click Execute Now. Your computer will need to reboot in order to replace the files.
  
• When done, post the report created by Blitzblank.
  You can find it in the root of the drive, normally C:\

[nemises1236]

this might be easier to read for you....
"Antivirus", "Version", "Last update", "Result"
"AhnLab-V3", "2011.04.02.00", "2011.04.01", "-"
"AntiVir", "7.11.5.168", "2011.04.01", "-"
"Antiy-AVL", "2.0.3.7", "2011.04.01", "-"
"Avast", "4.8.1351.0", "2011.04.01", "-"
"Avast5", "5.0.677.0", "2011.04.01", "-"
"AVG", "10.0.0.1190", "2011.04.01", "-"
"BitDefender", "7.2", "2011.04.02", "-"
"CAT-QuickHeal", "11.00", "2011.04.01", "-"
"ClamAV", "0.97.0.0", "2011.04.01", "-"
"Commtouch", "None", "None..", "-"
"Comodo", "8189", "2011.04.02", "-"
"DrWeb", "5.0.2.03300", "2011.04.02", "-"
"eSafe", "None", "None..", "-"
"eTrust-Vet", "36.1.8248", "2011.04.01", "-"
"F-Prot", "4.6.2.117", "2011.04.02", "-"
"F-Secure", "9.0.16440.0", "2011.04.02", "-"
"Fortinet", "4.2.254.0", "2011.04.02", "-"
"GData", "22", "2011.04.02", "-"
"Ikarus", "T3.1.1.103.0", "2011.04.02", "-"
"Jiangmin", "None", "None..", "-"
"K7AntiVirus", "9.96.4276", "2011.04.01", "-"
"McAfee", "5.400.0.1158", "2011.04.02", "-"
"McAfee-GW-Edition", "2010.1C", "2011.04.01", "-"
"Microsoft", "1.6702", "2011.04.01", "-"
"NOD32", "6008", "2011.04.02", "-"
"Norman", "6.07.03", "2011.04.01", "-"
"Panda", "10.0.3.5", "2011.04.01", "-"
"PCTools", "None", "None..", "-"
"Prevx", "3.0", "2011.04.02", "-"
"Rising", "23.51.04.06", "2011.04.01", "-"
"Sophos", "4.64.0", "2011.04.02", "-"
"SUPERAntiSpyware", "4.40.0.1006", "2011.04.02", "-"
"Symantec", "20101.3.2.89", "2011.04.02", "-"
"TheHacker", "6.7.0.1.164", "2011.04.01", "-"
"TrendMicro", "None", "None..", "-"
"TrendMicro-HouseCall", "9.200.0.1012", "2011.04.02", "-"
"VBA32", "3.12.14.3", "2011.04.01", "-"
"VIPRE", "8893", "2011.04.02", "-"
"ViRobot", "2011.4.1.4388", "2011.04.01", "-"
"VirusBuster", "13.6.282.0", "2011.04.01", "-"
"MD5", "13b9ada4397762d0d9b0bcee1fff31c4"
"SHA1", "f9315a726e87bdc361172b700a7523773b232327"
"SHA256", "0ee256262154b1a74e546b878f4dc7c9b08d64d0fb905fd0bbc9396824a665d0"
"File size", "44032 bytes"
"Scan date", "2011-04-02 02:54:12 (UTC)"

[Broni]

You did fine.
Proceed with my previous reply.

[nemises1236]

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys", destinationFile = "\??\c:\windows\system32\drivers\tcpip.sys"GetDataFromFile: ZwOpenFile failed: status = c0000022
CopyFile: ZwCreateFile failed: status = c0000022

[Broni]

Hmmm....It didn't work.

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.majorgeek...ware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

[nemises1236]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6242

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

4/1/2011 11:14:26 PM
mbam-log-2011-04-01 (23-14-26).txt

Scan type: Quick scan
Objects scanned: 174333
Time elapsed: 1 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-----restarting computer now be back soon!

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  
  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  
• Do not reboot until instructed.
  
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[nemises1236]

i assume also that its alright for me to enable antivirus now
ComboFix 11-04-01.01 - Paradox 04/01/2011 23:31:42.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6324 [GMT -4:00]
Running from: c:\users\Paradox\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\AutoRun.ini
c:\windows\XSxS
.
----- BITS: Possible infected sites -----
.
hxxp://ddnidownloads2.net
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 03:34 . 2011-04-02 03:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-02 03:12 . 2011-04-02 03:12 -------- d-----w- c:\programdata\Malwarebytes
2011-04-02 03:12 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-02 03:12 . 2011-04-02 03:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-02 03:12 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 18:53 . 2011-03-31 18:53 -------- d-----w- c:\program files (x86)\Diamond One Touch Video Capture Software
2011-03-31 18:51 . 2011-03-31 18:51 -------- d-----w- c:\program files (x86)\Mydrv
2011-03-31 18:51 . 2007-06-08 04:06 276480 ----a-w- c:\windows\system32\drivers\dmdcap.sys
2011-03-31 18:50 . 2011-03-31 18:50 -------- d-----w- c:\program files (x86)\Diamond VC500 WinXPVista7 Installation
2011-03-31 04:09 . 2011-03-31 04:09 -------- d-----w- c:\programdata\InstallShield
2011-03-31 04:09 . 2011-03-31 04:09 -------- d-----w- c:\program files (x86)\Windows Media Components
2011-03-31 04:09 . 2011-03-31 04:51 -------- d-----w- c:\programdata\Ulead Systems
2011-03-31 04:09 . 2011-03-31 04:09 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2011-03-31 04:09 . 2011-03-31 04:09 -------- d-----w- c:\program files (x86)\Ulead Systems
2011-03-31 04:03 . 2011-03-31 18:54 -------- d-----w- c:\program files (x86)\One Touch Video Capture
2011-03-27 02:21 . 2011-03-27 02:21 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-03-26 23:45 . 2011-03-26 23:45 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-03-26 23:45 . 2011-03-26 23:45 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-03-25 23:16 . 2011-03-25 23:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-03-24 22:19 . 2011-03-24 22:19 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
2011-03-24 18:28 . 2011-03-24 18:28 -------- d-----w- c:\programdata\ATI
2011-03-24 18:27 . 2011-03-24 18:27 -------- d-----w- c:\programdata\AMD
2011-03-24 18:25 . 2010-02-18 13:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-03-24 18:25 . 2011-03-24 18:25 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-03-24 17:18 . 2011-03-24 17:18 -------- d-----w- c:\programdata\DDD
2011-03-24 17:18 . 2011-03-24 17:19 -------- d-----w- c:\program files (x86)\TriDef 3D
2011-03-23 18:46 . 2011-03-23 18:47 -------- d-----w- c:\program files (x86)\CyberLink
2011-03-22 16:36 . 2011-03-22 16:36 -------- d-----w- c:\program files (x86)\Windows Sidebar
2011-03-22 16:36 . 2011-03-04 21:32 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-22 16:36 . 2011-03-04 21:28 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-03-22 16:36 . 2011-03-04 21:28 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-03-22 16:36 . 2011-03-04 21:28 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-22 16:36 . 2011-03-04 21:28 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-03-22 16:36 . 2011-03-22 16:36 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-03-22 16:35 . 2011-03-22 16:36 -------- d-----w- c:\programdata\TuneUp Software
2011-03-22 16:35 . 2011-03-22 16:35 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-21 18:54 . 2007-09-07 21:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
2011-03-21 18:54 . 2007-03-28 22:26 65536 ----a-w- c:\windows\SysWow64\EEBUtil.dll
2011-03-21 18:54 . 2006-12-19 22:31 110592 ----a-w- c:\windows\SysWow64\EEBDSCVR.dll
2011-03-21 18:54 . 2006-12-19 22:20 77824 ----a-w- c:\windows\SysWow64\EBAPI.dll
2011-03-21 18:54 . 2003-12-17 05:01 55808 ----a-w- c:\windows\SysWow64\EEBSDKIF.dll
2011-03-21 18:53 . 2011-03-21 18:53 -------- d-----w- c:\program files (x86)\EpsonNet
2011-03-21 18:53 . 2010-09-13 19:01 538112 ----a-w- c:\windows\system32\ensppui.dll
2011-03-21 18:53 . 2010-09-13 19:01 538112 ----a-w- c:\windows\system32\enppui.dll
2011-03-21 18:53 . 2010-09-13 19:00 558592 ----a-w- c:\windows\system32\ensppmon.dll
2011-03-21 18:53 . 2010-09-13 19:00 558592 ----a-w- c:\windows\system32\enppmon.dll
2011-03-21 18:53 . 2008-06-18 15:49 250880 ----a-w- c:\windows\system32\enspres.dll
2011-03-21 18:53 . 2008-06-18 15:49 250880 ----a-w- c:\windows\system32\enpres.dll
2011-03-21 18:52 . 2011-03-21 18:52 -------- d-----w- c:\program files (x86)\Epson Software
2011-03-21 18:51 . 2009-05-01 04:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2011-03-21 18:51 . 2009-05-01 04:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2011-03-21 18:51 . 2008-11-17 04:00 459776 ----a-w- c:\windows\system32\esxwiaud.dll
2011-03-21 02:44 . 2011-02-17 21:21 228272 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-03-21 02:44 . 2011-02-17 21:21 56688 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-03-21 02:38 . 2011-03-21 02:38 -------- d-----w- c:\program files (x86)\Project64 1.6
2011-03-19 19:25 . 2011-03-19 19:25 -------- d-----w- c:\program files (x86)\Cisco
2011-03-19 19:25 . 2009-03-31 18:31 380928 ----a-w- c:\windows\RtlUI2.exe
2011-03-19 19:25 . 2011-03-19 19:25 -------- d-----w- c:\program files (x86)\Airlink101
2011-03-19 19:25 . 2009-04-02 14:27 188416 ----a-w- c:\windows\SysWow64\RTLExtUI.dll
2011-03-19 19:25 . 2009-02-05 06:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2011-03-19 19:25 . 2008-07-01 16:31 614400 ----a-w- c:\windows\SysWow64\Rtlihvs.dll
2011-03-19 00:26 . 2011-03-19 01:55 -------- d-----w- c:\program files (x86)\Google
2011-03-18 03:16 . 2011-03-18 03:16 -------- d-----w- c:\program files (x86)\DVDFab 8
2011-03-18 01:09 . 2011-03-18 01:09 -------- d-----w- c:\programdata\SlySoft
2011-03-18 01:09 . 2011-03-18 19:23 -------- d-----w- c:\program files (x86)\SlySoft
2011-03-18 00:36 . 2011-03-18 00:36 -------- d-----w- c:\program files (x86)\Handbrake
2011-03-17 21:41 . 2011-03-23 18:47 -------- d-----w- c:\programdata\CyberLink
2011-03-17 21:40 . 2011-03-17 21:40 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2011-03-17 21:40 . 2011-03-23 18:45 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-03-17 21:40 . 2011-03-23 18:45 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-03-17 21:40 . 2011-03-23 18:45 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-03-17 20:20 . 2011-03-17 20:20 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2011-03-17 05:02 . 2011-03-17 05:03 -------- d-----w- c:\windows\SysWow64\PolarClock3 dir
2011-03-17 05:02 . 2011-03-17 05:02 201728 ----a-w- c:\windows\SysWow64\PolarClock3.scr
2011-03-17 04:30 . 2011-01-19 21:47 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2011-03-17 04:30 . 2011-03-17 04:30 -------- d-----w- c:\program files\CPUID
2011-03-17 04:14 . 2011-03-17 04:14 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-03-17 04:14 . 2011-03-17 04:14 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-03-17 04:14 . 2011-03-17 04:14 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-03-17 04:14 . 2011-03-17 04:14 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-03-17 04:13 . 2011-03-17 04:13 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-03-17 04:13 . 2011-03-17 04:13 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-03-17 04:13 . 2011-03-27 02:21 -------- d-----w- c:\programdata\Microsoft Help
2011-03-15 18:51 . 2011-04-01 03:12 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-03-15 16:39 . 2011-03-15 16:39 -------- d-----w- c:\programdata\Codemasters
2011-03-15 16:38 . 2011-03-27 02:21 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-03-15 16:38 . 2011-03-15 16:38 -------- d-----w- c:\windows\SysWow64\xlive
2011-03-15 16:34 . 2010-07-28 23:10 1380352 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-03-15 16:34 . 2010-03-02 00:51 17686528 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2011-03-15 16:34 . 2011-03-15 16:34 -------- d-----w- c:\program files (x86)\BRS
2011-03-15 16:33 . 2011-03-15 16:33 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-15 16:33 . 2011-03-15 16:33 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-03-15 16:33 . 2011-03-15 16:33 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-15 16:33 . 2011-03-15 16:33 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-03-15 16:33 . 2011-03-15 16:33 -------- d-----w- c:\program files (x86)\OpenAL
2011-03-15 16:33 . 2010-08-18 15:10 809560 ----a-r- c:\windows\SysWow64\tmpCE83.tmp
2011-03-15 12:14 . 2011-03-15 12:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-03-15 12:12 . 2011-03-15 12:12 -------- d-----w- c:\programdata\McAfee
2011-03-15 04:56 . 2011-03-15 04:56 -------- d-----w- c:\windows\SysWow64\config\systemprofile\fontconfig
2011-03-15 04:51 . 2011-03-15 04:51 -------- d-----w- c:\program files (x86)\Xenocode
2011-03-15 04:49 . 2011-03-15 04:49 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2011-03-15 04:48 . 2011-03-15 04:48 74752 ----a-w- c:\windows\system32\CLEyeDevices.dll
2011-03-15 04:48 . 2011-03-15 04:48 -------- d-----w- c:\program files (x86)\Code Laboratories
2011-03-15 04:31 . 2011-03-20 23:42 -------- d-----w- c:\program files (x86)\PS3 Media Server
2011-03-15 04:27 . 2010-12-06 16:00 164008 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-03-15 04:27 . 2011-03-15 04:27 -------- d-----w- c:\program files\Intel
2011-03-14 13:41 . 2009-09-04 21:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-14 13:40 . 2009-09-04 21:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-13 23:03 . 2011-03-22 19:28 -------- d-----w- c:\program files (x86)\Stereoscopic Player
2011-03-12 22:11 . 2011-03-12 22:11 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-12 22:00 . 2011-03-12 22:00 -------- d-----w- c:\windows\PCHEALTH
2011-03-12 19:57 . 2011-03-12 19:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-03-12 19:56 . 2011-03-12 19:56 -------- dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2011-03-12 06:49 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-03-12 06:49 . 2011-03-12 06:49 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-03-12 06:49 . 2011-03-12 06:51 -------- d-----w- c:\program files (x86)\Winamp
2011-03-12 05:51 . 2011-03-12 05:51 -------- d-----w- c:\programdata\MagicSoftware
2011-03-12 05:48 . 2011-03-12 05:48 -------- d-----w- c:\program files\Airytec
2011-03-12 04:59 . 2011-03-12 04:59 -------- d-----w- c:\windows\system32\SPReview
2011-03-12 04:59 . 2011-03-12 04:59 -------- d-----w- c:\windows\system32\EventProviders
2011-03-12 04:59 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-12 04:59 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-03-12 04:57 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-12 04:57 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-12 04:57 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-01 03:06 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-01 03:06 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-12 05:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-12 05:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-17 21:21 . 2011-02-17 21:21 156080 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-02-17 21:21 . 2011-02-17 21:21 320816 ------w- c:\windows\system32\VBoxNetFltNotify.dll
2011-01-27 04:37 . 2011-01-27 04:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-27 04:22 . 2011-01-27 04:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-27 04:00 . 2011-01-27 04:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-27 04:00 . 2011-01-27 04:00 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-27 03:59 . 2011-01-27 03:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-27 03:59 . 2011-01-27 03:59 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-27 03:56 . 2011-01-27 03:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-27 03:56 . 2011-01-27 03:56 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-27 03:55 . 2011-01-27 03:55 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-27 03:54 . 2011-01-27 03:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-27 03:54 . 2011-01-27 03:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-27 03:53 . 2011-01-27 03:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-27 03:53 . 2011-01-27 03:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-27 03:53 . 2011-01-27 03:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-27 03:53 . 2011-01-27 03:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-27 03:53 . 2011-01-27 03:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-27 03:49 . 2011-01-27 03:49 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-27 03:40 . 2011-01-27 03:40 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-27 03:32 . 2011-01-27 03:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-27 03:32 . 2011-01-27 03:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-01-27 03:32 . 2011-01-27 03:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-27 03:28 . 2011-01-27 03:28 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-27 03:27 . 2011-01-27 03:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-27 03:27 . 2011-01-27 03:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-27 03:27 . 2011-01-27 03:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-27 03:27 . 2011-01-27 03:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-27 03:27 . 2011-01-27 03:27 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-27 03:25 . 2011-01-27 03:25 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-27 03:24 . 2011-01-27 03:24 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-27 03:22 . 2011-01-27 03:22 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-27 03:20 . 2011-01-27 03:20 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-27 03:14 . 2011-01-27 03:14 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-27 03:14 . 2011-01-27 03:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-27 03:13 . 2011-01-27 03:13 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-27 03:13 . 2011-01-27 03:13 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-27 03:13 . 2011-01-27 03:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-27 03:13 . 2011-01-27 03:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-27 03:13 . 2011-01-27 03:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-27 03:13 . 2011-01-27 03:13 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-27 03:12 . 2011-01-27 03:12 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-27 03:12 . 2011-01-27 03:12 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-27 03:12 . 2011-01-27 03:12 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-27 03:12 . 2011-01-27 03:12 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-27 03:11 . 2011-01-27 03:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-27 03:08 . 2011-01-27 03:08 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-27 03:08 . 2011-01-27 03:08 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-27 03:08 . 2011-01-27 03:08 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-27 03:08 . 2011-01-27 03:08 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-01-12 02:04 . 2011-01-12 02:04 225280 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-01-12 01:56 . 2011-01-12 01:56 845944 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-01-12 01:56 . 2011-01-12 01:56 836216 ----a-w- c:\windows\system32\accesor.dll
2011-01-12 01:24 . 2011-01-12 01:24 217208 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-01-12 01:01 . 2011-01-12 01:01 2518136 ----a-w- c:\windows\system32\ncscolib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Paradox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Paradox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Paradox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Paradox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"HP KEYBOARDg"="c:\program files (x86)\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE" [2009-07-23 701592]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"UVS10 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-11-5 2717024]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-3-11 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"BCSSync"="e:\applications\office\Office14\BCSSync.exe" /DelayServices
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 136176]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2010-10-31 179712]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2010-10-31 179712]
R3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-05-21 52352]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\applications\office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2010-01-12 217088]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-05-21 136616]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1205000.07D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1205000.07D\SYMEFA64.SYS [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-03-10 1124472]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1205000.07D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1205000.07D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/23 14:47];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 13:11 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-01-05 46592]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe [2010-04-16 36864]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-04 2026304]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cmudaxp;Claro halo Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 e1qexpress;Intel® PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-03-11 132656]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 SaiK0CFA;SaiK0CFA;c:\windows\system32\DRIVERS\SaiK0CFA.sys [x]
S3 SaiU0CFA;SaiU0CFA;c:\windows\system32\DRIVERS\SaiU0CFA.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
S3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\DRIVERS\dmdcap.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-03-11 16:28]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 00:26]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 00:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Paradox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Paradox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Paradox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Paradox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2010-10-08 8761344]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=10626&l=dis&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - e:\applic~1\office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\applic~1\office\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Paradox\AppData\Roaming\Mozilla\Firefox\Profiles\w2tqz43i.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PolarClock3 - c:\windows\system32\PolarClock3.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-927836656-1060943742-265711569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{31E5A497-03ED-58D5-C9A4-9A93E2A128BC}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-927836656-1060943742-265711569-1000\Software\SecuROM\License information*]
"datasecu"=hex:af,d2,e6,da,64,5b,fe,fa,36,a7,47,2b,7e,85,1d,58,1a,40,8e,b5,c1,
2e,d8,a4,c3,02,29,0e,2c,8f,1c,99,da,aa,67,7c,91,7d,0d,8b,5b,ce,6a,a4,cd,e3,\
"rkeysecu"=hex:33,be,fa,21,cd,53,4e,25,f8,69,90,1c,22,ff,cb,b0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-01 23:36:16
ComboFix-quarantined-files.txt 2011-04-02 03:36
.
Pre-Run: 27,375,128,576 bytes free
Post-Run: 27,129,004,032 bytes free
.
- - End Of File - - 32F47311BF889D568CEA069C033CA1E3

[Broni]

Quote

i assume also that its alright for me to enable antivirus now

Yes.
Let me take a look at Combofix log.

[Broni]

Combofix log looks fine now.
Can you check on the issue?
If it's still there, we'll try replace tcpip.sys file using Combofix.

[nemises1236]

yeah gimmie a few secs it seems to always happen when transfering files over LAN

[Broni]

OK.

[nemises1236]

Oh yeah instantly went to my fav Blue screen! ;)