BleepingComputer.com: I need help getting this virus off of my pc

I know it said not to run combofix unless someone asks you to but I work on computers a lot so I took my own risks and did it anyhow. I have my logs if someone is willing to look at them for me.

I don't have any pirated software on my pc or installed.

The virus is the dllhost virus. I have used rkill plus malwarebytes, mse, and synametic virus to try and remove it. It says that it does; however, randomly it keeps coming back. Anyone want to help a young lad?

This post has been edited by Budapest: 10 July 2011 - 05:32 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• Please Do not Attach logs or put in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can help also.
  
• Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
  
• Click the Disable button to disable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:


Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.


• Double-Click on dds.scr and a command window will appear. This is normal.
  
• Shortly after two logs will appear:
  
  • DDS.txt
    
  • Attach.txt
  
  
• A window will open instructing you save & post the logs
  
• Save the logs to a convenient place such as your desktop
  
• Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

• Please Download Rootkit Unhooker Save it to your desktop.
  
• Now double-click on RKUnhookerLE.exe to run it.
  
• Click the Report tab, then click Scan.
  
• Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  
• Wait till the scanner has finished and then click File, Save Report.
  
• Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

In your next post I need the following


• .logs from DDS
  
• log from RKUnHooker
  
• let me know of any problems you may have had

Gringo

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
  
• do you need more time?
  
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Let me have the reports when ready



gringo

Defogger


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:59 on 05/08/2011 (Ken)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


DDS



C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
mRun: [SmithMicro QLM] "c:\program files\us cellular\quicklink mobile\QLM.exe" -a
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to AMV Convert Tool... - c:\program files\mp3 player utilities 3.81\amvconverter\grab.html
IE: Add to Media Manager... - c:\program files\mp3 player utilities 3.81\mediamanager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: Interfaces\{1CF4CFBF-E8BC-404D-AFBB-DE73EBB1BF4E} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{C844533E-8B34-4027-ABCB-5E7B8DC922C6} : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{C844533E-8B34-4027-ABCB-5E7B8DC922C6}\353484D294130303436313 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{C844533E-8B34-4027-ABCB-5E7B8DC922C6}\353484D294530303F553035313 : DhcpNameServer = 192.168.16.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\apvphhkb.default\
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl4367e974;MpKsl4367e974;c:\programdata\microsoft\microsoft antimalware\definition updates\{ef1dd32c-1614-4feb-b127-a43a3997ce50}\MpKsl4367e974.sys [2011-8-5 28752]
R1 MpKslc700c31d;MpKslc700c31d;c:\programdata\microsoft\microsoft antimalware\definition updates\{ef1dd32c-1614-4feb-b127-a43a3997ce50}\MpKslc700c31d.sys [2011-8-5 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2011-1-26 827616]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-31 105592]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-24 167936]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-3-24 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-29 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CASMSI;SMSI Con App Svc;c:\program files\us cellular\quicklink mobile\ConAppsSvc.exe [2008-9-25 124184]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2011-5-20 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2011-5-20 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2011-5-20 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2011-5-20 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2011-5-20 113680]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-3-24 171008]
S3 SMSIRcAppSvc;SMSI Rc App Svc;c:\program files\us cellular\quicklink mobile\RcAppSvc.exe [2008-9-25 111896]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-29 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-29 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-29 136680]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-27 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-26 1343400]
.
=============== Created Last 30 ================
.
2011-08-05 14:02:54 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ef1dd32c-1614-4feb-b127-a43a3997ce50}\MpKsl4367e974.sys
2011-08-05 13:54:02 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ef1dd32c-1614-4feb-b127-a43a3997ce50}\MpKslc700c31d.sys
2011-08-05 07:01:07 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ef1dd32c-1614-4feb-b127-a43a3997ce50}\mpengine.dll
2011-08-05 07:00:39 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-08-03 18:42:18 319488 ----a-w- c:\windows\HideWin.exe
2011-07-18 05:46:42 -------- d-----w- c:\users\ken\appdata\local\uTorrent
2011-07-13 13:47:27 2334208 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-06-22 05:14:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 21:46:10 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 02:53:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-09 01:29:40 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-05-09 01:29:40 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
.





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/24/2011 9:32:10 AM
System Uptime: 8/5/2011 10:01:38 AM (0 hours ago)
.
Motherboard: TOSHIBA | | NBWAA
Processor: Intel® Celeron® CPU 900 @ 2.20GHz | U2E1 | 2194/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 88.179 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 37 GiB total, 0.042 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslaef88bcf
Device ID: ROOT\LEGACY_MPKSLAEF88BCF\0000
Manufacturer:
Name: MpKslaef88bcf
PNP Device ID: ROOT\LEGACY_MPKSLAEF88BCF\0000
Service: MpKslaef88bcf
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl15cc69d3
Device ID: ROOT\LEGACY_MPKSL15CC69D3\0000
Manufacturer:
Name: MpKsl15cc69d3
PNP Device ID: ROOT\LEGACY_MPKSL15CC69D3\0000
Service: MpKsl15cc69d3
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl1e2d5675
Device ID: ROOT\LEGACY_MPKSL1E2D5675\0000
Manufacturer:
Name: MpKsl1e2d5675
PNP Device ID: ROOT\LEGACY_MPKSL1E2D5675\0000
Service: MpKsl1e2d5675
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb56eff62
Device ID: ROOT\LEGACY_MPKSLB56EFF62\0000
Manufacturer:
Name: MpKslb56eff62
PNP Device ID: ROOT\LEGACY_MPKSLB56EFF62\0000
Service: MpKslb56eff62
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl212157ba
Device ID: ROOT\LEGACY_MPKSL212157BA\0000
Manufacturer:
Name: MpKsl212157ba
PNP Device ID: ROOT\LEGACY_MPKSL212157BA\0000
Service: MpKsl212157ba
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb735bd75
Device ID: ROOT\LEGACY_MPKSLB735BD75\0000
Manufacturer:
Name: MpKslb735bd75
PNP Device ID: ROOT\LEGACY_MPKSLB735BD75\0000
Service: MpKslb735bd75
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl671029b6
Device ID: ROOT\LEGACY_MPKSL671029B6\0000
Manufacturer:
Name: MpKsl671029b6
PNP Device ID: ROOT\LEGACY_MPKSL671029B6\0000
Service: MpKsl671029b6
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6966b8d2
Device ID: ROOT\LEGACY_MPKSL6966B8D2\0000
Manufacturer:
Name: MpKsl6966b8d2
PNP Device ID: ROOT\LEGACY_MPKSL6966B8D2\0000
Service: MpKsl6966b8d2
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl70315b3f
Device ID: ROOT\LEGACY_MPKSL70315B3F\0000
Manufacturer:
Name: MpKsl70315b3f
PNP Device ID: ROOT\LEGACY_MPKSL70315B3F\0000
Service: MpKsl70315b3f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl72f1617b
Device ID: ROOT\LEGACY_MPKSL72F1617B\0000
Manufacturer:
Name: MpKsl72f1617b
PNP Device ID: ROOT\LEGACY_MPKSL72F1617B\0000
Service: MpKsl72f1617b
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld2b2ecf1
Device ID: ROOT\LEGACY_MPKSLD2B2ECF1\0000
Manufacturer:
Name: MpKsld2b2ecf1
PNP Device ID: ROOT\LEGACY_MPKSLD2B2ECF1\0000
Service: MpKsld2b2ecf1
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl78d90904
Device ID: ROOT\LEGACY_MPKSL78D90904\0000
Manufacturer:
Name: MpKsl78d90904
PNP Device ID: ROOT\LEGACY_MPKSL78D90904\0000
Service: MpKsl78d90904
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl463fd9fd
Device ID: ROOT\LEGACY_MPKSL463FD9FD\0000
Manufacturer:
Name: MpKsl463fd9fd
PNP Device ID: ROOT\LEGACY_MPKSL463FD9FD\0000
Service: MpKsl463fd9fd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslded076c9
Device ID: ROOT\LEGACY_MPKSLDED076C9\0000
Manufacturer:
Name: MpKslded076c9
PNP Device ID: ROOT\LEGACY_MPKSLDED076C9\0000
Service: MpKslded076c9
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl7a5b4da1
Device ID: ROOT\LEGACY_MPKSL7A5B4DA1\0000
Manufacturer:
Name: MpKsl7a5b4da1
PNP Device ID: ROOT\LEGACY_MPKSL7A5B4DA1\0000
Service: MpKsl7a5b4da1
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl056de8e9
Device ID: ROOT\LEGACY_MPKSL056DE8E9\0000
Manufacturer:
Name: MpKsl056de8e9
PNP Device ID: ROOT\LEGACY_MPKSL056DE8E9\0000
Service: MpKsl056de8e9
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl084c8cf0
Device ID: ROOT\LEGACY_MPKSL084C8CF0\0000
Manufacturer:
Name: MpKsl084c8cf0
PNP Device ID: ROOT\LEGACY_MPKSL084C8CF0\0000
Service: MpKsl084c8cf0
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla031e588
Device ID: ROOT\LEGACY_MPKSLA031E588\0000
Manufacturer:
Name: MpKsla031e588
PNP Device ID: ROOT\LEGACY_MPKSLA031E588\0000
Service: MpKsla031e588
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslfbce869c
Device ID: ROOT\LEGACY_MPKSLFBCE869C\0000
Manufacturer:
Name: MpKslfbce869c
PNP Device ID: ROOT\LEGACY_MPKSLFBCE869C\0000
Service: MpKslfbce869c
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl593dcd16
Device ID: ROOT\LEGACY_MPKSL593DCD16\0000
Manufacturer:
Name: MpKsl593dcd16
PNP Device ID: ROOT\LEGACY_MPKSL593DCD16\0000
Service: MpKsl593dcd16
.
==== System Restore Points ===================
.
RP73: 7/27/2011 12:29:05 PM - Scheduled Checkpoint
RP74: 8/3/2011 5:02:47 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
ASIO4ALL
Audacity 1.3.11 (Unicode)
AuthoringTool 1.0.10A
CCleaner
Cisco NAC Agent
Free Video to MP3 Converter version 4.2.19.324
Grand Theft Auto Vice City
ImTOO 3GP Video Converter
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 14
Junk Mail filter update
Kies mini
Label@Once 1.0
Last.fm 1.5.4.27091
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.0.1200
Messenger Plus! 5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox 4.0.1 (x86 en-US)
MP3 Player Utilities 3.81
MSVCRT
PANTECH UM175 Driver
PlayReady PC Runtime x86
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Skype Launcher
Skype Toolbars
Skype™ 5.1
Symantec Endpoint Protection
Synaptics Pointing Device Driver
The Sims Medieval
The Sims™ 3
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
US Cellular QuickLink Mobile
Utility Common Driver
VLC media player 1.1.8
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.00 (32-bit)
YouTube Downloader 2.7.2
.
==== Event Viewer Messages From Past Week ========
.
8/5/2011 9:55:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/4/2011 7:22:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/3/2011 2:40:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
8/3/2011 12:30:58 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR6.
8/2/2011 9:53:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
8/2/2011 9:05:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/2/2011 10:34:11 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.
8/1/2011 4:26:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR13.
8/1/2011 4:03:21 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR12.
8/1/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/31/2011 2:48:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/31/2011 2:48:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 2:48:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 2:48:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 2:48:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 2:48:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 2:48:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 2:48:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 2:48:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/31/2011 10:04:45 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/30/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/30/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/30/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/30/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/30/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.5854.0&sig=9.196.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/30/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/30/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/30/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/30/2011 10:04:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.92.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.92.0&asdelta=1.109.92.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
7/30/2011 1:50:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR7.
7/29/2011 10:05:36 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
.
==== End Of File ===========================

============= FINISH: 10:06:51.96 ===============



Unhooker


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #1
==============================================
>Drivers
==============================================
0x9702D000 C:\windows\system32\DRIVERS\igdkmd32.sys 6451200 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82E55000 C:\windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82E55000 PnpManager 4268032 bytes
0x82E55000 RAW 4268032 bytes
0x82E55000 WMIxWDM 4268032 bytes
0x9A3A0000 Win32k 2416640 bytes
0x9A3A0000 C:\windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8E42F000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110804.021\NAVEX15.SYS 1572864 bytes (Symantec Corporation, AV Engine)
0x89003000 C:\windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x88C38000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9A832000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x88A11000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x97654000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88E04000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x838E3000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9E356000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9E215000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83803000 C:\windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8398E000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x95C03000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 434176 bytes (Symantec Corporation, SPBBC Driver)
0x8D600000 C:\windows\system32\DRIVERS\RTL8187B.sys 417792 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)
0x95CC8000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x88B6F000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x83B7A000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB4084000 C:\windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x82537000 C:\windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xB4034000 C:\windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9774F000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83B04000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D73A000 C:\windows\System32\Drivers\SRTSP.SYS 303104 bytes (Symantec Corporation, Symantec AutoProtect)
0x83A35000 C:\windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x88F1E000 C:\windows\system32\DRIVERS\tos_sps32.sys 290816 bytes (TOSHIBA Corporation, tos_sps32)
0x9A96D000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x824E2000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x838A1000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x95C6D000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8D666000 C:\windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x8917E000 C:\windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88EBB000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9E2E8000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x9770B000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82E1E000 ACPI_HAL 225280 bytes
0x82E1E000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88B2A000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x824A0000 C:\windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x95D97000 C:\windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x88F75000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x88C00000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8914D000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x82587000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x891CA000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x88DBC000 C:\windows\System32\Drivers\SYMTDI.SYS 184320 bytes (Symantec Corporation, Network Dispatch Driver)
0x977C8000 C:\windows\system32\DRIVERS\Rt86win7.sys 180224 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x88D67000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83AA6000 C:\windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8D713000 C:\windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x88FB8000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x88EF9000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8E5AF000 C:\windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x88AF4000 C:\windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9E2C5000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82418000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9A9DF000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x95D76000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E40C000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8D6F4000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x977A9000 C:\windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x88BCC000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9A230000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x95D26000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x82480000 C:\windows\system32\DRIVERS\teefer2.sys 122880 bytes (Symantec Corporation, Symantec CMC Firewall Teefer2)
0x9A928000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9E323000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9A943000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9E29A000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x825B6000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x95D50000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x97000000 C:\windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x83BE6000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8243A000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x82452000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x82469000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8D7C2000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x825D9000 C:\windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x83B4F000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8E5D4000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110804.021\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x88D92000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9A9C3000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x88BEB000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x83BD4000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x95DE1000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9E2B3000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x88FA7000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9A90C000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88B5E000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x82526000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83AD0000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83888000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x88A00000 C:\windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x88FEA000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x9A95D000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88F65000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x9A9B3000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x83AF4000 C:\windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9779A000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x95D68000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x88DE9000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D7B4000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83B6C000 C:\windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x88DA5000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x824D4000 C:\windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83A27000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8D7E5000 C:\windows\system32\drivers\wpsdrvnt.sys 57344 bytes (Symantec Corporation, Symantec CMC Firewall WPS)
0x95DF3000 C:\windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x82400000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x97018000 C:\windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x83A99000 C:\windows\system32\DRIVERS\LPCFilter.sys 53248 bytes (COMPAL ELECTRONIC INC., LPCFilter)
0x95DCA000 C:\windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9E33E000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D784000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x95D44000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8D7D9000 C:\windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8E400000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83AE9000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x9A91D000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8D7A9000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x83A00000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x97744000 C:\windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x83A8E000 C:\windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x825F0000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9E200000 C:\windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x88B17000 C:\windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x95CB8000 C:\windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x95CAE000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9E3ED000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8E5E8000 C:\windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x95DD7000 C:\windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
0x825CF000 C:\windows\System32\drivers\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x88B21000 C:\windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x88AEB000 C:\windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xB4189000 C:\windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x88DB3000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9A200000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x9A9D6000 C:\windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x83A7D000 C:\windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83899000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83AE1000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x891F7000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BD1000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83A86000 C:\windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D791000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D799000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8D7A1000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x891C2000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8E5F9000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0xB4182000 C:\Users\Ken\AppData\Local\Temp\mbr.sys 28672 bytes
0x8E5F2000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x83B65000 C:\windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8D7F3000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0xB410D000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF1DD32C-1614-4FEB-B127-A43A3997CE50}\MpKsl4367e974.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x95CC2000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF1DD32C-1614-4FEB-B127-A43A3997CE50}\MpKslc700c31d.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xB4113000 C:\windows\System32\Drivers\SYMREDRV.SYS 20480 bytes (Symantec Corporation, Redirector Filter Driver)
0x891BD000 C:\windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x977F4000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8249E000 C:\windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x97025000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================



Well it started when I was downloading an equalizer some time in June and my PC just went ballistic. I thought I fixed it but it is like it's hidden however, it is still here. In fact it comes back whenever it wants to. Most of the time when I reboot my PC MSE and Symatec will detect it. I know it is a dllhost virus and it is hiding itself very good as I've usually been able to get any virus off of my pc.

This post has been edited by blueandigo: 05 August 2011 - 09:28 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

ComboFix 11-08-05.01 - Ken 08/05/2011 14:52:22.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1913.909 [GMT -4:00]
Running from: c:\users\Ken\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 18:58 . 2011-08-05 18:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-05 18:58 . 2011-08-05 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-05 14:02 . 2011-08-05 14:02 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF1DD32C-1614-4FEB-B127-A43A3997CE50}\MpKsl4367e974.sys
2011-08-05 13:54 . 2011-08-05 13:54 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF1DD32C-1614-4FEB-B127-A43A3997CE50}\MpKslc700c31d.sys
2011-08-05 07:01 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF1DD32C-1614-4FEB-B127-A43A3997CE50}\mpengine.dll
2011-08-05 07:00 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-03 18:42 . 2011-08-03 18:42 319488 ----a-w- c:\windows\HideWin.exe
2011-07-22 23:50 . 2011-07-22 23:50 -------- d-----w- c:\users\Ken\AppData\Roaming\dvdcss
2011-07-18 05:46 . 2011-07-18 05:46 -------- d-----w- c:\users\Ken\AppData\Local\uTorrent
2011-07-13 13:47 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2011-03-26 04:47 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-22 05:14 . 2011-06-22 05:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 21:46 . 2011-03-27 05:56 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-05-29 13:11 . 2011-06-21 05:41 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-06-21 05:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 02:53 . 2011-06-15 06:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 10:44 . 2011-06-29 04:47 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-20 15:08 . 2011-05-20 15:08 53248 ----a-r- c:\users\Ken\AppData\Roaming\Microsoft\Installer\{F6E01C9A-621F-41A6-89FE-5FA8270B74BC}\ARPPRODUCTICON.exe
2011-05-09 01:29 . 2011-05-09 01:29 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-05-09 01:29 . 2011-05-09 01:29 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-04-30 03:28 . 2011-03-25 00:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-01-27 483552]
"SmithMicro QLM"="c:\program files\US Cellular\QuickLink Mobile\QLM.exe" [2008-11-03 50456]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl056de8e9;MpKsl056de8e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C886FD6-0E8E-4915-8B7B-D372ADF27FDB}\MpKsl056de8e9.sys [x]
R1 MpKsl084c8cf0;MpKsl084c8cf0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2FAC660-5A7B-4304-8AF9-E4FEDB78A66F}\MpKsl084c8cf0.sys [x]
R1 MpKsl15cc69d3;MpKsl15cc69d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2B2CD6D-9675-4D53-93CD-1785503A13E0}\MpKsl15cc69d3.sys [x]
R1 MpKsl1e2d5675;MpKsl1e2d5675;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AD011D3-ABD5-4C1B-BCF7-AB0959729867}\MpKsl1e2d5675.sys [x]
R1 MpKsl212157ba;MpKsl212157ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FAA338B-025A-4694-A502-1E53A410C0A4}\MpKsl212157ba.sys [x]
R1 MpKsl463fd9fd;MpKsl463fd9fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2547E2F2-515C-4259-89CF-42D046F42B12}\MpKsl463fd9fd.sys [x]
R1 MpKsl593dcd16;MpKsl593dcd16;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBAA3211-E2CA-4BC4-BF4C-8D68D205F879}\MpKsl593dcd16.sys [x]
R1 MpKsl671029b6;MpKsl671029b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CF04CC2-B7D7-468B-8F47-597F677A54FB}\MpKsl671029b6.sys [x]
R1 MpKsl6966b8d2;MpKsl6966b8d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{124D7E1F-BACD-41E2-AEC0-56E689B00AF6}\MpKsl6966b8d2.sys [x]
R1 MpKsl70315b3f;MpKsl70315b3f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7E2DC4B-11E0-4661-8879-BB0D049EEE35}\MpKsl70315b3f.sys [x]
R1 MpKsl72f1617b;MpKsl72f1617b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F33E48B3-D1E9-4C61-8E0D-7465F3DE3A1E}\MpKsl72f1617b.sys [x]
R1 MpKsl78d90904;MpKsl78d90904;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41A3F5F6-18B2-45E7-AD59-313E6D14B255}\MpKsl78d90904.sys [x]
R1 MpKsl7a5b4da1;MpKsl7a5b4da1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9552F359-4222-43E3-B56D-62B011E24EEA}\MpKsl7a5b4da1.sys [x]
R1 MpKsla031e588;MpKsla031e588;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19E33E3A-A8CC-476B-93F1-FAA28F674CA2}\MpKsla031e588.sys [x]
R1 MpKslaef88bcf;MpKslaef88bcf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9552F359-4222-43E3-B56D-62B011E24EEA}\MpKslaef88bcf.sys [x]
R1 MpKslb56eff62;MpKslb56eff62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBAA3211-E2CA-4BC4-BF4C-8D68D205F879}\MpKslb56eff62.sys [x]
R1 MpKslb735bd75;MpKslb735bd75;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9999042-B875-425E-9C1F-3050A67EBF6E}\MpKslb735bd75.sys [x]
R1 MpKsld2b2ecf1;MpKsld2b2ecf1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0E9CBBF-713F-4EE9-9892-0A39508CE300}\MpKsld2b2ecf1.sys [x]
R1 MpKslded076c9;MpKslded076c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3A3AC7C-1EA1-48B7-B76E-C24E6D38AC07}\MpKslded076c9.sys [x]
R1 MpKslfbce869c;MpKslfbce869c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B4DACF0-7B3B-4BC4-960B-2133A6DB6E38}\MpKslfbce869c.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312]
R3 CASMSI;SMSI Con App Svc;c:\program files\US Cellular\QuickLink Mobile\ConAppsSvc.exe [2008-09-25 124184]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2009-08-12 54416]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2009-08-12 160272]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2009-08-12 160272]
R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys [2009-08-12 11920]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2009-08-12 113680]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SMSIRcAppSvc;SMSI Rc App Svc;c:\program files\US Cellular\QuickLink Mobile\RcAppSvc.exe [2008-09-25 111896]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-26 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-16 691696]
S1 MpKsl4367e974;MpKsl4367e974;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF1DD32C-1614-4FEB-B127-A43A3997CE50}\MpKsl4367e974.sys [2011-08-05 28752]
S1 MpKslc700c31d;MpKslc700c31d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF1DD32C-1614-4FEB-B127-A43A3997CE50}\MpKslc700c31d.sys [2011-08-05 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2011-01-27 827616]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-31 105592]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*NewlyCreated* - MPKSL4367E974
*NewlyCreated* - MPNWMON
*Deregistered* - BlackBox
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.81\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 3.81\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.43.1
FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\apvphhkb.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-05 15:01:29
ComboFix-quarantined-files.txt 2011-08-05 19:01
ComboFix2.txt 2011-07-05 14:50
.
Pre-Run: 94,638,374,912 bytes free
Post-Run: 94,666,186,752 bytes free
.
- - End Of File - - A6ADBF1AB90049C5DA7DD30E2C63CCAB

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

2011/08/06 00:46:00.0729 5876 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/06 00:46:02.0735 5876 ================================================================================
2011/08/06 00:46:02.0735 5876 SystemInfo:
2011/08/06 00:46:02.0735 5876
2011/08/06 00:46:02.0735 5876 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/06 00:46:02.0735 5876 Product type: Workstation
2011/08/06 00:46:02.0735 5876 ComputerName: KEN-PC
2011/08/06 00:46:02.0735 5876 UserName: Ken
2011/08/06 00:46:02.0735 5876 Windows directory: C:\windows
2011/08/06 00:46:02.0735 5876 System windows directory: C:\windows
2011/08/06 00:46:02.0735 5876 Processor architecture: Intel x86
2011/08/06 00:46:02.0735 5876 Number of processors: 1
2011/08/06 00:46:02.0735 5876 Page size: 0x1000
2011/08/06 00:46:02.0735 5876 Boot type: Normal boot
2011/08/06 00:46:02.0735 5876 ================================================================================
2011/08/06 00:46:03.0751 5876 Initialize success
2011/08/06 00:46:12.0181 1868 ================================================================================
2011/08/06 00:46:12.0181 1868 Scan started
2011/08/06 00:46:12.0181 1868 Mode: Manual;
2011/08/06 00:46:12.0181 1868 ================================================================================
2011/08/06 00:46:12.0583 1868 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
2011/08/06 00:46:12.0773 1868 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
2011/08/06 00:46:12.0985 1868 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
2011/08/06 00:46:13.0145 1868 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/08/06 00:46:13.0297 1868 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/08/06 00:46:13.0477 1868 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/08/06 00:46:13.0669 1868 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
2011/08/06 00:46:13.0841 1868 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
2011/08/06 00:46:13.0993 1868 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
2011/08/06 00:46:14.0153 1868 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/08/06 00:46:14.0353 1868 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
2011/08/06 00:46:14.0505 1868 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
2011/08/06 00:46:14.0695 1868 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
2011/08/06 00:46:14.0845 1868 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/08/06 00:46:14.0987 1868 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/08/06 00:46:15.0159 1868 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
2011/08/06 00:46:15.0301 1868 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/08/06 00:46:15.0471 1868 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
2011/08/06 00:46:15.0631 1868 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\windows\system32\Drivers\ssadadb.sys
2011/08/06 00:46:15.0821 1868 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
2011/08/06 00:46:15.0991 1868 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/08/06 00:46:16.0143 1868 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/08/06 00:46:16.0315 1868 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/08/06 00:46:16.0497 1868 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
2011/08/06 00:46:16.0679 1868 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/08/06 00:46:16.0829 1868 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/08/06 00:46:16.0971 1868 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/08/06 00:46:17.0153 1868 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/08/06 00:46:17.0303 1868 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
2011/08/06 00:46:17.0455 1868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/08/06 00:46:17.0586 1868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/08/06 00:46:17.0737 1868 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/08/06 00:46:17.0869 1868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/08/06 00:46:17.0999 1868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/08/06 00:46:18.0119 1868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/08/06 00:46:18.0229 1868 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/08/06 00:46:18.0541 1868 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/08/06 00:46:18.0713 1868 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
2011/08/06 00:46:18.0885 1868 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/08/06 00:46:18.0995 1868 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/08/06 00:46:19.0185 1868 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/08/06 00:46:19.0344 1868 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
2011/08/06 00:46:19.0527 1868 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/08/06 00:46:19.0667 1868 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/08/06 00:46:19.0857 1868 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
2011/08/06 00:46:20.0024 1868 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/08/06 00:46:20.0233 1868 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
2011/08/06 00:46:20.0365 1868 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/08/06 00:46:20.0485 1868 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/08/06 00:46:20.0707 1868 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/08/06 00:46:20.0857 1868 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
2011/08/06 00:46:21.0089 1868 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/08/06 00:46:21.0291 1868 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/06 00:46:21.0523 1868 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/08/06 00:46:21.0713 1868 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/06 00:46:21.0903 1868 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
2011/08/06 00:46:22.0043 1868 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/08/06 00:46:22.0173 1868 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/08/06 00:46:22.0315 1868 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/08/06 00:46:22.0447 1868 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/08/06 00:46:22.0579 1868 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/08/06 00:46:22.0700 1868 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/08/06 00:46:22.0861 1868 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/08/06 00:46:23.0003 1868 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/08/06 00:46:23.0123 1868 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/08/06 00:46:23.0293 1868 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
2011/08/06 00:46:23.0533 1868 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/08/06 00:46:23.0683 1868 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/08/06 00:46:23.0835 1868 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
2011/08/06 00:46:23.0987 1868 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
2011/08/06 00:46:24.0107 1868 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/08/06 00:46:24.0237 1868 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/08/06 00:46:24.0367 1868 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/08/06 00:46:24.0689 1868 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
2011/08/06 00:46:24.0981 1868 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
2011/08/06 00:46:25.0191 1868 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
2011/08/06 00:46:25.0463 1868 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
2011/08/06 00:46:25.0663 1868 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
2011/08/06 00:46:25.0927 1868 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/08/06 00:46:26.0179 1868 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
2011/08/06 00:46:27.0233 1868 igfx (315aaaa2bc9bc778adc0454b3ca8dcce) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/08/06 00:46:27.0710 1868 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/08/06 00:46:28.0043 1868 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
2011/08/06 00:46:28.0265 1868 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
2011/08/06 00:46:28.0505 1868 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/08/06 00:46:28.0687 1868 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/08/06 00:46:28.0909 1868 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
2011/08/06 00:46:29.0069 1868 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/08/06 00:46:29.0541 1868 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/08/06 00:46:29.0793 1868 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
2011/08/06 00:46:30.0077 1868 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
2011/08/06 00:46:30.0269 1868 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
2011/08/06 00:46:30.0479 1868 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
2011/08/06 00:46:30.0651 1868 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
2011/08/06 00:46:30.0833 1868 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
2011/08/06 00:46:31.0075 1868 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/08/06 00:46:31.0247 1868 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/08/06 00:46:31.0459 1868 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/08/06 00:46:31.0609 1868 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/08/06 00:46:31.0799 1868 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/08/06 00:46:32.0019 1868 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/08/06 00:46:32.0239 1868 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/08/06 00:46:32.0391 1868 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/08/06 00:46:32.0601 1868 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/08/06 00:46:32.0803 1868 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/08/06 00:46:32.0933 1868 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/08/06 00:46:33.0095 1868 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
2011/08/06 00:46:33.0267 1868 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/08/06 00:46:33.0587 1868 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
2011/08/06 00:46:33.0807 1868 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
2011/08/06 00:46:33.0977 1868 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
2011/08/06 00:46:35.0491 1868 MpKsl709fe403 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AEF8849-7C6B-41DB-A5A0-0E52185E22D0}\MpKsl709fe403.sys
2011/08/06 00:46:36.0693 1868 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/08/06 00:46:36.0833 1868 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/08/06 00:46:36.0975 1868 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
2011/08/06 00:46:37.0155 1868 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/08/06 00:46:37.0307 1868 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/08/06 00:46:37.0469 1868 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/08/06 00:46:37.0721 1868 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
2011/08/06 00:46:37.0881 1868 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
2011/08/06 00:46:38.0033 1868 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/08/06 00:46:38.0169 1868 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/08/06 00:46:38.0306 1868 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
2011/08/06 00:46:38.0498 1868 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/08/06 00:46:38.0640 1868 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/08/06 00:46:38.0820 1868 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/08/06 00:46:38.0942 1868 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/08/06 00:46:39.0132 1868 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
2011/08/06 00:46:39.0262 1868 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/08/06 00:46:39.0454 1868 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/08/06 00:46:39.0616 1868 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/08/06 00:46:39.0908 1868 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/08/06 00:46:40.0130 1868 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110804.021\NAVENG.SYS
2011/08/06 00:46:40.0360 1868 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110804.021\NAVEX15.SYS
2011/08/06 00:46:40.0522 1868 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
2011/08/06 00:46:40.0672 1868 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/08/06 00:46:40.0842 1868 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/08/06 00:46:40.0985 1868 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
2011/08/06 00:46:41.0125 1868 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
2011/08/06 00:46:41.0265 1868 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
2011/08/06 00:46:41.0477 1868 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/08/06 00:46:41.0617 1868 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
2011/08/06 00:46:41.0841 1868 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/08/06 00:46:41.0991 1868 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/06 00:46:42.0181 1868 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/08/06 00:46:42.0323 1868 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/08/06 00:46:42.0495 1868 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
2011/08/06 00:46:42.0666 1868 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/08/06 00:46:42.0827 1868 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
2011/08/06 00:46:43.0019 1868 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
2011/08/06 00:46:43.0199 1868 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
2011/08/06 00:46:43.0393 1868 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
2011/08/06 00:46:43.0655 1868 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/08/06 00:46:43.0855 1868 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
2011/08/06 00:46:43.0995 1868 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/08/06 00:46:44.0177 1868 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
2011/08/06 00:46:44.0347 1868 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
2011/08/06 00:46:44.0477 1868 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/08/06 00:46:44.0617 1868 PCTINDIS5 (d6da0b85889d8236e2a3e80826ad104b) C:\windows\system32\PCTINDIS5.SYS
2011/08/06 00:46:44.0869 1868 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/08/06 00:46:45.0009 1868 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/08/06 00:46:45.0251 1868 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/08/06 00:46:45.0493 1868 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/08/06 00:46:45.0745 1868 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/08/06 00:46:45.0957 1868 PTDUBus (dbaf8a53d7669efb4742896b458181d0) C:\windows\system32\DRIVERS\PTDUBus.sys
2011/08/06 00:46:46.0127 1868 PTDUMdm (fa4e2a5cf478624d3154fb045fb2d076) C:\windows\system32\DRIVERS\PTDUMdm.sys
2011/08/06 00:46:46.0287 1868 PTDUVsp (9c489b38ca13f251289004fe4f8631dd) C:\windows\system32\DRIVERS\PTDUVsp.sys
2011/08/06 00:46:46.0427 1868 PTDUWFLT (37a75ac00d26364a5ea2050a6f85c2d0) C:\windows\system32\DRIVERS\PTDUWFLT.sys
2011/08/06 00:46:46.0569 1868 PTDUWWAN (f4a789a94ff74a47eb321be4465259d0) C:\windows\system32\DRIVERS\PTDUWWAN.sys
2011/08/06 00:46:46.0721 1868 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/08/06 00:46:46.0911 1868 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/08/06 00:46:47.0203 1868 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/08/06 00:46:47.0405 1868 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/08/06 00:46:47.0555 1868 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/08/06 00:46:47.0767 1868 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/08/06 00:46:47.0919 1868 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/08/06 00:46:48.0079 1868 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/08/06 00:46:48.0211 1868 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
2011/08/06 00:46:48.0343 1868 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/08/06 00:46:48.0505 1868 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/08/06 00:46:48.0657 1868 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/08/06 00:46:48.0789 1868 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/08/06 00:46:48.0932 1868 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
2011/08/06 00:46:49.0083 1868 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
2011/08/06 00:46:49.0335 1868 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/08/06 00:46:49.0535 1868 RSUSBSTOR (07f66ca7db9608806ca2ef1970daba58) C:\windows\system32\Drivers\RtsUStor.sys
2011/08/06 00:46:49.0715 1868 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/08/06 00:46:49.0917 1868 RTL8187B (949f74cb383a1d5da67aea9ccd4a8b87) C:\windows\system32\DRIVERS\RTL8187B.sys
2011/08/06 00:46:50.0249 1868 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
2011/08/06 00:46:50.0411 1868 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
2011/08/06 00:46:50.0563 1868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/08/06 00:46:50.0715 1868 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/08/06 00:46:50.0835 1868 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/08/06 00:46:50.0977 1868 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/08/06 00:46:51.0149 1868 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/08/06 00:46:51.0299 1868 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/08/06 00:46:51.0511 1868 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
2011/08/06 00:46:51.0683 1868 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/08/06 00:46:51.0873 1868 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
2011/08/06 00:46:52.0015 1868 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/08/06 00:46:52.0147 1868 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/08/06 00:46:52.0287 1868 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/08/06 00:46:52.0551 1868 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/08/06 00:46:52.0693 1868 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/08/06 00:46:52.0885 1868 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\System32\Drivers\sptd.sys
2011/08/06 00:46:53.0045 1868 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\windows\system32\Drivers\SRTSP.SYS
2011/08/06 00:46:53.0197 1868 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\windows\system32\Drivers\SRTSPL.SYS
2011/08/06 00:46:53.0407 1868 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\windows\system32\Drivers\SRTSPX.SYS
2011/08/06 00:46:53.0577 1868 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
2011/08/06 00:46:53.0749 1868 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
2011/08/06 00:46:53.0939 1868 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
2011/08/06 00:46:54.0109 1868 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\windows\system32\DRIVERS\ssadbus.sys
2011/08/06 00:46:54.0289 1868 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\windows\system32\DRIVERS\ssadmdfl.sys
2011/08/06 00:46:54.0461 1868 ssadmdm (9afaa23421622c392b55508fa9613949) C:\windows\system32\DRIVERS\ssadmdm.sys
2011/08/06 00:46:54.0623 1868 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\windows\system32\DRIVERS\sscdbus.sys
2011/08/06 00:46:54.0803 1868 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\windows\system32\DRIVERS\sscdmdfl.sys
2011/08/06 00:46:54.0975 1868 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\windows\system32\DRIVERS\sscdmdm.sys
2011/08/06 00:46:55.0167 1868 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/08/06 00:46:55.0329 1868 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
2011/08/06 00:46:55.0551 1868 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\windows\system32\Drivers\SYMEVENT.SYS
2011/08/06 00:46:55.0741 1868 SYMREDRV (394b2368212114d538316812af60fddd) C:\windows\System32\Drivers\SYMREDRV.SYS
2011/08/06 00:46:55.0903 1868 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\windows\System32\Drivers\SYMTDI.SYS
2011/08/06 00:46:56.0065 1868 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
2011/08/06 00:46:56.0217 1868 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\windows\SYSTEM32\Drivers\SysPlant.sys
2011/08/06 00:46:56.0409 1868 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\windows\system32\drivers\tcpip.sys
2011/08/06 00:46:56.0709 1868 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\windows\system32\DRIVERS\tcpip.sys
2011/08/06 00:46:56.0861 1868 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
2011/08/06 00:46:57.0053 1868 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/08/06 00:46:57.0163 1868 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
2011/08/06 00:46:57.0305 1868 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
2011/08/06 00:46:57.0507 1868 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
2011/08/06 00:46:57.0659 1868 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\windows\system32\DRIVERS\teefer2.sys
2011/08/06 00:46:57.0799 1868 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
2011/08/06 00:46:58.0041 1868 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/08/06 00:46:58.0243 1868 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/08/06 00:46:58.0413 1868 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
2011/08/06 00:46:58.0575 1868 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
2011/08/06 00:46:58.0705 1868 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/08/06 00:46:58.0845 1868 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/08/06 00:46:59.0039 1868 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
2011/08/06 00:46:59.0211 1868 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
2011/08/06 00:46:59.0411 1868 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
2011/08/06 00:46:59.0563 1868 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/08/06 00:46:59.0755 1868 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
2011/08/06 00:46:59.0917 1868 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
2011/08/06 00:47:00.0169 1868 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
2011/08/06 00:47:00.0309 1868 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
2011/08/06 00:47:00.0479 1868 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
2011/08/06 00:47:00.0611 1868 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/08/06 00:47:00.0743 1868 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/08/06 00:47:00.0895 1868 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/08/06 00:47:01.0027 1868 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
2011/08/06 00:47:01.0169 1868 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\system32\Drivers\usbvideo.sys
2011/08/06 00:47:01.0331 1868 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
2011/08/06 00:47:01.0503 1868 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
2011/08/06 00:47:01.0665 1868 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/08/06 00:47:01.0797 1868 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/08/06 00:47:01.0947 1868 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
2011/08/06 00:47:02.0139 1868 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
2011/08/06 00:47:02.0279 1868 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/08/06 00:47:02.0431 1868 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
2011/08/06 00:47:02.0601 1868 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
2011/08/06 00:47:02.0731 1868 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/08/06 00:47:02.0901 1868 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
2011/08/06 00:47:03.0053 1868 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/08/06 00:47:03.0215 1868 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\System32\drivers\vwifibus.sys
2011/08/06 00:47:03.0425 1868 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/08/06 00:47:03.0565 1868 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/08/06 00:47:03.0729 1868 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/08/06 00:47:03.0859 1868 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/06 00:47:03.0899 1868 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/06 00:47:04.0073 1868 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/08/06 00:47:04.0191 1868 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/08/06 00:47:04.0393 1868 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/08/06 00:47:04.0515 1868 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/08/06 00:47:04.0777 1868 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
2011/08/06 00:47:04.0952 1868 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
2011/08/06 00:47:05.0151 1868 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\windows\system32\drivers\wpsdrvnt.sys
2011/08/06 00:47:05.0283 1868 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\windows\system32\drivers\WpsHelper.sys
2011/08/06 00:47:05.0485 1868 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/08/06 00:47:05.0657 1868 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
2011/08/06 00:47:05.0819 1868 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/08/06 00:47:06.0002 1868 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/08/06 00:47:06.0032 1868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR10
2011/08/06 00:47:06.0084 1868 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR5
2011/08/06 00:47:06.0123 1868 Boot (0x1200) (00aad0640ac55646dcb70221c835d3e6) \Device\Harddisk0\DR0\Partition0
2011/08/06 00:47:06.0146 1868 Boot (0x1200) (42b42916f9eee506c13a888c1e4ddee3) \Device\Harddisk2\DR10\Partition0
2011/08/06 00:47:06.0168 1868 Boot (0x1200) (1839b6596084150479e3826757fb60e2) \Device\Harddisk3\DR5\Partition0
2011/08/06 00:47:06.0184 1868 ================================================================================
2011/08/06 00:47:06.0184 1868 Scan finished
2011/08/06 00:47:06.0184 1868 ================================================================================
2011/08/06 00:47:06.0208 5280 Detected object count: 0
2011/08/06 00:47:06.0209 5280 Actual detected object count: 0

How are things doing at this time


gringo

It's running like it usually does, but I am waiting for the thing to pop back up so I am able to screen cap it for you.

Hello


normal good? or normal bad?


gringo

Normal good

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.1

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.


If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

Your Java is out of date.

It can be updated by the Java control panel

• click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  
• An update should begin;
  
• follow the prompts

Clear your Java Cache

• click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
  
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
    
    
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    
  • Click OK to leave the Temporary Files Window
    
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
  
• Save any unsaved work. TFC will close all open application windows.
  
• Double-click TFC.exe to run the program.
  
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM


• Double-click mbam icon
  
• go to the update tab at the top
  
• click on check for updates
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

• Go Here to download HijackThis Installer
  
• Save HijackThis Installer to your desktop.
  
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed it will launch Hijackthis.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

In your next post I need the following


• Log From MBAM
  
• report from Hijackthis
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo